It is possible that people would try to find their private key on directory.io for fun. You can do that by jumping to the relevant page. Meanwhile, the servers at directory.io would cache the GET requests and blast through the handful of keys on that page.
The site is likely generating the pages on the fly. You can type directory.io/<any number upto x>
x : 904625697166532776746648320380374280100293470930272690489102837043110636675
Somebody did set up a website somewhere that allowed users to see if their private key was in the "database". It would jump them to the correct page, and, steal their private key in the process.
I didn't like them potentially stealing my revenue, so I implemented this feature myself. The pluses beside the private key are permalinks.
Thanks for clarifying. Even though you may not have bad intentions, there are several points of failures e.g. server logs falling into wrong hands, man-in-the-middle-attack (using http) etc.
Maybe put a big disclaimer in red on top of every page.
> The site is likely generating the pages on the fly.
The site is definitely generating hashes on the fly. There is not enough known storage in the universe for all possible 32 byte private keys. To be more precise, 1E77 is within a few orders-of-mag of the estimated number of atoms in the universe.
Directory.io is not phishing. The chances of someone finding an adress that has ever been used by anyone ever, (aside from people sending coins to the first one for fun) is impossible.
The problem is that some moron can enter his private key there, to see what the site says about it. Then if the owner reads the server logs, he can read the private key. To be clear, never ever never ever never ever put your private key in a random website.
I hope that most morons only know the public address (that is a hash of the public key), and don't know about the private key that is stored in a wallet. In https://www.google.com/search?q=site:Directory.io the numbers are too low, so they are probably only a few random keystrokes, not "real" private keys.
> The problem is that some moron can enter his private key there, to see what the site says about it. Then if the owner reads the server logs, he can read the private key. To be clear, never ever never ever never ever put your private key in a random website.
You would think that the word "private" in "private key" would give them a clue... or do most people now not really understand the concept of privacy anymore?
It is possible that people would try to find their private key on directory.io for fun. You can do that by jumping to the relevant page. Meanwhile, the servers at directory.io would cache the GET requests and blast through the handful of keys on that page.
The site is likely generating the pages on the fly. You can type directory.io/<any number upto x>
x : 904625697166532776746648320380374280100293470930272690489102837043110636675