0

Why is that different wallet generating sites give different public and private keys when you enter the same passphrase even though they both use the same Algorithm (Sha 256)? Thank you P.S. Ok...one site is bitaddress.org and the other site is walletgenerator.net. i tried getting a brainwallet and used the exact passphrase but got different keys. The passphrase was: robertarmenkery. Obliged

kelalaka
  • 48,443
  • 11
  • 116
  • 196
Tony Elhachem
  • 9
  • 2
  • Ok editing done – Tony Elhachem May 26 '21 at 04:56
  • No mouse was used, you can skip this step and there is an option for that, then you press the brainwallet option and it will prompt you to enter a passphrase and confirm it by entering it again, after which your private and public keys are generated, there is no mouse involved in the creation of a brainwallet.so this passphrase no matter where you enter it should always give you the same private and public keys since both sites use the same Algorithm. – Tony Elhachem May 26 '21 at 09:32
  • I am doing it to see if i come up with the same result....stupid or not is not the question – Tony Elhachem May 26 '21 at 09:34
  • Just try to answer the question if you know...otherwise step aside no need for your opinion on whether it is stuipd or not – Tony Elhachem May 26 '21 at 09:37
  • @fgrieu it turns about why the same inputs generate two different outputs for the SHA256 then private and public key generation. It turns out one site always uses ECC point compression the other one provides an option for that. – kelalaka May 26 '21 at 10:50
  • IMHO, If the option is about compression of the keys then clearly yes, If the problem was about an encoding issue ( that was my yesterday's consideration) then clearly [so]. – kelalaka May 26 '21 at 12:02

1 Answers1

1

!!!Caveat, Warning!!!

walletgenerator.net is scam!

Anyways be CAREFUL. It is possible to send BTC to a wallet address which is not belong to you and probably is someones else's wallet (probably coder's wallet!!!)

This is called SCAM or THIEF or STEALING BTC which WalletGenerator.net is doing...

They are the same, bitaddress.org uses an option that you missed; compressed and uncompressed addresses. Turn the compressed address on, then you will get the same values.

They both use base58 while displaying the content when converted to hex

uncompressed

pub  00515da4ade2ea43379043341d158ba1637e695c7b9d942422
priv 8012e29482949d92ef7c159f27065ef7bda744cc0dde8551cc324b312ce6736e24 7af43428

and compressed

pub  00b3f704fd7f30d5868f0e070b7adf75703313775717588aa4
priv 8012e29482949d92ef7c159f27065ef7bda744cc0dde8551cc324b312ce6736e24 01 3445217c

0x08 is always prepended, 0x01 is the indicator for the compression, and the last 4 bytes are trimmed double SHA256 checksum.

Note that generating your private key online is really really a bad idea.

Details

Private key part

In the BrainWallet the password has processed as bytes and a SHA256 hash is produces in hex, then 0x80 prepended as the version number. Both values are double hashed with SHA256 and only the first 8 hex values are used for the checksum. The result is displayed in Base58. The below python code can emulate this;

import hashlib
import base58
import base58
from secp256k1 import PrivateKey, PublicKey
from Crypto.Hash import RIPEMD160

password = 'barinwallet online testing'


hashvalue = hashlib.sha256(bytes(password,'utf-8') ).digest()


#Now Wallet format


##prepend the version


privatekeyAndVersion = '80' +  hashvalue.hex()


print(privatekeyAndVersion)


Now double SHA256 hashing for the checksum


firsHash = hashlib.sha256(bytes.fromhex(privatekeyAndVersion)).digest()
secondHash = hashlib.sha256(firsHash).digest()


thePrivateKey =  privatekeyAndVersion+(secondHash.hex())[:8]


privatekeyWif = base58.b58encode(bytes.fromhex(thePrivateKey))


print(privatekeyWif)

outputs in Base58,

5KPELN8uHrsjijjmLd2KfkMjVD6SZ1tEbP3GRUgbrdT3SF8ouJs

in hex

80 ce7fe0c608b64e1ca3a16a6292ba12c100104e100650e7f07ef767e4a9fdf60a 36b463fc

Public key part

Both the compressed and uncompressed can be used for the generation of the public key this means that each private key has at least two public keys.

