Connect with us


Pbwhatkey — deterministic private key generator (PBKDF2 & based)

Tested with Python 2.6, pbkdf2_rmd v0.1 (Python module), pywallet V1.1



Editor’s note: some posts were deleted by the author from the original thread and have been reconstructed from archives. As a result, some bitcointalk archive links are not available.

The following content was written by Ukigo on July 15, 2011, 1:50:13 PM in the thread Pbwhatkey — deterministic private key generator (PBKDF2 & based). All content is owned by the author of the post.

Hello everyone !

It’s here:

UPD: see next post for new version (probably more secure).

Pbwhatkey takes 3 parameters:

./ Pbwhatkey your_passphrase your_salt number_of_iterations

Generates a secret key from this input script and then displays it and the corresponding Bitcoin address.

1) Install pbwhatkey (see post below)
2) Download pywallet from version 1.1 (won’t work with V 1.0)
Place in the same directory
Run it: ./ pb4 Korsaar over9000 66666
or: python PB4 Korsaar over9000 66666
The output should be:

The secret key to import: 5JPX6aZBM9NpVdRza6eYnJ1ofB76YL6bennLcZpBq6rB5mbvEYa

the Bitcoin address: 1PQKsnY7N4jQhfRTgKx4j3xLkscYkm4fLS

third parameter should be large enough, can be above 1,000,000 iterations.
(Tested up to 2,200,000)

Password and salt can be UTF-8 encoded (although not tested yet)

Tested with Python 2.6, pbkdf2_rmd v 0.1 (Python module), pywallet V 1.1

Any thoughts or suggestions?

The following content was written by Ukigo on July 16, 2011, 9:51:41 AM in the thread Pbwhatkey — deterministic private key generator (PBKDF2 & based). All content is owned by the author of the post.

You will need a slightly modified PBKDF2 Python module. Save the code below as “” in the same directory with the above “PB3” script.  Editor’s note: link reuploaded

The following content was written by samr7 on July 19, 2011, 12:10:05 PM in the thread Pbwhatkey — deterministic private key generator (PBKDF2 & based). All content is owned by the author of the post. (original)

This program would appear to work exactly as advertised.  It produces good, repeatable public/private key pairs out of passwords using a standard, well-regarded algorithm.  Kudos on moving to Python, it’s so easy to read the code, and the base58 functions are elegant and understandable!

In any case, memorizing a 51-character private key is unwieldy, but I’ll argue that a strong password of comparable security can be a little over half as long and much easier to memorize.  Which, besides backup, would be really great in low-tech situations where wallet files and all physical representations of keys can’t be retained.

The following content was written by samr7 on July 19, 2011, 03:53:27 PM in the thread Pbwhatkey — deterministic private key generator (PBKDF2 & based). All content is owned by the author of the post. (original)

On second thought, there is one detail about this program that worries me.

It sets up the PBKDF2 function and reads out 16 bytes as a hexadecimal-encoded string.

    topsec = PBKDF2_RMD(hashlib.sha512(sys.argv[1]).hexdigest(), salt, int(sys.argv[3])).hexread(16)

Then it passes the string to the pywallet integer converter.  I think what you meant to do with this is read 32 bytes of unencoded data from the PBKDF2 function:

    topsec = PBKDF2_RMD(hashlib.sha512(sys.argv[1]).hexdigest(), salt, int(sys.argv[3])).read(32)

and while the next line will no longer be able to print the raw private key without a str.encode(‘hex’), the str_to_long will at least get the full key data.  As it stands now, it looks like it’s using the ASCII hexadecimal string as the raw private key, which would provide about half the expected level of security.

The following content was written by samr7 on July 20, 2011, 04:48:59 AM in the thread Pbwhatkey — deterministic private key generator (PBKDF2 & based). All content is owned by the author of the post. (original)

As i understand this :
“topsec” is NOT a private key itself, but a “secret multiplier” using to construct  private key.
 See pywallet source code.

It’s true that the topsec isn’t the same thing as a pywallet Private_key.  However, an EC private key is just a large integer between 0 and the group order, and one would assume your intention is to use topsec as this value.

Indeed the secret and secret_multiplier from the pywallet code is exactly the EC private key.  The act of multiplying the generator (point) by secret (integer) produces the EC public key (point).

I’m not sure how many digits secret multiplier must have ?!

