/biz/ - Business & Finance

>>5148513
why won't you do it and become a millionaire?

>>5148513
nice just hacked 100k

>>5148513
Man... Electrum dev here, I hadn't thought about that. I guess bitcoin is fucked now, shit. Please don't tell CNBC this, man, please.

>>5148513
Wtf I just lost 100k!

lol yeah man go for it tell us how it goes

>>5148513
nice just hacked 100k

ITS A WRAP BOYS. WERE ALL FUCKED

>>5148513
wtf I love words now

WHERE THE FUCK IS MY BITCOINS!!!111

what dictionary do these kind of apps use, and how large are they?

>>5148679
>>5148513
Your chances of finding a wallet in use are astronomically tiny. There's so many possible combinations that even if everybody on earth had an address, it would still be less likely to find an used address than win the lottery

>>5148513
Nope. The fact that they are words makes it seem like it'd be that easy. But the size of the word list and potential combinations gives you an incredibly low chance of actually getting one in use.

Theoretically possible though I suppose, mitigate by keeping your shit spread out across five different wallets if you have a lot of it. The odds of just one getting guessed is pretty fucking low, but more than that?

wow it worked just got 10 bitcoins

>>5148731
>>5148724
To put it to scale, there's more valid addresses than atoms in the universe. You could bruteforce all day and still not find one in your lifetime.

uhm, did someone just guess my seed? my electrum wallet went to 0

what happens if someone does win the lotto, or gets struck by lightning twice and gets the seed of some poor cunt (me)

what are some ways to not get cyber ganked

>>5148724
>>5148731
there always might be implementation weaknesses, especially if it's just another layer added ontop of the fundamentals (private/public key).

>>5148731
Isn't that also alleviated by multisig wallets? Or how do they work? I assume big wallies and exchanges keep their shit in far secure ways than most of us.

Just calculate it.
It's not 9 possible random digits 24 times.

It's 24 random words out of more than 20 letters with random word length out of tens of thousands of words in random order. Someone do the math. I'm a brainlet

>>5148778
That's less likely as you just getting struck by lightning twice. So I'd worry about that first.

>>5148810
oh fuck god damn it im never leaving the house again

>>5148794
Yeah, if your seed was generated by a malicious generator, you'll easily get ganked. The generator might just put out a predetermined list of seeds and then the host could wait a bit and collect the balances of those seeds

>>5148825
Solid plan

Wow just hacked bitfinex's BTC with OP's method! Thanks!

>>5148778
you're more likely to win the lottery 10 times in a row than for someone to guess your seed

Do you understand how many combinations of 24 words out of the entire dictionary exist? The chances of you correctly guessing a combination that's in use, let alone one for a wallet that actually contains any BTC, is so astronomically tiny that it'll never be worth trying.

>>5148872

>>5148775
I dunno about that many.

https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

2049 words, assuming 12 words are used with no repetition, unless I suck at math (I do), there's 11070093892986773771686797492736 unique combinations.

>>5148845
All I'm saying is it's super easy to fuck up. Just go and check the many way idiots on reddit are generating their IOTA seeds... granted, that's yet another level of human error. But I'd be very careful with using any "custom"/non-official wallet generator or what not. Most people don't really know what they're doing. Hence the sea of guids which opens plenty of room for 1) malignance and 2) incompetence.

>>5148795
Yes that would help as well, like with Ark allowing a second passphrase to be added.

>>5148947
>no repetition
mistake one

>>5148953
theres also bitcoin.com that are actively trying to scam people out of money.

you cant generate a wallet offline.

>>5148967
I don't know whether they repeat or not and I'm not going to sit there spamming the make new button to find out.

IF repetition is allowed (likely desu), then the number is even higher.

>>5148992
>then the number is even higher.
not by much, since 2049 >> (is much greater than) 12 (repetitions)

>>5149018
True, either way, it's fucking high and you have a very low chance of finding it. It's like trying to bruteforce AES128. Sure we could move to AES256 (or 24 words for wallets), but practically there's no real difference.

If it were an option I would take it though.

>>5149051
well, what you don't consider (yet) is that we don't want to find a specific seed. Just a valid/existing one (hopefully with many monies). So we need to divide by that number, which might be considerable in the future.

Gonna try this on my iPhone thanks OP

>>5149101
Yeah but it's still astronomically tiny, and as I already stated you can mitigate this by spreading out over multiple wallets.

>>5148537
WTF i lost 100k

>>5148513
Thanks asshole,I just lost 100k

>>5148513
GOING TO REPORT THIS TO THE FED.

>>5149131
>you can mitigate this by spreading out over multiple wallets.
if everyone does this, then you can divide our hitrate probability by another factor. :)
but yes, these probabilities are out of scope to be really grasped.. human brains suck at this (probabilities/stats) way too much. In theory this is all sound and good. I'm more worried (then again, not really this much with respect to the core software) about the quality of the implementation (of all parts involved).

>>5149275
Implementation is always a concern, but what can you really do about that? The only real security from this is to spread your bitcoin out into other currencies altogether.

You faggots are laughing but OP is literally correct in a long enough time frame. Naturally as more and more seeds are generated the entire system becomes more valuable to brute force. God this board is retarded sometimes.

>>5149368
Yeah but everyone making new seeds now will never have anything worth stealing. All the OGs with 1000s of coins are not about to start making loads of new wallets and moving their shit into it.

