The title pretty much sums up the question - say (for instance) I have a string of letters or numbers committed to memory, how hard would it be to convert that into a private key? Or similarly, how hard would it be to construct a private key based upon a sentence, mnemonic or otherwise?
Asked
Active
Viewed 2,203 times
8
-
1Not an answer to your question, but a warning: people are very bad at estimating how "random" something is. If you generated a string of characters actually randomly (by a computer), you're probably safe if it is long enough (I wouldn't recommend anything below 128 bit of entropy). Realize that the whole world gets to try an infinite amount of times now and in the future to crack it. – Pieter Wuille Apr 28 '13 at 17:37
-
Thanks for the heads up. I don't intend to use a string of characters, my question was actually a subversive look into the realities of constructing one private key from another (known and randomly generated) key. I had a look at blockchain.info which lets you import a private key with a single modified character, implying that any string is okay, but with a bit more research I found that there is a checksum to ensure validity, and so it isn't as simple as just changing a number. – George Pearce Apr 28 '13 at 17:43
1 Answers
4
Check out http://brainwallet.org/ for an example.
A bitcoin private key is just a 256-bit number. Any algorithm that can convert arbitrary text to a number of that size ought to do.
A rather simple algorithm would be to consider your string as a base 63 number (a-z, A-Z, 0-9 and spaces) and write in binary, take the number modulo 2256, and write in hex.
Or, you take the base 63-to-binary number, raise it to the power ten, bit shift left 20 times, multiply by 8, add 4, bit shift right 50 times, take modulo 2256, convert to hex, and you have a private key.
Or whatever. Try to make it so that the number generated before you calculate it modulo 2256 is much larger than 2256. Otherwise, many of your generated addresses will just be a bunch of zeroes followed by a relatively short hex string.
Manishearth
- 649
- 4
- 14
-
Random question, does brainwallet take the SHA-256 hash of the passphrase to get the secret exponent? – lurf jurv Apr 28 '13 at 16:02
-
@lurfjurv: I think so. No clue, I tried reverseengineering the code but it's minified and complicated. I may try later. – Manishearth Apr 28 '13 at 16:06
-
Thank you - I hadn't seen that website before. So if I had an existing (valid) private key in import format, what would it take to manipulate it into another valid WIF key with a different bitcoin address? – George Pearce Apr 28 '13 at 16:40
-
-
1@gsp92: But yeah, if you take a private key and plug it into brainwallet, you get another private key :) – Manishearth Apr 28 '13 at 16:42
-
Wallet Import Format - and I didn't think of that. That gives the potential to spawn a potentially unlimited number of addresses from a known base key - I like it. – George Pearce Apr 28 '13 at 16:45
-
Another question: say I generate a brainwallet private key and address pair - is this inherently less safe than a randomly generated one? If so, at what point does the length of the passphrase negate this? – George Pearce Apr 28 '13 at 17:53
-
Brainwallets typically take a sha256 hash of a phrase that becomes the private key (simply because they are the same size). From that the public key and address can be calculated. They really should use key strengenthing. If your original phrase can be bruteforced, it isn't safe. – cdm9002 Apr 29 '13 at 19:36
-
What if my original phrase was a string similar in strength to a randomly generated private key? – George Pearce Apr 30 '13 at 11:53
-
@gsp92: It can be anything (well maybe not something with wacky characters) – Manishearth Apr 30 '13 at 11:55
-
I understand that, am interested in how secure a brain wallet generated from a 50 char key would be. I'm thinking as secure as any other random key? – George Pearce Apr 30 '13 at 11:57
-
1@gsp92: yep, pretty much. You lose a bit of entropy since the character set is decreased, but other than that you're fine since the number of characters is huge. – Manishearth Apr 30 '13 at 12:01