It’s 32 bytes long.  The largest useful value is one less than: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141

BTW, new version looks a lot better!

The following content was written by etotheipi on August 25, 2011, 11:21:55 PM in the thread Pbwhatkey — deterministic private key generator (PBKDF2 & based). All content is owned by the author of the post. (original)

So I’m reviving an old thread here, but I’m interested in a slightly different application of deterministic key generation.  It seems like something that could integrated with pywallet very easily.  I’m sure I’m not the first person to suggest this, but I’m not finding other threads about it.

Rather than using passwords to deterministically generate your key, I’d like to use a random number generator to create a 256-bit Private-Key-Generator once.  This generator would be the first private key, GenKey, and then you get a semi-infinite sequence of new keys by simply following:

PrivKey[i+1] = hash256( GenKey XOR PrivKey[i] );

You wouldn’t need the key stretching (at least that’s what I’m assuming the iterations are for in the PBKDF2 module), because you’re using full entropy in your original key.  Using this technique, you only need to backup your wallet once.  Sure, it links all your addresses together, but 99% of the time with the current wallet, if the attacker gets one key, he gets all of them, anyway.  And by using GenKey in each iteration, even if attacker gets PrivKey(i), he cannot determine any of the other keys.  My primary motivation is that I want to be able to put my GenKey into a QR code and store it in a safe-deposit box, and then I never have to worry about losing my private keys.  

With the current wallet, I only get a pool of 100 keys, and have to re-backup my wallet every time I run out.

The following content was written by etotheipi on August 26, 2011, 04:51:57 AM in the thread Pbwhatkey — deterministic private key generator (PBKDF2 & based). All content is owned by the author of the post. (original)

Yes, it is a deterministic wallet.  In hindsight I realize is not precisely the purpose of this original post, but it is related.  Pywallet is the perfect tool for enabling this technique.  The command line interface would look like:

./ –create-deterministic-wallet –generator-key=random256bit.bin –numkeys 10000 -o wallet.dat

This would calculate the first 10,000 keys based on the generator, and add them to key pool in wallet.dat.  If you run out of keys, you can re-run with a higher number, and it will add the new keys to it.  Perhaps it could eventually be included in the client so you never have to run anything:  just create your generator-key once, back it up, and the client will create endless keys from it.

You don’t have to be snarky about the idea… it’s simply a suggestion and you guys are a very short way from having this enabled using  If you don’t like it, let’s have a discussion about what problems it might have and how they could be resolved.

Also, I don’t know why you would question the security of safe-deposit boxes, but that wasn’t the point at all.  People want to be able to backup their wallet once and know that they always have a backup somewhere they consider safe in case their hard-drive fails.  With the current wallets, they have to backup every 100 transactions.  Additionally, there is no warning when their key pool is exhausted, so there’s a risk of using non-backed-up keys without realizing it.  This deterministic wallet solves a lot of problems, and I don’t see where the reduced security is.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Increase Your Security And Privacy With Bitcoin Mixers

Have you ever wondered how bitcoin transactions can go anonymous?




Have you ever wondered how bitcoin transactions can go anonymous and what tools should be considered to make bitcoin untraceable? If you have been in the crypto world, you have definitely come across the word bitcoin mixer (also called tumbler). In short, a coin mixer makes bitcoin transactions in the network more anonymous. It also makes it more difficult for companies to track these transactions. So if someone cares about the anonymity of their transactions, they will definitely use this tool.

When you make a transaction from wallet A to B, this transfer is visible to everyone on the blockchain. Plus the transaction, with the amount transferred, is attached to all of the addresses involved amount. Since that’s also public, companies and individuals can be exposed with key information such as KYC documents. Well, if anyone cares about anonymity, they should use a mixer, also called a tumbler.

How do Bitcoin mixers work?

A bitcoin mixer takes your coins from you and combines, or “mixes” them with coins taken from other users. After receiving your mixed coins by crypto mixer, it converts them into smaller units and sends them to you. Note that the total amount of bitcoin sent to your address is the same as the total amount you deposited (but read the notice below). But how do coin mixers earn revenue to stay in business?

When you deposit bitcoins to a coin mixer, some will deduct a small percentage of your deposit as a fee to pay for the mixer’s operations. Some mixers don’t do that, and instead have a button with which you can “donate” part of your deposit to the mixer to cover their operations. Bitcoin mixers earn their income this way. Usually, new tumblers charge a lower fee to attract the audience.

