Forum Home
    • Register
    • Login
    • Search
    • Recent
    • Tags
    • Popular

    Wallet attack

    Attacks and Feathercoin Security
    4
    7
    4954
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mirrax last edited by

      There was lot of talk about 51% attack.
      EDIT: [i]Let us discuss possibility of completely different attack:[/i]

      Did anybody consider just generating all the wallets out?
      I think it would need veeeeeeeery long time as wallet addresses are pretty long and consist of numbers AND characters.
      But theoreticaly if somebody have all wallets then currency is dead, not?

      Anybody more competent then me with some opinion on this issue?
      (to be honest I don’t even really understand how wallet address and private key generation process works)

      1 Reply Last reply Reply Quote 0
      • M
        motherlode1 Regular Member last edited by

        I am going to to answer your question based on my understanding of a wallet. So take whatever I say with a grain of salt.

        The alpha numeric key that is generated by a wallet as an address to my understanding is random. So if anyone would want to steal all wallet addresses he would need the random generator and figure out the pattern which I assume is not an easy task at all. But before that he would need whatever program he uses to be able to differentiate between case sensitive letters in the address. Now, having a program differentiate between capitalized and non capitalized letters is easy. The hard part would be figuring out where in the address sequence do the letters get capitalized or if they even follow a sequence at all. From then on he needs to be able to verify whether the current generated address exists or not. He could verify via Feathercoin explorer but if the rate he generates the address is fast enough and assuming he verifies them as soon as they are generated then he would be bombarding the explorer with addresses to verify. This may or may not raise some alarms, that is to say if the explorer has some security measures or not.

        I guess if I wanted complete control of the currency I would have to somehow install a subroutine in the wallet program itself. This sub routine would then send any coin in the wallet to my address along with whatever addresses have been generated by that wallet, I don’t know if this is possible or not but since we are being theoretical anything can happen. If that seems far fetched then I guess the only option would be to steal any backups made by wallets or force the wallets to make backups and send them to me.

        In terms of calling this a 51% attack would be incorrect because I do not really control the network, I am either, based on one of the above just stealing wallets and forcing them send me coins or stealing backups and claiming the wallets to be mine.

        None of this is easy to do. I guess the only easy option would be to have extremely high amounts of hashing power and basically take control of the network which again is not that easy to do if you look at it realistically.

        But assuming I have all the coins that have been generated or will be generated then yes the coin is essentially dead. It has no value then as I am the only one holding it.

        51% attacks have happened before and they have been damaging but in terms of control they are a stupid idea as their use essentially leaves the coins dead. If I wanted to control the currency I would try and have at-least 39 to 50% of the network. In this way I will have a greater share of coins and the possibility of finding every alternate block. This maximizes the coins I receive but at the same time ensures that some of the coins are still being delivered to other addresses. The value may decrease but overtime it may see some gains once I have enough of a stockpile and stop mining the coin.

        1 Reply Last reply Reply Quote 0
        • wrapper
          wrapper Moderators last edited by

          The pump and dumpers want to destroy the coin, they sold out before the kill.

          Re: Did anybody consider just generating all the wallets out?

          From what I recall there are a lot (squared) of potential keys in a massive set of potential but wrong keys…

          1 Reply Last reply Reply Quote 0
          • M
            mirrax last edited by

            [quote name=“wrapper” post=“55629” timestamp=“1390905956”]
            The pump and dumpers want to destroy the coin, they sold out before the kill.

            Re: Did anybody consider just generating all the wallets out?

            From what I recall there are a lot (squared) of potential keys in a massive set of potential but wrong keys…
            [/quote]

            I think it is limited by capabilities of something like this:
            http://www.featheraddress.org/

            1 Reply Last reply Reply Quote 0
            • E
              eaxvac Regular Member last edited by

              Quantum computer in probably 100 years or as the current silicon chip grows its computing power exponentially… but… does that matter?
              Hard forking Feathercoin is as easy as hell with coordination and communication, as soon as alarms are raised with someone attempting to do something like this. Miners will definitely cooperate to protect their own interest (yes!)
              To an even tougher algorithms (eg: SHA/RSA2048 + salt or something)?

              Also, the combinations of address will probably come over a hundred trillion or more.
              Assume each wallet have an address that consist of 34 characters. Each character can be 1~9, a-z & A-Z. There’ll be (9 + (26 * 2)) = 61.
              We’ll need something like aaaaaa…, aaaaaaab…, aaaaaac…
              Now, a 6 character password takes 10x GPU cluster to be cracked within a month. What about 34? You decide.
              The rate of a collision is so low that Bitcoin doesn’t even bother checking if the address has been used. It just generate one randomly without any communication to other nodes.

              We can also set a limit to how many times a single IP can query the explorer in x amount of time, and even down to the Feathercoin client perhaps.

              To sum things up, the attacker needs:
              -Tonnes of computing power, millions of times more than all Bitcoin mining power combined
              -Lots of storage/ram, not 1TB. Perhaps billions of TB
              -In house development of hardware for that specific use
              -$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

              At the end of the day, it is simply not worth trying. The attacker would rather spend resources mining Feathercoin for a better return.

              1 Reply Last reply Reply Quote 0
              • wrapper
                wrapper Moderators last edited by

                Quantum computer are here, or nearly there. 5 or 10 years tops for all companies to need one. The fuzzy logic of Quantum computing is more applicable to creating an A.I. than the given problem of guessing valuable private keys.

                As I see it the whole crypto currency system is set up to mine, it is less efficient to get coins any other way. This will be more so in the future as the block reward reduces, you will need to process transaction to make coins (and therefore be ‘on the network’.)

                1 Reply Last reply Reply Quote 0
                • M
                  mirrax last edited by

                  [quote name=“eaxvac” post=“55653” timestamp=“1390915363”]
                  The rate of a collision is so low that Bitcoin doesn’t even bother checking if the address has been used. It just generate one randomly without any communication to other nodes.
                  [/quote]

                  This part litlle freak me out…

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post