up vote down vote favorite 25 Bitcoin users frequently generate new addresses for each transaction they make, which greatly increases the number of bitcoin addresses being used to receive money.Would it be possible (and profitable) for someone to find collisions in the bitcoin address space in order to steal money?security address weaknesses key-collision up vote down vote It may be "theoretically" possible, but in reality it's unlikely to be achieved - As in counting the number of atoms in an office building unlikely.Bitcoin addresses are actually the 256-bit SHA hash of an ECDSA public key, so any vulnerabilities in those algorithms would constitute a vulnerability in bitcoin itself.Realistically, however, breaking this level of encryption requires a huge amount of processing power.Coincidentally it requires precisely the same kind of processing power that bitcoin mining requires and in almost every scenario it would be massively more profitable to mine than to hack.

Edit: It's actually RIPEMD-160(SHA-256(public key)) as opposed to just SHA-256(public key) as I originally mentioned, so it's a 160-bit hash of a 256-bit hash of a public key.While the target keyspace (160 bits) is smaller thanks to this final step, it's also an additional computation that a would-be hacker must make.cnn dinero bitcoinWhile the additional computational complexity doesn't even come close to canceling out the removal of 96 bits of keyspace, it should be noted that finding a collision in a 160-bit keyspace is still incredibly difficult and time consuming.tui bitcoinMore importantly, it is more difficult and time consuming than actually mining the same number of coins would be, thus making it highly unlikely anyone would even attempt such an attack - even if the equipment to make such an attack plausible in a meaningfully small span of time existed.bitcoin faucet for coinbase

up vote down vote It is possible to brute force some Bitcoin addresses, because some people generate their private keys in an insecure manner.Any (non-zero) 32 bytes can be a private key.So running sha256 over a passphrase gives an apparently random, but brute force-able private key.Take sha256("sausage") for instance: $ echo -n 'sausage' | sha256sum 30caae2fcb7c34ecadfddc45e0a27e9103bd7cfc87730d7818cc096b1266a683 - Load up bitaddress and paste that private key into the 'wallet details' tab to get the corresponding Bitcoin address, then look it up on blockexplorer: $ /q/getreceivedbyaddress/1TnnhMEgic5g4ttrCQyDopwqTs4hheuNZ; echo 0.01000000 and you'll see that the address held one bitcent for about 2 days in February 2012.See also: "fuckyou", which held 2.5 bitcents for 12 festive days at the turn of last year.So in practice it's possible to brute force bitcoin address creation, but only for poorly chosen passphrases.These were probably just people playing around with the idea of "storing bitcoins in their head" which is why they are for such small amounts, and why they weren't left funded for long.

No address balances were harmed in the making of this answer.up vote down vote In order to spend money sent to a Bitcoin address, you just need to find a ECDSA public key that hashes to the same 160-bit value.That will take, on average, 2160 key generations.Supposing you could generate a billion (230) per second, you need 2130 seconds.Doing this in parallel using a billion machines requires only 2100 seconds.Getting a billion of your richest friends to join you gets it down to only 270 seconds.There are about 225 seconds per year, so you need 245 years.The age of the Universe is about 234 years so far — better get cracking!up vote down vote No, it is not possible, for two reasons.First, you would have to generate and hash an unimaginably large number of ECDSA keypairs to have a reasonable chance of finding a collision.With current computing power, that would take longer than the age of the universe.Second, as pointed out in the other answers it is much more profitable to generate bitcoins if you have lots of computing power.

up vote 3 down vote Theoretically it is possible (but not profitable).But in reality the amount of money you would have to spend to do it would be a lot more than what you would make.up vote 3 down vote If you would like to see some proof to verify that it is truly quite impossible to generate a known keypair, you could test this yourself, if you wanted.Pavol Rusnak has created coinkit, a python library for interacting with Bitcoin related stuff.In there, there is an example on how to use it that does exactly what you are asking.What it does is it generates a random keypair and searches blockchain.info for a balance.I let it run about a month ago with slight modifications on about 1mio adresses and did not find a single one colliding.up vote 1 down vote /ag3KQ0L.png (there are more addresses in the address space than there are zeptometres, 1/1 000 000 000 000 000 000 of a metre, in the universe's width).If you prefer maths: http://download.wpsoftware.net/bitcoin-birthday.pdf (by Andrew Poelstra) says (slightly edited): Using [birthday attack maths], we calculated [above] that for a 0.1% probability of collision, we would need 5.4 × 10^22 addresses in existence.