Condider there are over 5000 wordsand u can make up some bullshit words, the entropy of 24 words is 5000^24 is approx 5.9*10^88. The probability of finding the same seed is astronomically tiny

>>5149364
>>5149275
you can check the implementation yourself
biggest concern is probably the source of randomness they use to select words
especially if you paranoid about the manufacturers manipulating their randomness implementation on chip

or like the randomness used in the PS3 encryption i think? what was it something like return 6; everytime top kek

>>5149446
Well I'm going to assume Electrum's implementation of random is probably fine. The greater concern is closer to the blockchain and would affect any and all wallets imo.

That and bad hardware wallets that are closed source.

>>5148807
assuming the uniform distribution i'd say it' around 100000^24 = 10^120 or something like that

>>5148992
>I don't know whether they repeat or not
they do repeat, otherwise the distibution wouldn't be uniform (aka there would exist some combination that unlocks multiple wallet)

>>5149543
Wait why is
>(aka there would exist some combination that unlocks multiple wallet)
true?

Also I have always wondered if it were possible for a deterministic seed to generate SOME addresses that clashed with another wallet. Not all but some crossover.

I JUST GOT 100 BTC YOUR A GENIOUS

>>5149368
Long enough = heat death of the universe

>>5148947
That number in seconds equals 350,797,310,620,708,038,333 Millenia

>>5149697
We're a little beyond guessing one per second at the moment.

>>5149565
>Wait why is
>>(aka there would exist some combination that unlocks multiple wallet)
>true?
to rephrase it:
ASSUME that there are no repetition. that means that the 24-words combinations space is smaller than the address-private key space, so it's not 1 to 1. that means there exist some combinations that unlocks multiple wallet, which is impossible, or that some wallets don't have a 24-words combination, which is impossible too. therefore they repeat.

>Also I have always wondered if it were possible for a deterministic seed to generate SOME addresses that clashed with another wallet.
it is possible, but the probability is negligible (that's actually the correct term, you can google it). basically it's so small that you should worry about an asteroid killing you once you go outside rather that getting clashes between wallets

>>5149731
This is slightly off topic, but can you explain how, for example Ark, allows you to add a second 12 word combination to your address to secure it? How is that address not generated from the original 12 word seed only still?

>>5149697
That would be to find a specific key. Divide that by the amount of wallets open, then consider that you can probably try 70-80+ a second on a decent PC.

maybe slightly offtopic: but I don't get the purpose of these word lists anyways. Are you guys really going to trust your fucking brains/memory with this? The reasonable thing is to have the seed written down somewhere, no matter what.
>mfw brains are fucking usless

>>5148778
>>5148810
Just guessed this dude's seed http://mentalfloss.com/article/66863/meet-man-struck-lightning-7-times

>>5148775
And yet the Large Bitcoin Collider has already found a handful of collisions.

>>5149990
yeah, but the chance this happens to *someone*, at *some point* is by far much larger than this happening to *you*

>>5149817
that means that 12 word combination space is bigger than the wallets space. if there are 2 12 words combinations then it's atleast 2 to 1 (but probably bigger, that makes it more secure since some 12 worlds combination doesn't yield wallets at all)

so it's ark's system is a little differnt than btc's. quoting from github of btc's 24 word seeds generation method:
>The described method also provides plausible deniability, because every passphrase generates a valid seed (and thus a deterministic wallet) but only the correct one will make the desired wallet available.

so 24 word combo - btc is 1 to 1, while ark's is atleast 2 to 1. i dont know the details about ark ecosystem, but if you google enough you can find all the implementation documented online and see yourself

>>5149952
The purpose is it's easier to write down the words than the unreadable seed they correspond to. You could write down the private key too if you want but why?

>>5148894
i love these threads because of these posts

but in all honesty guys, you know that every street shitting pajeet on this board probably takes this shit seriously and is working on cracking our keys right now as you read this.
if we could make more threads like this we could distract all of the pajeets and save /biz/ - think about it

>>5150119
Yeah I could I was just hoping for fast answers.

You can 'pay' (a few Ark) and get your address secured with a second phrase. I can only imagine that some change is made within the blockchain that bans the key for the original 12 word passphrase when used with that address and only allows the key made by combining the two phrases from that point on wards. Otherwise I don't see why even after doing so you couldn't regenerate the wallet with the same original 12 words. It's not as if your address is changed.

>>5150134
>unreadable seed
maybe don't print it in comic sans next time?
>but why?
because. It's the actual private key. No layer/middleman inbetween. That's good.
It's okay to worry about security, but I'm also worried about still having access to my wallet in 20 years.

>>5149051
Ledgers have 24 word combos

>>5150242
The seed derives the private key, writing down the private key is retarded because the only way you'll lose it is if the software that generated the private key disappears off the face of the earth.

Look at the shit the Monero wallet creates. You get a human readable seed (words), but also the spendkey/viewkey. The word seed corresponds to the spendkey. You could write down either, but why write down something you have a far higher chance of fucking up when doing so.

>>5150055
https://lbc.cryptoguru.org/man/theory

lbc bruteforce 2^159 space instead of the WAY bigger 2^256 because of some retarded design choices in btc wallet generation algorithm or something

>>5150303
>but why write down something you have a far higher chance of fucking up when doing so.
I SAID BECAUSE!!! REEEEEEEEEEEEEEE

>>5148513

The probability of guessing any given wallet is 1 over X^24, where X is the number of valid dictionary words.

Let's imagine there's only 1000 words that can be used to generate the seed. Go ahead and do the math.