How is it possible to generate a key pair client side and guarantee uniqueness about etherwallet HOT 5 CLOSED

Every time you click the generate button, a new key pair will be generated. This is not a brain wallet.

Technically, every single 64 hex string represents a private key and has a matching address. So they already all "exist". It is more a question of whether it has been used / accessed before.

We use a cryptographically random number to generate a private key -> public key -> address. The likelihood that you obtain the same private key as someone else is less likely than you getting hit by lightning every day for a month.

The issue you speak of is the same as any tool you use to create Ethereum accounts, online or offline. No verification happens anywhere.

from etherwallet.

@tayvano I didn't totally understand that but I guess that is just because of my lack of understanding in how these key pairs are generated in the first place.

If you have the time, I have some follow up questions

1. If I understand you correctly, once you have the private key, you automatically have the public key, why is it that one can't go backwards then (since there is a one to one match), shouldn't one be able to follow the same steps backwards?
2. If the answer to #1 is because during the password creation is because the user is supplying their own password in the creation process then that means that the same private key does not always map to the same public key doesn't it?
3. Ultimately what would happen if two people received the same public address?

from etherwallet.

So this is what the code does:

1. Generate a private key (completely randomly)
2. From that private key, generate a public key.
3. From that public key, generate an address.

You actually don't ever see the public key, just the private key and the address.

The password takes the private key and encrypts it. That's all.

Let's say the private key looks like ABC. The encrypted private key looks like 123. The password is PASSWORD.
ABC + PASSWORD = 123.
123 + PASSWORD = ABC.

123 or PASSWORD by themselves, look just like that, and obviously can't do anything by itself. There is no way to know that 123 = ABC without the PASSWORD.

The way that key derivation works is that it's only one way. This is how it just works in general - not just for Ethereum or Bitcoin. If you have the private key you can get the public key. If you have the public key, you can't get the private key. Period.

The same private key will always map to the same public key. The password has nothing to do with this process though. The password, as described above, just encrypts the private key.

If two people receive the same address, well then it would be like two people having the same email address. They could both send and receive from that same address and access emails that may not be "to them."

From a bitcoin stack exchange on the subject:

The network can't tell the difference. In the astronomically unlikely event that two different people have private keys whose public keys hash to the same public address, then both of them are able to spend any coins sent to that address, first-come-first-served.

To illustrate how unlikely this is: suppose every satoshi of every bitcoin ever to be generated was sent to its own unique private keys. The probability that among those keys there could be two that would correspond to the same address is roughly one in 100 quintillion.

http://bitcoin.stackexchange.com/questions/32331/two-people-with-same-public-address-how-will-people-network-know-how-to-deliver

Hope this helps.

from etherwallet.

@tayvano Ok, that helps. Thanks for the time.

from etherwallet.

@istrau3 One more fun link for you:

Brute-force attacks against 256-bit keys (This is what Ethereum along with tons of other stuff use) will be infeasible until computers are built from something other than matter and occupy something other than space.

http://security.stackexchange.com/questions/25375/why-not-use-larger-cipher-keys/25392#25392

from etherwallet.