Like most other crypto industries, not all mixers are trustworthy, however. As a result, you should consider using well-known and reputable tumblers only.

A running list of Bitcoin mixers

Chipmixer is one of the largest tumblers

Chipmixer is one of the largest and most popular mixing services sites in the bitcoin world. You can do very fast deposits and withdrawals on this mixer, and also use different mixing methods to make your bitcoins untraceable in the blockchain network. Also, there is no registration or creating accounts here, so it’s very simple and easy, and you can talk to them privately whenever you need support.

Other well-known and frequently used mixers are:

  • Wasabi Wallet, which mixes all the coins you receive
  • MyCryptoMixer
  • PrivCoin

Advantages and disadvantages of crypto mixers

Tumblers are also used by hackers to launder stolen bitcoin.

As you know, for every service that exists in the network, they have their own disadvantages as well as advantages. But here are some of the advantages and disadvantages of using bitcoin mixers in general.


  1. Exchanges and services like Chainalysis have a hard time tracing the transactions back to you.
  2. Governments cannot monitor the network to track your mixed bitcoins. It is used by some people to avoid a “$5 wrench attack” where an armed robber hits you with a wrench for access to your private keys.


  1. Not all mixers are real, some mixers will collect the deposit and run away with the bitcoins after scamming you.
  2. The commissions might be high depending on the mixer. Common rates are between 1% and 3% of the deposit. This can make a big difference if you are mixing a large amount of bitcoin.
  3. There is concern that some exchanges block the deposits of mixed bitcoins.

Finally, it should be noted that the positive points of bitcoin mixers outweigh the negative ones, and have made digital currency activists interested in it. If you are also interested in privacy, coin mixers are one of the best services for you.

Continue Reading


Bitcoin 2021 Miami Conference: The biggest conference on bitcoin yet

Thousands of people worldwide flocked to Miami to attend the biggest conference on bitcoin till now.



Thousands of people worldwide flocked to Miami to attend the biggest conference on bitcoin till now. There were people from all over the crypto industry, be it exchanges, casinos, e-commerce sites, or even social media platforms. Leaders of some of the biggest crypto businesses and famous bitcoin speakers also attended this conference to glorify bitcoin.

Especially after this pandemic situation all around the world, seeing this kind of event was just incredible. Everyone hugged each other, no masks were seen on people’s faces, and the smile and happiness of the people were omnipotent.

I’m here to tell all the haters and all the doubters that this is not a moment, this is a movement

Mr. Francis Suarez, Mayor of miami

This conference is another proof of the wide acceptance of bitcoin all around the world. Since last year, bitcoin and many other cryptocurrencies have been on a wild ride, and it has set new records.

Yes, in the last month, the bitcoin price has gone down from 64000$ to now 38000$, but it has not dampened the spirits of the people even they believe that buying the dip now is a good opportunity. There were many happy faces from all kinds of people, from students to business people, to even retired people. Institutional investors, Wall Street bankers, and a Republican from Wyoming all attended this Miami Conference.

Even the Miami mayor was there. He announced that Miami will now accept the taxes in cryptocurrencies and let people collect their salaries in cryptocurrency if they want to.

Presence of famous personalities and speakers at the event

At 9:00 am morning In Miami, already a big crowd gathered and Mr. Francis Suarez, the organizer of the event, set the tone at the beginning of the event. He said: “I’m here to tell all the haters and all the doubters that this is not a moment, this is a movement.

The crowd absolutely erupted at such a beginning of the event.

Cameron Winklevoss was there, and he wore a T-shirt with a picture of the Federal Reserve building captioned “Rage Against the Machine.” He just wanted to show how bitcoin is not controlled by any government.

He said “If you own a Bitcoin today, you will be a millionaire in the future. For sure. Congratulations” .

Later, Jack Dorsey, the well-known personality, CEO of Twitter, marked his presence. He said, “If I were not at Square or Twitter, I would be working on Bitcoin.” Also, he added, “nothing is more important in my lifetime” than to work in Bitcoin.

When the CEO of Twitter says something like this, it surely motivates all of us to believe in Bitcoin.

Bitcoiners will surely remember this day in cryptocurrency’s history as the biggest ever conference on bitcoin to date. Surely there will be many more to come, but for now, this marks the beginning of more events like this.