For a 99.9999% chance, we would need 6.35 × 10^24 addresses.So, even if there were 10^22 bitcoin addresses generated, a collision simply will not happen.But if there were 10^25 addresses generated, a collision absolutely would happen.Should we worry about this?No, for these independent reasons: The chance of getting a specific collision, say, a collision with one of your addresses, is still 1 in 2^160 or 1 in 10^48 .So even if you've got a million million million addresses, nobody has a chance of colliding with you.At the time of this writing, there are less than 10^7 addresses in use in the network.So anyone with 10^25 addresses would only be colliding their own addresses.Each address takes around 100 bytes to store.(Actually about half that, but we only care about orders of magnitude.)So for the network to support 10^25 addresses, it would take 10 million million terabytes of storage just to record them.(And this is not even touching the problem of searching such a huge data store.

According to sipa, if the current mining network (which is at 25 THash, and the most powerful computing network in the history of the world) were switched over to address generation, the network could generate 2.5 × 10^12 addresses per second (one address generation corresponding to roughly 10 hashes).At that rate, it would take 127,000 years to get so many addresses.It is debatable whether homo sapiens has walked the earth for that long.With 21 million bitcoins ever existing, and 8 decimal places of divisibility, at most 2.1 × 10^14 can possibly have money on them at once.But in a space of 10^24 addresses, this means that only one in 10^12 addresses could possibly have money on them.So an attacker, after doing the physically impossible 3 trillion times over, has only a one in a trillion chance of getting even one satoshi out of it.up vote 0 down vote Possible: Yes.Many events are possible even though they're not probable.The likelihood of bruteforcing a bitcoin private key is improbable enough that with current computing standards it is, for all intents and purposes, impossible.

As the science of cryptography develops and as bruteforcing becomes more powerful the underlying bitcoin infrastructure will be improved to keep pace with the improving technology.This may require accessing your bitcoin wallet using an improved client in the future to maintain a high standard of security.Additionally, a bitcoin address is not the same as a private key.Generating a bitcoin address will allow an attacker to send you coins, but it would not allow them to sign transactions with your private key (i.e.remove coins from your wallet).up vote 0 down vote Yes, following technology progression, once equipment is available that can do 1Thash/sec and above then it becomes feasible to start finding collisions with a reasonable success rate.I'd estimate in circa 2-3 years this will be viable, as to whether anybody attempting it lucks out to get an address which has a decent quantity of BTC associated with it is another thing, and the question as to whether it'd even be profitable is further still.

I'm quite sure that the odds are much less than the basic math indicates.. if you find a match which is circa 20 chars long, the odds are rather high that the full address will match due to the process involved in generating the key pair.Skip forward a decade, and this will be far more of a realistic worry, or at the point Thash becomes normal, and Phash is on the cards.. just as GPUs are now dormant and looking for a use, so will mining equipment that hasn't even been invented yet be in a few years.up vote 0 down vote I did the math on this and it starts to make sense without a collision strategy.For ID's, it's 34 characters that can be 0..9, a..z, and A..Z.If you could do 5,000 wallet generations per second, it's =(64^34)/(5000*60*60*24*365*1E+51) to get 16 percent all possible addresses within a year with all systems working full time - being a total of 100,000,000,000,000,016,384,608,344,632,472,552,568,168,984,184,560 machines on the task.I think that settles it as a non-efficient means of hacking, at least for the next decade or so until quantum computing comes into play.