Jump to content

Beginners Guide: Creating a Cold Ripple Wallet (3.0)


Mercury
 Share

Recommended Posts

2 minutes ago, Xilobyte said:

@gray there are software engineers, military commanders, crypto scientists and devs if all sorts sitting is this forum. Most of us have written small books to help out the new guys and best instruct them to protect themselves. Most of us are twice your age. There is nothing wrong with stating something intelligent and which you are more experienced in but be sure that you are before you do it. Then pick a positive or negative arguement but don't pick them both. Spend some time and put out some good quality and factual advice. If you don't then us other smarty pants guys will happily correct you.

Please stop trying to posture and attack me ad-hominem. What you said is factually incorrect. I'm not trying to attack you, I'm correcting something you said that was false.

Link to comment
Share on other sites

Just now, gray said:

I don't understand why you're being hostile or why you think I'm trying to prove I'm smart or something. All I did was correct misinformation. It IS possible to generate the same private key twice. Otherwise, deterministic wallets wouldn't exist. Even if you don't have deterministic wallets, it's still possible to generate the same private key twice. A private key is literally just a number encoded in a specific way with some extra flag bits in the front and back, and all a wallet "generator" is doing is supplying a source of "randomness" (by default, most use a CSPRNG or cryptographically-secure pseudorandom number generator), but these sources of randomness are not perfect and the hash functions used to make sure they are all the same length have collisions. Here, read this: https://www.miguelmoreno.net/bitcoin-address-collision/

Like I said before, it's *highly unlikely,* but still *possible.*

And no, the industry won't fall apart, because these things are so unlikely that they can be used as secure. This is the whole basis of modern cryptography. It's just like, when brute force attacking a password or private key, you *could* get lucky and get it right on the first try, no matter how "good" the password is. HOWEVER, that is VERY unlikely, and on average it would take as many attempts as half the key-space for it to occur.

Ok so right back to what you said. I am correcting misinformation. You said it is so you must have some experience beyond the crypto scientist and engineers to prove it.

Link to comment
Share on other sites

Just now, Xilobyte said:

Ok so right back to what you said. I am correcting misinformation. You said it is so you must have some experience beyond the crypto scientist and engineers to prove it.

*facepalm* I don't have experience beyond them. I am sure that if you got one of them to review what I've said, they'd agree with me. I'm not going against anything that isn't already accepted in the science of cryptography. If someone with more knowledge than me explains to me WHY they think what I'm saying is wrong, I will gladly amend what I said.

Link to comment
Share on other sites

3 minutes ago, gray said:

Please stop trying to posture and attack me ad-hominem. What you said is factually incorrect. I'm not trying to attack you, I'm correcting something you said that was false.

Oh i am not attacking you. I want to hear about your experience ir factual knowlege with historical proof that duplicate keys have ever been created. You made the statement not me. You told the op that it was a risk. You told him that he technically must fear his wallet and the act of sending money to it. Now prove to him why he needs to be afraid. I do agree that a poorly created key can occur and therefore be a hackable key. I do not hack keys but it certainly makes sense. However a duplicate is impossible but any computer in the world. There is a reason that they created things the way they did.

Edited by Xilobyte
Link to comment
Share on other sites

2 minutes ago, Xilobyte said:

Oh i am not attacking you. I want to hear about your experience ir factual knowlege with historical proof that duplicate keys have ever been created. You made the statement not me.

I didn't state that duplicate keys have been created. I stated that it's possible. However, let me give you an example of duplicate keys being "created":

https://bitcointalk.org/index.php?topic=421559.0

In fact, there's a whole DefCon talk on the subject:

https://bitcointalk.org/index.php?topic=1148611.0

Link to comment
Share on other sites

16 minutes ago, gray said:

I didn't state that duplicate keys have been created. I stated that it's possible. However, let me give you an example of duplicate keys being "created":

https://bitcointalk.org/index.php?topic=421559.0

In fact, there's a whole DefCon talk on the subject:

https://bitcointalk.org/index.php?topic=1148611.0

You are quoting another forum with a guy stating he accomplished this but provided no factual proof. Doesn't count.  Also he states he found a duplicate address, not a secret key. Since the address is derived from the secret key he should be able to easily take over that wallet..... didnt happen you are also using as support for your argument a software not responsible for anything XRP oriented a software written by some random dude. So yes if one uses words from their brain instead of relying on computer methods then they are adding human factor which is unsecure by nature. Additionally if one uses poorman software then yep you are gonna get burned.

so with your arguement then you are correct. Crappy wallet software can create hackable or duplicate addresses. And if one uses that software then you get what you deserve. Every dev on here has gone out of there way to explain the difference between crappy wallets and not. If the user goes out and creates security and a wallet which is convenient for them, then it is of course vulnerable. Brain walket as a BTC wallet software was always crap.

Edited by Xilobyte
Link to comment
Share on other sites

1 minute ago, Xilobyte said:

You are quoting another forum with a guy stating he accomplished this but provided no factual proof. Doesn't count. 

Lol. Come on dude. This isn't hard to figure out. I'm not making an extraordinary claim. Read the article I posted originally. It's obvious you don't understand something about this situation.

Link to comment
Share on other sites

7 minutes ago, gray said:

Lol. Come on dude. This isn't hard to figure out. I'm not making an extraordinary claim. Read the article I posted originally. It's obvious you don't understand something about this situation.

Obviously :)

Link to comment
Share on other sites

15 minutes ago, Xilobyte said:

Obviously :)

I'm not going to rewrite what has already been written because you don't want to go read the sources I provided. If you arbitrarily don't want to believe me because I don't fit your qualifications of middle age white male scientist then whatever, that's your choice. Go figure it out on your own. If you actually research it, you'll come to the same result as what I'm saying.

