Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Technical Support
Merits 2 from 1 user
Re: Why has my newly created Bitcoin address already been used?
by
LoyceV
on 11/05/2020, 14:21:27 UTC
⭐ Merited by o_e_l_e_o (2)
Quote from: PrimeNumber7 on May 10, 2020, 08:22:03 PM
Quote from: LoyceV on May 10, 2020, 03:27:30 PM
You need to trust the software you're using. It's a lot more difficult to compromise a coin flip than it is to compromise a recently sold paper wallet website.
You have to trust software to spend your coin when you spend it. When you sign a message or transaction, you combine what should be a random value with your private key to generate the signature. If you know one, it is trivial to calculate the other with a given signature. Malicious software could possibly leak information via this random value.
That can't be a problem as long as you use the address only once, right?

Whenever I sign a message offline, I use different software to decode the raw transaction and see if it still does what I want. I've never seen a problem there, but it doesn't hurt to be sure.

Quote
Creating a kay "by hand" also has a greater potential to make mistakes.
If only the random part is done "by hand" and the key is generated by software, I don't expect mistakes. But I'd want to make sure the same private key is generated with at least 2 different pieces of software (I imagine malicious software can produce a private key that's not based on your random input).
And just in case, after creating the paper wallet and before funding it, I'd reboot a fresh offline LIVE OS to test if the private key still produces the same address, again using different software.

Quote
The scope of possible attacks is also greater when using a paper wallet than using an encrypted wallet.
So encrypt the paper wallet Smiley

Quote from: PrimeNumber7 on May 10, 2020, 10:21:08 PM
Quote from: o_e_l_e_o on May 10, 2020, 08:41:59 PM
Even if I have the most malicious software wallet in existence on my airgapped computer, there is nothing it can do to steal my coins. If it signs a transaction to the wrong address, for example, I can easily pick that up before moving the transaction to my live computer to be broadcast.
This is not entirely true, see this thread. In addition to leaking your private key, it could leak additional information.
I've seen the scenario before, and you're right. I've consolidated a paper wallet before, sending the funds back to the same wallet.

Quote from: o_e_l_e_o on May 10, 2020, 11:45:39 PM
If the wallet attempts to reuse a k value, as in your example, then I could detect that by reviewing the source code and realizing it is not using a deterministic process for generating the k value, or by generating multiple different transactions and comparing the R values.
Have you ever checked this much before broadcasting a transaction?