�j"1LAnZuoQdcKCkpDBKQMCgziGMoPC4VQUckMú<div class="post"><div class="quoteheader"><a href="https://bitcointalk.org/index.php?topic=571.msg5740#msg5740">Quote from: satoshi on July 25, 2010, 08:01:40 PM</a></div><div class="quote">You would still have to sign it with public key 654321. You need to find a collision using a public key for which you know the private key.<br/><br/>When you claim a Bitcoin Address transaction, you give your public key that matches the hash, then you must sign it with that key.<br/><br/>Red's point is that it's easy to quickly generate insecure public keys which you could break and find the private key after you find a collision.<br/><br/>He points out that if the public key was required to be a secure one, one which must have required significant work to find the prime numbers, that would increase the strength above that of the hash function alone. Someone trying to brute force would have to take time generating a key for each attempt.<br/><br/></div>Yeah, I thought the private key had to be in the mix somewhere. It kind of adds another randomness though, you have to find the hash that collides with another public key and at the same time, the private key has to be weak enough to break. I'm not saying it's impossible, but it introduces 2 variables into the reverse collision finding.<br/><br/>Basically, one would build a rainbow table of weak private keys and then have to compare those to public hashes and then have to hope that someone out there has a hash that happens to be a part of that attack. Not impossible of course, but how feasible even if computers were 100 times faster in 10 years?<br/><br/>[edit] ok, re-read what you wrote, the public key is generated from the private key, not independently. So just finding a weak public key is the issue.</div> text/html
https://whatsonchain.com/tx/39a3389cdda0f67d8f41d9b77bc1cea55f2fe0ed7ef5baeba04c76ccd7be1f99