Continue Reading


Gotcha, Darkside: How I Traced The Stolen Bitcoins

No, the FBI did not hack bitcoin



There is lots of talk the past few hours about how the FBI seized bitcoins extorted by Darkside from Colonial Pipeline during the ransomware cyberattack they launched on the oil pipeline. Unfortunately, the news is also being dished out with a large side order of misinformation. People are starting to think that the FBI hacked bitcoin or hacked the private keys for the Darkside address. Now investors are selling like crazy causing the BTC price to slump again.

For some reason, people are also claiming that the FBI served Coinbase with a seizure warrant, even though there’s no evidence of the bitcoins being stored on Coinbase in the first place.

So while all this was going on, I decided to trace the stolen Bitcoins myself, using nothing more than my trusty tools, Blockchair and Wallet Explorer. They are both free to use, so you are able to reproduce these results as well if you want. Now on to the investigation.

Zoning in on the ransom transaction

News media was frustratingly vague about which transactions and addresses were involved in the heist, but a reference from one of these news articles, a report by Elliptic stated that 75 BTC were transferred by Colonial Pipeline to the hacker’s wallet address on May 8.

“This wallet received the 75 BTC payment (worth $4.4 million at the time of the transaction) made by Colonial Pipeline on May 8, following the crippling cyberattack on its operations – leading to widespread fuel shortages in the US.

Dr. Tom Robinson, Co-founder of Elliptic

They did not mention what was the wallet address of the hackers. But to find it, I just had to put a few pieces of information together:

  • The transaction had a 75 BTC output, and it happened on May 8
  • It’s safe to assume that Colonial Pipeline has almost no knowledge of bitcoin, so they bought the 75BTC from an exchange. Exchanges send user transactions in 1-input, 2-output format.
  • The second output would be to a change address (the remainder of the money from the input that wasn’t spent) but in this case, it would be extremely small as the input and first output are almost the same size.

Armed with this information, I opened Blockchair, headed towards the Transactions category, and then used their filters to give me only the transactions with a total output size between 74 and 76 BTC, and occurring on May 8. I knew that only 1-input and 2-input transactions were relevant. Here is the resulting Blockchair query.

There were not many transactions returned from this result, only about 30 or so. But only one of them precisely matched what I was looking for. It was transaction fc78327d4e46dac01dc313067b1ac7f274cdb3a07ea9f28f6f71473145f1b264. I was starting to get a lead.

All further investigation would be carried out at Wallet Explorer. Pasting the above transaction ID into it gave me the wallet [b68f605feedee27e], associated with address 1DToN8Q6y31TGAz75Df729Bnujk6Xg7q5X. Then the 75 BTC was transferred to wallet [9524e1e21b] of address bc1q7eqww9dmm9p48hx5yz5gcvmncu65w43wfytpsf, then to [061e93d18f]. What’s interesting about wallet [061e93d18f] is that it has received a few dozen previous transactions before this incident, and some more since then.

Hacker’s wallet, or an exchange?

Was this a software wallet which may have just received ransomware payments from others, or was it something deeper? Could it be the entry point to an exchange?

As you might know, exchanges make heavy use of deposit and withdrawal addresses. It is not uncommon to see these addresses having thousands of pages of transaction history. Also present in an exchange’s architecture are cold storage addresses – these addresses collect the balances of the deposit addresses into their own.

It could have also been a payment processor address. Many news sites have reported that Darkside was using a payment processor to collect the ransoms, and a payment processor generates a different address for each payment. Typically, these different payment addresses are then “feeded” into a main address. This is what seems to be happening here: bc1q7eqww9dmm9p48hx5yz5gcvmncu65w43wfytpsf belongs to payment processor “deposit address” wallet [9524e1e21b], and both of the addresses bc1qxu83k5qkj8kcqdqqenwzn7khcw4llfykeqwg45 and bc1qu57hnxf0c65fsdd5kewcsfeag6sljgfhz99zwt belong to the main wallet [061e93d18f]. These two addresses have split the 75 BTC into about 63.7 BTC and 11.2 BTC respectively.

11.2/75 roughly equals 0.15, so one explanation for this divide could be that profit sharing is going on here. DarkSide may have received a 15% cut of the ransomware payment (which closely aligns with previous claims that they take 25% of the cut from its affiliates), which means bc1qu57hnxf0c65fsdd5kewcsfeag6sljgfhz99zwt is a DarkSide address. While the remaining 85% of the BTC was taken by the affiliate to address bc1qxu83k5qkj8kcqdqqenwzn7khcw4llfykeqwg45.

