Why are different private and public key generated in online brainwallets?

Question

Why is that different wallet generating sites give different public and private keys when you enter the same passphrase even though they both use the same Algorithm (Sha 256)? Thank you P.S. Ok...one site is bitaddress.org and the other site is walletgenerator.net. i tried getting a brainwallet and used the exact passphrase but got different keys. The passphrase was: robertarmenkery. Obliged

Answer 1

!!!Caveat, Warning!!!

walletgenerator.net is scam!

Anyways be CAREFUL. It is possible to send BTC to a wallet address which is not belong to you and probably is someones else's wallet (probably coder's wallet!!!)

This is called SCAM or THIEF or STEALING BTC which WalletGenerator.net is doing...

---

They are the same, bitaddress.org uses an option that you missed; compressed and uncompressed addresses. Turn the compressed address on, then you will get the same values.

They both use base58 while displaying the content when converted to hex

uncompressed

pub  00515da4ade2ea43379043341d158ba1637e695c7b9d942422
priv 8012e29482949d92ef7c159f27065ef7bda744cc0dde8551cc324b312ce6736e24 7af43428

and compressed

pub  00b3f704fd7f30d5868f0e070b7adf75703313775717588aa4
priv 8012e29482949d92ef7c159f27065ef7bda744cc0dde8551cc324b312ce6736e24 01 3445217c

0x08 is always prepended, 0x01 is the indicator for the compression, and the last 4 bytes are trimmed double SHA256 checksum.

---

Note that generating your private key online is really really a bad idea.

---

Details

Private key part

In the BrainWallet the password has processed as bytes and a SHA256 hash is produces in hex, then 0x80 prepended as the version number. Both values are double hashed with SHA256 and only the first 8 hex values are used for the checksum. The result is displayed in Base58. The below python code can emulate this;

import hashlib
import base58
import base58
from secp256k1 import PrivateKey, PublicKey
from Crypto.Hash import RIPEMD160
password = 'barinwallet online testing'
hashvalue = hashlib.sha256(bytes(password,'utf-8') ).digest()
#Now Wallet format
##prepend the version
privatekeyAndVersion = '80' +  hashvalue.hex()
print(privatekeyAndVersion)
Now double SHA256 hashing for the checksum
firsHash = hashlib.sha256(bytes.fromhex(privatekeyAndVersion)).digest()
secondHash = hashlib.sha256(firsHash).digest()
thePrivateKey =  privatekeyAndVersion+(secondHash.hex())[:8]
privatekeyWif = base58.b58encode(bytes.fromhex(thePrivateKey))
print(privatekeyWif)

outputs in Base58,

5KPELN8uHrsjijjmLd2KfkMjVD6SZ1tEbP3GRUgbrdT3SF8ouJs

in hex

80 ce7fe0c608b64e1ca3a16a6292ba12c100104e100650e7f07ef767e4a9fdf60a 36b463fc

Public key part

Both the compressed and uncompressed can be used for the generation of the public key this means that each private key has at least two public keys.

#Same import as above and continue to the file...
def getPublicKey(publicKeyBytes):
publicSHA256 = hashlib.sha256(publicKeyBytes).digest()

h = RIPEMD160.new()
h.update(publicSHA256)
hash160 = h.hexdigest()

hash160app = "00"+ hash160

firsHash = hashlib.sha256(bytes.fromhex(hash160app)).digest()
secondHash = hashlib.sha256(firsHash).digest()   

checksum = (secondHash.hex())[:8]         
encoded = "00"+ hash160 + checksum

print("encode BASE58 = ",  base58.b58encode( bytes.fromhex(encoded)) )


privkey = PrivateKey(hashvalue, raw=True)
pubkey_ser = privkey.pubkey.serialize()
pubkey_ser_uncompressed = privkey.pubkey.serialize(compressed=False)
pubkey_ser_compressed = privkey.pubkey.serialize(compressed=True)
getPublicKey(pubkey_ser_uncompressed)
getPublicKey(pubkey_ser_compressed)

This outputs

encode BASE58 =  b'1CCf9cZLuKZRcCacKLScjpLqFN765BFkif'
encode BASE58 =  b'183qCdJNtbzuGcPLrrRZiCo2fn8nJV1Ao4'

So, this matches with bitaddress.org compressed and uncompressed versions.

Important note:

I'm able to get the same values in the walletgenerator, too. This site, however, has a problem that every click to view button produces different values. After many clicks, I'm able to get the same values. Needs to be investigated, since we expect only two public key values, yet the private key values are different.

• First observation: to see the same result, the number of clicks differs on every instantiation, one had 39 one had 59.

---

The full code on GitHub.