#Same import as above and continue to the file...

def getPublicKey(publicKeyBytes):


publicSHA256 = hashlib.sha256(publicKeyBytes).digest()

h = RIPEMD160.new()
h.update(publicSHA256)
hash160 = h.hexdigest()

hash160app = "00"+ hash160

firsHash = hashlib.sha256(bytes.fromhex(hash160app)).digest()
secondHash = hashlib.sha256(firsHash).digest()   

checksum = (secondHash.hex())[:8]         
encoded = "00"+ hash160 + checksum

print("encode BASE58 = ",  base58.b58encode( bytes.fromhex(encoded)) )




privkey = PrivateKey(hashvalue, raw=True)


pubkey_ser = privkey.pubkey.serialize()
pubkey_ser_uncompressed = privkey.pubkey.serialize(compressed=False)
pubkey_ser_compressed = privkey.pubkey.serialize(compressed=True)


getPublicKey(pubkey_ser_uncompressed)
getPublicKey(pubkey_ser_compressed)

This outputs

encode BASE58 =  b'1CCf9cZLuKZRcCacKLScjpLqFN765BFkif'
encode BASE58 =  b'183qCdJNtbzuGcPLrrRZiCo2fn8nJV1Ao4'

So, this matches with bitaddress.org compressed and uncompressed versions.

Important note:

I'm able to get the same values in the walletgenerator, too. This site, however, has a problem that every click to view button produces different values. After many clicks, I'm able to get the same values. Needs to be investigated, since we expect only two public key values, yet the private key values are different.

  • First observation: to see the same result, the number of clicks differs on every instantiation, one had 39 one had 59.

The full code on GitHub.

kelalaka
  • 48,443
  • 11
  • 116
  • 196
  • I've looked the code that, it seems the compression is not working correctly, The uncompressed must start with byte 0x04 and must have x and y points, too. But they are almost the same size. – kelalaka May 26 '21 at 12:11
  • I reopened the question, on your advice that the crux of the question somewhat is cryptographic. But I hate it when, without explanation, we call public key (I presume for secp256k1) something that's 200 bit in your example. If such things are on-topic, at least there should be a link to some doc stating such blatant deviations of standard vocabulary. I heard that in some cryptocurrency "public key" designates the hash of a public key, and can imagine that in others conventionally some bits are forced to something, or omitted and left as an exercise for the verifier to guess. – fgrieu May 26 '21 at 19:20
  • I've posted a bug on the github. They definitely show less, though the internal calculations seem correct. – kelalaka May 26 '21 at 19:23
  • My question was, if you go bitaddrss.org. and enter a passphrase you get a publickey and privatekey. Now if you go to walletgenerator.net and enter the same passphrase you entered in bitaddress you will get a completly different public and private keys than what you got at bitaddtess. This is my question. Why the difference between the two sites eventhoigh they both use the same Algorithm – Tony Elhachem May 26 '21 at 22:34
  • I had tested the brainwallet options as you said in the comments. Now I've looked again and he https://walletgenerator.net/# has changed the page since I was tested. Now every view click generates a new value. The click amount stops after a while. I don't know what they did. Contact the website owners. During my test, it was working! – kelalaka May 26 '21 at 22:46
  • It is stii working. If you go to walletgenerator.net there is an option that says "skip" if you chose that and then press the brainwallet option and enter passphrase you will get a public and private key. Now if you go to bitaddress.org and enter the same passphrase you get different public and private key despite the fact that both site use SHA 256. Why the difference??! – Tony Elhachem May 27 '21 at 07:37
  • I did not say it is not working, I did say the page has changed - the behavior has changed-, I did my test with two different inputs. Forget them for a while, I've posted an issue, even the uncompressed doesn't have correct lenght. The process is well-known, use SHA256 and generate your public key as $[k]G$. – kelalaka May 27 '21 at 07:44
  • @TonyElhachem the effect of the compression here – kelalaka May 27 '21 at 07:47
  • I checked the validity of the keys generated by walletgenerator.net and they seem to be 100% valid. I generated two brain wallets and checked them at blockchain.com and they were accepted and their transaction history and balance were displayed. So they seem to follow industry norms. – Tony Elhachem May 27 '21 at 19:47
  • Dıd you also tested the uncompressed? Did you remember that they need to output the same result? following the bitcoin standard is easy, generate a random and calculate $[random]G$ on the curve. – kelalaka May 27 '21 at 19:56
  • At walletgenerator.net all out is uncompressed. – Tony Elhachem May 27 '21 at 22:36
  • I've updated the answer. See the result. – kelalaka May 30 '21 at 18:19
  • I am sorry but i fail ro see your updatebd answer – Tony Elhachem Jun 01 '21 at 18:53
  • click here or see the link just bottom of the answer. – kelalaka Jun 01 '21 at 18:56