I was wrong about that. Yes, it's actually 1 in 2¹⁶⁰.


First of all let's define the private key's format. Is it going to be hexadecimal or WIF? ^{[the difference]}
Secondly what do you mean by saying crackable by brute force? Are we trying to find his private key or a private key that unlocks his address?
If we assume that you want his private key and that his private key is hexadecimal then a character of the fifth position isn't going to help you. You still have almost 2²⁵² different combinations. (for every hex character you remove you have 2⁴ less combinations)

If you want to find a private key that unlocks his address then, as @o_e_l_e_o wrote, you have 1 in 2¹⁶⁰ on average. To cut a long story short, if he doesn't give you at least 25 hexadecimal characters of his private key then you have less possibilities of finding it than succeeding on an address' brute force.

Knowing 25 hex characters and their positions is 16 times easier than 2¹⁶⁰. It's 1 in 2¹⁵⁶. Still impossible, but easier than the stupidly enormous range of [1, 2¹⁶⁰].

@thirdprize, note that we use the phrase "on average". There may be addresses like this one: 1111111111111111111114oLvT2 that have no private keys that unlocks them. Every address most likely has more than 1 billion, but you can't prove it if you don't try all the possible combinations. It is quite funny to think that there are so many numbers that unlock you 69 bitcoins, but no one knows them. And that happens because most of us can't imagine the largeness of 2¹⁶⁰.

---

^{[the difference]}
Example of a private key in hexadecimal:

Example of a private key in WIF (Wallet Import Format):
(The above works only on mainnet)

A WIF is nothing but the original hex private key encoded in base58 plus some other technical stuff like version byte and checksum. This code shows exactly how we end up with a WIF:


You can read more about the WIF here: https://learnmeabitcoin.com/technical/wif

P.S, o_e_l_e_o is faster.