great article. thanks
Lesson of the day: don’t trust random wallet developers.
They may truncate your keys making them vulnerable to attacks.
The cryptography of properly implemented wallets is solid and you can’t just guess the keys.
The headline is a bit click-baity.
Proves some of the foundational concepts here. It is clear that this stuff is still not very mature and people should be very careful until there is a lot more experience running these systems. I wonder what the biggest culprits are here, bad wallet code that generates bad keys or just bad practice.
This is partly bad key design too, no? If keys have to meet other system requirements it can prevent this sort of attack vector. Generating public/private pairs usually involves a random number generator and restrictions to “large prime numbers”. What are the relevant properties of Cardano keys?
This is exactly why my brother generates his own private keys by flipping a coin. Someone else once mentioned using a bucket of 16 sided dice to do it. I’m waiting for a wallet that lets you enter your own private key and allows for off line transactions.
But put yourself in the shoes of a not particularly technical user. Is there even a source you can trust about what wallets are good, better, best? I’m not about to hold significant digital assets without a good operational security plan. Just like financial and legal advice, you shouldn’t rely on some internet source, but even the professionals need reliable data sources. We can’t all be re-inventing those wheels.
I didn’t post this before because I didn’t want to give anyone any ideas 
but seeing as it seems relevant… What’s to stop people trying to brute-force huge numbers of different private keys on an individual wallet and stealing ADA for example? Is there anything at all in place to prevent this type of attack? It’s a slight concern that has been in the back of my mind lately…
This space never ceases to amaze me 
If you select your keys well, the brute force method would take way too long. Many times the length of the universe long. A “lucky guess” is always possible, but it is like the glass un-breaking and popping back up to the table.
Good question. I’d go with the wallet the developers themselves use. Ledger is a good example of an air gapped device that is proven to work for many.
People have a range of sensitivity to risk so I don’t blame them for not being in the space until something “understandable” comes their way. That said, by that time, the major part of upside could already be realized.
So you take risks for being early and reap the potential benefits. No matter what, people shouldn’t put more than they can afford to lose.
One thing is for sure: this space isn’t for everyday consumers who are used to downloading software without much thought.
One has to step back, and ask a lot of critical questions before installing wallets, especially the third party wallets.
There is risk in all of this, but it isn’t in cryptography. It’s in the implementation of wallets and in not following a good internet hygiene by users.
Is it possible? Yes. Is it probable? No.
BTW, in at least some systems, the public and private keys are not really any different. When spit out of the generator, you could switch them and have the same thing. Finding the other given one of them is very hard unless someone invents some new math, or quantum computing make a huge leap all at once. It doesn’t matter which one you know.
Generally, isn’t the public key in the transaction? Otherwise, nobody could validate anything. At the very least you need to have an identifier that relates to the key for validation whether it is based on typical asymetric key tricks.
I will just throw this one in here, if anyone questions the mathematical probability
If you really want to geek out on security …
The safe with the electronic dial near the end in really cool.
The general problem of security is you have to defend against attacks no body has thought of yet.
Key point is guessing a key, “it takes on average”, which should be 2^255 (not 6), but there is a finite probability it is found in the first few dozen probes. If you can also make it hard for someone to test candidates, better, but most of the time we have a public key or message to test guesses against.
You can make that computationally more expensive.
And in case anyone wants to calculate how fast this is cracked by a quantum computer … It is the size of the quantum registers, would need to be 256 bits (or key size in general), and I gather current tech needs many (like ten maybe) qbits to reliably have one to calculate with. So, like a 3000 qbit quantum machine could do it in constant time. I think they are working with at most a few dozens these days.