Edited by gray
Link to comment
Share on other sites

43 minutes ago, Xilobyte said:

You are quoting another forum with a guy stating he accomplished this but provided no factual proof. Doesn't count.  Also he states he found a duplicate address, not a secret key. Since the address is derived from the secret key he should be able to easily take over that wallet..... didnt happen you are also using as support for your argument a software not responsible for anything XRP oriented a software written by some random dude. So yes if one uses words from their brain instead of relying on computer methods then they are adding human factor which is unsecure by nature. Additionally if one uses poorman software then yep you are gonna get burned.

so with your arguement then you are correct. Crappy wallet software can create hackable or duplicate addresses. And if one uses that software then you get what you deserve. Every dev on here has gone out of there way to explain the difference between crappy wallets and not. If the user goes out and creates security and a wallet which is convenient for them, then it is of course vulnerable. Brain walket as a BTC wallet software was always crap.

Alright now that there's actually some substance to this post I can address it.

He said he found a duplicate address using software meant for cracking brainwallets. That software derives addresses from private keys just like you said. So, he has the private key if he has the public key.

Yes, XRP is not exactly the same as bitcoin. However, at a low level, they are VERY similar. BIP32 and BIP44, for which Ripple officially registered XRP into the "coin" list, is a standard for deriving hierarchical deterministic wallets. This standard is currently the most secure standard for wallet generation and can be used for any cruptocurrency including XRP. Ripple addresses are not that much different and the software that was used to bruteforce the wallet in question for bitcoin could be easily modified to work for ripple as well. 

Theres nothing inherently insecure about a brain wallet. The reason they suck is because the wallet is only as secure as the password used and the algorithm used for hashing the password, and most people are awful at making good passwords and used a very fast hash algorithm like sha256 that could be easily bruteforced. 

The same way that a brainwallet can be bruteforced, so can ANY wallet. In fact, I would bet there are people right now attempting to do just that. The difference is that wallets generated using more bits of entropy for their seed will be harder to crack because there's more possibilities to try.

Ripple doesn't have some magical way to solve this issue. If they did then that would be huge news not just for cryptocurrency but cryptography in general. All cryptocurrencies "solve" it by making the possible key space so large that it would take more time than the universe has existed several times over to go through the whole keyspace in a brute force attack. If that is true, then on average it would take half the total time to brute force a specific private key. That is what makes it secure. However, someone could get lucky and generate your private key on the first try. It's just very very unlikely. 

Also, I wrote a deterministic ripple wallet generator based on the bitcoin Warp Wallet. I'm part of the community of developers that you're trying to tell me know more than me.

Edited by gray
Link to comment
Share on other sites

7 hours ago, gray said:

Alright now that there's actually some substance to this post I can address it.

He said he found a duplicate address using software meant for cracking brainwallets. That software derives addresses from private keys just like you said. So, he has the private key if he has the public key.

Yes, XRP is not exactly the same as bitcoin. However, at a low level, they are VERY similar. BIP32 and BIP44, for which Ripple officially registered XRP into the "coin" list, is a standard for deriving hierarchical deterministic wallets. This standard is currently the most secure standard for wallet generation and can be used for any cruptocurrency including XRP. Ripple addresses are not that much different and the software that was used to bruteforce the wallet in question for bitcoin could be easily modified to work for ripple as well. 

Theres nothing inherently insecure about a brain wallet. The reason they suck is because the wallet is only as secure as the password used and the algorithm used for hashing the password, and most people are awful at making good passwords and used a very fast hash algorithm like sha256 that could be easily bruteforced. 

The same way that a brainwallet can be bruteforced, so can ANY wallet. In fact, I would bet there are people right now attempting to do just that. The difference is that wallets generated using more bits of entropy for their seed will be harder to crack because there's more possibilities to try.

Ripple doesn't have some magical way to solve this issue. If they did then that would be huge news not just for cryptocurrency but cryptography in general. All cryptocurrencies "solve" it by making the possible key space so large that it would take more time than the universe has existed several times over to go through the whole keyspace in a brute force attack. If that is true, then on average it would take half the total time to brute force a specific private key. That is what makes it secure. However, someone could get lucky and generate your private key on the first try. It's just very very unlikely. 

Also, I wrote a deterministic ripple wallet generator based on the bitcoin Warp Wallet. I'm part of the community of developers that you're trying to tell me know more than me.

Doesn't matter dude. He is another guy like you and like me. He "said" means absolutely nothing. It is a forum. So if you believe everything that you see in a forum, you will go nuts here. You can't use a forum meant to pump or degrade a coin as evidence of a problem. It is like a scientist publishing to a blog instead of a Science Journal. 

You are not the only dev on here. In your words specifically .. "it would take more time than the universe has existed" so then more than your lifetime and thus impossible. 

Edited by Xilobyte
Link to comment
Share on other sites

19 minutes ago, Xilobyte said:

Doesn't matter dude. He is another guy like you and like me. He "said" means absolutely nothing. It is a forum. So if you believe everything that you see in a forum, you will go nuts here. You can't use a forum meant to pump or degrade a coin as evidence of a problem. It is like a scientist publishing to a blog instead of a Science Journal. 

Satoshi Nakamoto is another guy like you and me on a forum. Nobody knows who he is, and yet his invention has a market cap of several billion dollars, because other people can look at it, understand how it works, and see that it is valid. It doesn't matter who said it if it's true. You don't have to believe me or anyone else. You just have to understand how cryptocurrency works. It's all based on probabilities, not on certainties. That's how cryptography works. I don't know why you are so resistant to this idea. In what way does it make sense that in a bounded key space there would be no way to generate the same key (number) twice...??? It literally makes 0 sense. If you have a way to do this, please share. You'll revolutionize the world of cryptography forever.

Edited by gray
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.