Software Personalize Your Address With Vanitygen

Discussion in 'Technical Development' started by Aniara, Jan 18, 2016.

  1. 2017/12/15 - Decred v1.1.2 released! → Release Notes  → Downloads
  1. ClokworkGremlin

    ClokworkGremlin Sr. Member

    Jan 10, 2016
    535
    381
    Male
    Whatever I want.
    My instinct is to use ~, but that's because it's the concatenation operator in D, so it's probably meaningless to anyone who isn't familiar with that language.

    (var1~var2 always produces an array of var1 followed by var2, whether var1 and var2 are individual values or arrays of values, so if array1 is [1, 2, 3] then array1~var1 is [1, 2, 3, var1] and var1~var2 is [var1, var2]). Part of their design mentality with making arrays into a Primitive data type, intended to alleviate the ambiguity of array1+array2 in Java or C++)
     
  2. walkeralencar

    walkeralencar New Member
    Translator (Português)

    Dec 29, 2015
    57
    24
    Male
    CTO and PHP Consultant
    Brasília-DF, Brazil
    #22 walkeralencar, Jan 19, 2016
    Last edited: Jan 20, 2016
    @davecg, only for statistic data.
    I have generated 10kk NoSeed wallets , the objective was provide to others the chance to get a vanity wallet, but i got a lot of loud scream at forum about security, even I proposed to code audit... so i'm thinking about dont publish that feature anymore...

    but the data:
    Near 100h of proccessing, generated a sqlite file with 1.6Gb, and got 13 repeated wallets at all (is better then 1 / 1kk)
     
  3. LastNinja

    LastNinja Full Member

    Dec 31, 2015
    451
    199
    Male
    Hmm, maybe that randomness is a feature, not a bug :D
    What do you think secures your coins in any address?
    What prevents us from duplicating onion TLDs?
    Just to give another example.
     
    ClokworkGremlin likes this.
  4. LastNinja

    LastNinja Full Member

    Dec 31, 2015
    451
    199
    Male
    :D

    I remember a guy who posted somewhere his mining rigs would radiate so much heat that he had the windows of his flat fully open while it was 0 deg C outside and he was sitting just in underpants and still sweating.
     
  5. ClokworkGremlin

    ClokworkGremlin Sr. Member

    Jan 10, 2016
    535
    381
    Male
    Whatever I want.
    Hey, as long as the mining rigs are bringing in more than the cost of electricity it's all good, right?

    At that point I'd start looking for ways to convert the heat differential back into electricity.
     
  6. Wolf

    Wolf Jr. Member

    Jan 25, 2016
    107
    45
    I feel I should give a public service announcement about your public service announcement regarding vanity addresses.

    Note that all of the following assumes that address reuse has no more dangers in Decred than it does in Bitcoin:

    Vanity addresses are NOT in ANY way unsafe - there's two main arguments for not using them, and one is largely ultra-paranoid bullshit (in my opinion) and the other only applies to you if you care about privacy and anonymity.

    The first is the fact that when an address is created, it is created from a private key, which is randomly generated, whose corresponding public key is then calculated according to the algorithm in use. Once this is complete, the public key is hashed to create the address - this RAW address is usually further modified by using something like Base58 to turn it into nice letters and numbers, and a checksum is added to make automatic checks for bad addresses possible so users don't accidentally all their money into an unrecoverable oblivion.

    Why this matters for the vanity address discussion is because one of the arguments for not using them is that it *very slightly* weakens the security around addresses. Were someone able to break the signature algorithm, they still would need to be able to get the public key from an address. For those that don't know, hash functions are meant to be one-way - pretty much like cutting your head off. So, if you generate an address, keep the keys safe, and ONLY ever give out the address - your funds cannot be stolen in the case of a break in the signature algorithm used (assuming said break allows realistic private key recovery from a public key) simply because no one has the public key but you. This DOES assume, however, that the hash function used on the public key (which is used to generate the address) isn't ALSO broken. In this way, you have two layers of security.

    Now, when you spend from an address, your public key becomes known - this, in turn, means anyone and everyone can find it. Let me stress this point, however:

    THIS IS IN NO WAY ANY PROBLEM AT ALL UNLESS THE SIGNATURE ALGORITHM USED IS COMPLETELY CRYPTOGRAPHICALLY BROKEN IN A SPECIFIC MANNER - AND THIS VULNERABILITY MUST BE ABLE TO BE EXECUTED IN A REALISTIC TIME.

    Chances of this happening? Well, to be fair, it depends a lot on the signature algo - but for a well-chosen one, I would say I have a better chance of winning the Powerball than it occurring before you're long dead and the money doesn't matter to you anymore.

    The other reason? Well, this one isn't horseshit - if you care a lot about people knowing how much coin you have in that address - and/or when you get payments to said address, how much, and from what source address, then you may want to either not use a vanity address, or do as I do (and recommend for experienced users) - use your vanity for more public things, and use one-time addresses for private matters. Be warned, however - this only works if you're smart enough to use coin control. If you don't know what a UTXO is - I would learn, or don't try this. The reason is because payments are spent in their entirety, and you send whatever is remaining (if any) back to yourself. What addresses you spend from (for the layman - actually which UTXOs you spend in your transactions) can link your public and private addresses together in a way I would call beyond reasonable doubt. If you pay someone, and the transaction used to pay them includes an input from your vanity, it is EXTREMELY likely that the owner of the vanity is also the owner of ALL other addresses that were inputs to that transaction. Wallets usually do this for you automatically, so it can easily create and broadcast a transaction with inputs from an address you'd consider private, and your vanity, which you would consider public. This now means that (to probably 99% of people who know what they're talking about) that the owner of the private address, and the owner of the vanity are the same person - at least beyond a reasonable doubt.

    In short - don't live in fear of something you may not understand just because it has risks - educate yourself and then safely enjoy its benefits.
     
    LastNinja likes this.

Share This Page