The good news first. We are going to code a script that outputs random 64 character hexadecimal strings at supersonic speeds, and then we are going to use them to try to bruteforce some Bitcoin addresses.
Bitcoin private keys may be represented by 64 character hexadecimal strings (32 bytes or 256 bits of data; we’ve been over this a couple of times by now), e.g.
In other words, parent extended public keys can’t create hardened child public keys. Because of that, a hardened extended private key is much less useful than a normal extended private key—however, hardened extended private keys create a firewall through which multi-level key derivation compromises cannot happen. Because hardened child. A Bitcoin wallet is as simple as a single pairing of a Bitcoin address with its corresponding Bitcoin private key. Such a wallet has been generated for you in your web browser and is displayed above. To safeguard this wallet you must print or otherwise record the Bitcoin address and private key. It is important to make a backup copy of the private key and store it in a safe.
e7e0e8b007f2fa5e8de4afccfefc649703d67d4568eab5839b86b3d58163d472
Google this one, if you want. For a change, is’s NOT random data. Along with the usual disclaimer: do not use this one IRL.
Without further ado, fire up your favorite text editor, paste the following Python code and save the file as “randomhex”:
As usual, make the script executable by
chmod +x randomhex
and we are ready to try it! The script needs one argument, which much be a positive decimal integer, or the script will give you an error code and quit.
Let’s benchmark the script by having it output 10 million random strings to a text file named “hashes.txt”; also prepend it with the time command, so we can determine how fast it is, like so:
time ./randomhex 10000000 > hashes.txt
That was pretty quick, agreed? On an older notebook, it took us 4.2 seconds to create “hashes.txt”; you should check that the output is right by counting lines with
wc -l hashes.txt
and it should say 10000000. We now have a private key generator monster in our possession.
All good? Unfortunately not. The odds are not in our favor. Remember that a valid private key is any number from 1 to 115 792 089 237 316 195 423 570 985 008 687 907 852 837 564 279 074 904 382 605 163 141 518 161 494 336… that’s not a small keyspace.
Furthermore, leets look up some statistics from today (courtesy bitsapp.com)
Even though more than 630 million addresses have at some point held a positive balance, today only less than 200 thousand addresses hold 1 BTC or more. In other words, finding a needle in a haystack is a walk in the park compared to what we are about to attempt here, namely searching the whole keyspace blindly.
We will combine our beautiful script with the marvelous Brainflayer tool. Specifically, instead of messing around with intermediate hash files (you could use the above script to create billions of strings and the resulting files would be 100 GB or so in size), we will pipe the output straight into Brainflayer. This is not a Brainflayer tutorial, though, so unless you aren’t already fluent in it, you have some reading up to do (elsewhere).
Now, with everything set up, we want to scan 1 billion private keys, randomly created. That has to work, right? Or maybe not, we’ll see. Anyway, here is how to do it in one line (given that you have all prerequisites for Brainflayer in place; parsing the blockchain and setting everything up right takes quite a while):
./randomhex 1000000000 | ./brainflayer -v -b sortedfiles.blf -f sortedfiles.bin -t priv -x -w 12 -o foundkeys.txt
By doing this multithreaded solution (details not here – ask us if you’re interested), we are able to achieve around 450,000 checks per second. It means that the test will take a little more than half an hour to carry out. We’ll show ourselves out to the coffee machine while our poor laptop does the job.
*Pause music*
Alright, done! The notepad is still hot, but the fans are much less noisy than a couple of minutes ago. The results then. Well, what did you expect? Zero, zilch, nada, not a single hit – of course!
We have for the first time had a taste of how insanely large the Bitcoin private keyspace is. As a matter of fact, if all humans on Earth ran this 24/7 for billions of years (which admittedly feels a little improbable) the expected outcome would be the same.
In conclusion, Bitcoin is safe from blind bruteforce attacks, now and forever. But there are other flaws and exploits. Many of them are due to the human factor. A few have been mentioned here before. More will be.
Comments and questions?
One more thing!
Generate Public Key From Private Key Online Bitcoin Free
Consider the donation address at the bottom of the page. We re-invest all contributions into new projects for btcleak.com. Help us create new content and remain ad-free forever. Thank you.