This is a rather contentious topic, especially given the recent Bitcoin price surge. As of this writing, Bitcoin has reached a valuation of over $62,000 dollars/BTC. A truly astonishing number by any metric.
But let’s address the question at hand — is it possible, or rather, is it feasible, to crack Bitcoin using modern computing?
Well, according to a recent article titled “Quantum computers could crack Bitcoin by 2022” by Decrypt, it may indeed be… and in the short term no less.
That’s likely alarming to a lot of folks, especially new investors… but the title itself informs you of everything you need to know.
Absent quantum computing, Bitcoin is unbreakable given the fundamentals of statistics and the state of current computing power. There are simply too many private key possibilities to feasibly brute force them.
In fact, the total number of possible public/private key pairs approximate to 1.1578 * 10 to the power of 77, which is close to the number of atoms that exist in the visible universe!
Yes, that’s right — the visible universe.
So in short, until computing increases by orders of magnitude — and as long as our private keys were derived from a truly random source — we’re safe.
But this begs the question, what if we didn’t use a random source; for instance, one that uses a password to derive a private key?
Let’s consider a brain wallet that uses a poor implementation of key generation. These includes wallets where the private key is derived from a password or a pass phrase.
For instance, some folks use a hashing algorithm, like SHA256. They hash a human-readable phrase, which generates a seemingly sufficient private key. Some people do it this way because the Bitcoin private key is a 256 bit value and SHA256 conveniently outputs a value in this format.
But, given that human language is a lot more finite than the visible universe, these private keys are a lot easier to brute force. All an actor need do is guess the password or pass phrase to recreate your private key. And from this private key, a public Bitcoin address can be generated. If this public Bitcoin address exists in the blockchain with a balance, the actor can move the funds.
Here’s an example of a Bitcoin P2PKH account (with a zero balance), which was derived from a SHA256 hashing of the password “iloveyou”.
Private key: e4ad93ca07acb8d908a3aa41e920ea4f4ef4f26e7f86cf8291c5db289780a5ae
Public key: 0234f51e57e8f896bf906fdbcc55180f6ad3644e11d70830b9b2ba88192a94f60d
Public Bitcoin address (P2PKH): 1GuqA56NJDC2GguM5Q4Zjgsq71oF9ReaNZ
You can clearly see it’s valid from the screen capture below.
So I hope that I’ve now proved to you the heightened risk of using a brain wallet. Of course this could have been mitigated with use of a stronger password, but your security is still orders of magnitude weaker using this approach vs. using a truly random source.
Bitcoin Brain Wallet Cracking
If you’d like to learn more about why brain wallets are bad, check out this website.
The homepage also lists the Bitcoin “rich list,” and a link to a supplemental page with interesting Bitcoin brute force statistics and a brain wallet cracking tool called BrainFlayer.
You can even bulk search BTC wallet balances via this website.
Always be careful, apply best practices, and never stop learning!