Approximately 18 months ago I became fascinated with the magic of extremely
large numbers and that this is basically what's protecting my bitcoin.
e.g.
https://learnbtc.tech/PowerOfLargeNumber.jpg
In an effort to somewhat "prove" this to myself, I whipped up a script to
run an endless loop generating random public/private keypairs (using the
libbitcoin library) and checking the received "balance" at each address,
and to email me if anything was found. Naturally this script never seemed
to "find" any bitcoin. This was comforting to me, as it meant that my
bitcoin was relatively safe from others doing the same thing.
The meat of the loop is:
$bx = '/usr/local/bin/bx'
$private_key = `$bx seed | $bx ec-new|$bx ec-to-wif`
$public_key = `$bx wif-to-public $private_key`
$address = `$bx ec-to-address $public_key`
$balance = `$bx fetch-balance $address`
I completely forgot about this script, but it's been running all this time
(~18 months), just running in an infinite loop on my desktop linux box.
This morning I woke up to a surprise email that something had been found.
balance
{
address 1CeuzQcb5pmM1PmyoDgV5rfPsJDkAY8ScR
received 1965000
spent 0
}
I used electrum to "import" the associated private key to verify this
amount was accessible. But I didn't move it -- of course I don't want to
steal the poor guy's BTC.
I'm a little bit blown away here. I thought the known universe would hit
end of life before finding anything. If I can get this lucky finding a
needle in a haystack with few lines of Perl code, I don't feel quite as
safe about my bitcoin.
Or might this mean that, despite the fact that it took 18 months to produce
a collision, there might be something nonrandom about the seeding mechanism?
It says mine is Version: 4.0.0, which was the latest version at that time.
Thoughts?
-Mike
::
[Libbitcoin] address collision?
%20and%20checking%20the%20received%20%22balance%22%20at%20each%20address,%0A>%20and%20to%20email%20me%20if%20anything%20was%20found.%20Naturally%20this%20script%20never%20seemed%0A>%20to%20%22find%22%20any%20bitcoin.%20%20This%20was%20comforting%20to%20me,%20as%20it%20meant%20that%20my%0A>%20bitcoin%20was%20relatively%20safe%20from%20others%20doing%20the%20same%20thing.%0A>%20%0A>%20The%20meat%20of%20the%20loop%20is:%0A>%20%0A>%20%24bx%20=%20'/usr/local/bin/bx'%0A>%20%24private_key%20=%20%60%24bx%20seed%20%7C%20%24bx%20ec-new%7C%24bx%20ec-to-wif%60%0A>%20%24public_key%20=%20%60%24bx%20wif-to-public%20%24private_key%60%0A>%20%24address%20=%20%60%24bx%20ec-to-address%20%24public_key%60%0A>%20%24balance%20=%20%60%24bx%20fetch-balance%20%24address%60%0A>%20%0A>%20I%20completely%20forgot%20about%20this%20script,%20but%20it's%20been%20running%20all%20this%20time%0A>%20(~18%20months),%20just%20running%20in%20an%20infinite%20loop%20on%20my%20desktop%20linux%20box.%0A>%20This%20morning%20I%20woke%20up%20to%20a%20surprise%20email%20that%20something%20had%20been%20found.%0A>%20%0A>%20%0A>%20%0A>%20I%20used%20electrum%20to%20%22import%22%20the%20associated%20private%20key%20to%20verify%20this%0A>%20amount%20was%20accessible.%20%20But%20I%20didn't%20move%20it%20--%20of%20course%20I%20don't%20want%20to%0A>%20steal%20the%20poor%20guy's%20BTC.%0A>%20%0A>%20I'm%20a%20little%20bit%20blown%20away%20here.%20I%20thought%20the%20known%20universe%20would%20hit%0A>%20end%20of%20life%20before%20finding%20anything.%20%20If%20I%20can%20get%20this%20lucky%20finding%20a%0A>%20needle%20in%20a%20haystack%20with%20few%20lines%20of%20Perl%20code,%20I%20don't%20feel%20quite%20as%0A>%20safe%20about%20my%20bitcoin.%0A>%20%0A>%20Or%20might%20this%20mean%20that,%20despite%20the%20fact%20that%20it%20took%2018%20months%20to%20produce%0A>%20a%20collision,%20there%20might%20be%20something%20nonrandom%20about%20the%20seeding%20mechanism?%0A>%20%0A>%20It%20says%20mine%20is%20Version:%204.0.0,%20which%20was%20the%20latest%20version%20at%20that%20time.%0A>%20%0A>%20Thoughts?%0A>%20%0A>%20-Mike%0A>%20 "Répondre à ce message")