The affiliates address contains a particular transaction 9436dbf0435b15378f309c35754a110db880fa9bb66a062160a25533bb4a212a to address 3EYkxQSUv2KcuRTnHQA8tNuG7S2pKcdNxB, part of the [123085fff6] wallet.

This is an address that begins with 3, or a P2SH address. It is not particularly simple to create a P2SH in offline wallets. Assuming the affiliate did not have advanced knowledge about bitcoin, the likely possibility is that the payment processor deposited the 63.7 BTC onto an exchange address.

For the next stage of analysis, we must inspect the receiving wallets from the [123085fff6] wallet.

Three wallets this wallet has send bitcoins to at approximately the same timeframe are [149d0ee75d], [07a4235953], and [07a4235953]. Following the trail of each of these addresses, we end up at a high-transaction volume address each time. Curiously, each of those addresses has received at least one 1-input transaction from a known Binance address. [149d0ee75d] is an obvious example of this.

So my theory is the affiliate gave his Binance deposit address to the Darkside group for payments to it. But why would the affilate do that, when it is well known that exchanges are insecure places to hold large sums of money? Could it be that the affiliate wanted to cash out some of it?

The FBI seizure

It is well-agreed on that the FBI sent a warrant to an exchange to seize the 63.7 BTC, in other words, the affiliate’s bitcoins. The above investigation suggests that Binance was the receipent of such a warrant. It would not be possible to send a warrant to independent wallet developers such as Electrum or Bitcoin Core, who have no control over their user’s money. This gives more credibility to the claim that the affiliate stored his bitcoins on an exchange.

Wallet Explorer shows that the entire balance of the [123085fff6] wallet was sent to the [fc8d1c748f] wallet on 2021-05-28 03:06:11. This wallet might have links to the FBI, but how to prove it?

The FBI has claimed multiple times in a court document that they possess the private key to the address containing the stolen bitcoins. However, it is extremely unlikely that they obtained it from Binance, or managed to retrieve the private keys to Binance’s cold storage. That is because exchanges do not make addresses for each wallet user for efficiency reasons, and they lump together everyone’s balance in cold storage such as a hardware wallet. Therefore, it is plausible to believe that the [fc8d1c748f] wallet was already owned by the FBI, and that they just demanded Binance to send the affiliate’s stolen 63.7 BTC to it.

Curiously, people have suggested that Coinbase received the FBI warrant. However, there is no blockchain evidence that shows Coinbase addresses were involved. Also interesting is that the funds in the [fc8d1c748f] wallet have moved since the court document was published two days ago. Perhaps the FBI didn’t want us to snoop on their seized bitcoins?

Unrelated to all this, it seems that almost the entire balance of the Darkside group was stolen from them on May 13 by an unknown actor, with a transaction from Darkside’s [061e93d18f] wallet to bc1q2sewgrnau4e4gvceh8ykzf8lqxawpluu0k0607 shifting more than 107 bitcoins from them.

I have created a graph of the transactions flowing between Darkside , the affiliate’s wallet on Binance, and the FBI is below, minus the theft transaction from Darkside’s wallet (full size).

But did they hack bitcoin to get them?

Of course not. Here are some reasons why hacking bitcoin is still not feasible in 2021, and probably never will be in the near future:

  • The ECDSA algorithm which mangles public and priavte keys into signatures for transactions still hasn’t witnessed a single breach. The FBI could not have hacked ECDSA.
  • Second, the fastest tools for brute forcing private keys can only find 2^60 of them in a reasonable time, well below the number of bitcoin private keys, 2^256.
  • Third, the bitcoins weren’t even seized from a private wallet, they were seized from an exchange who legally agreed to hand the bitcoins over via a transaction.

Most importantly, we now know that the stolen bitcoins were on an exchange. This proves rumors that the FBI hacked Darkside’s servers to be false. The closing of their website and servers was the result of their service provider terminating their access for law enforcement reasons, and the theft of nearly all of Darkside’s bitcoin, including the 11.2 BTC from the Colonial Pipeline ransom, was done by an unknown assailant, unrelated to the affiliate’s 63.7 BTC seized by the FBI.

Continue Reading