Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: Simple Vanity Address Generator [v0.4]
by
Nyhm
on 20/04/2013, 14:42:35 UTC
Quote from: (A)social on April 19, 2013, 02:50:54 PM
Quote from: Nyhm on December 25, 2012, 08:14:07 PM
Quote from: Luke-Jr on December 24, 2012, 11:35:32 PM
Quote from: pointbiz on December 24, 2012, 11:21:48 PM
Quote from: Luke-Jr on December 24, 2012, 09:07:23 PM
Probably a good idea to take all funds out of keys generated with this program until this risk is resolved...

Can you elaborate? Is the risk lack of entropy in the RNG? the other thread doesn't mention this tool explicitly...
I don't think anyone knows for sure what's up yet. I spoke to TheButterZone on IRC and he said it was this tool.

Although I recognize the theoretical possibility of a collision, I believe the concept that this vanity generator created a collision or has a weakness making collision even remotely possible (to any realistic degree) is baseless speculation. Nonetheless, here is my post on the thread in question. I will follow up in a couple days. Happy holidays.

It happened to me. Three weeks ago I was interested in creating some "serial" vanity addresses. Looking around to find an offline generator, I found Simple Vanity, I knew it was slow (on my netbook it really crawled), but it didn't need compiling to work under Linux, it had a cute GUI, and I just wished to try out with some very short vanity word (mostly acronyms from 2 to 3, maybe 4 characters, excluding the 1).
Used it very occasionally for 3/4 days, then, after it found the nth address I was looking for, I saved it, restarted and after a minute or so it found another one, to my surprise the address was identical to another previous generated one! I stopped using it, and I am afraid it is better to never use that bunch of addresses.

I'm glad you find the interface to be cute, and the app easy to use.

Randomly reproducing an address/key is remarkable - almost inconceivable - so thanks for reporting it. The current version (v0.4) is based on bitcoinj v0.5.2 (rather old). The way it makes keys is to call new ECKey() - that's it (plan to open source next version). Beneath bitcoinj-0.5.2 is bouncycastle (replaced by spongycastle in newer versions of bitcoinj). I haven't investigated the particular random generation, but it should be impossible to produce the results you've observed; therefore it's certainly worth looking into whether bitcoinj could have such a weakness.

I'll bring this up with the bitcoinj folks to see if anyone can offer any further insight.