profanity icon indicating copy to clipboard operation
profanity copied to clipboard

Published 20 hours ago verified publisher icon johguse

Private key safety

Open k06a opened this issue 3 years ago • 4 comments

Hi, could you elaborate on how private keys are being generated and brute forced? It seems like a reliable random number generator std::mt19937_64 is being fully initialized by unsigned int (https://en.cppreference.com/w/cpp/numeric/random/random_device), which could make it less reliable: https://github.com/johguse/profanity/blob/75afbade7d4e8a54bd97b26249a84d2833a25b58/Dispatcher.cpp#L111

Seems like brute-forcing 2^32 seeds, each for a few seconds on top-notch hardware could expose some keys with 5-6-7 mined symbol.

k06a avatar Jan 17 '22 08:01 k06a

Agree here, should be seeded with 64 bits or else someone may be able to brute force 5-6-7 addrs, especially in the future.

ryley-o avatar Jan 18 '22 05:01 ryley-o

It seems that 1 GPU can do 7 symbols for 1 sec, this means 1000 GPUs can brute force all the 7-symbol vanity addresses in 50 days. This could cost a lot, but the reward could be higher. Moreover, the reward could be pre-estimated.

k06a avatar Jan 20 '22 21:01 k06a

I came here thinking the same thing. This should be a a warning in the README really.

rhamnett avatar May 18 '22 23:05 rhamnett

FUCK

liamzebedee avatar Sep 15 '22 07:09 liamzebedee