minimalB
Donator
Hero Member
 Offline
Activity: 674
Merit: 522
|
 |
October 21, 2013, 10:52:10 PM |
|
Interesting, i have exactly the same question as you kwukduck : )
v2.4 is online but master download on github is v2.5. Can anyone elaborate why is it this way?
|
|
|
|
|
|
|
|
|
|
|
|
|
|
If you want to be a moderator, report many posts with accuracy. You will be noticed.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
October 23, 2013, 04:29:05 AM |
|
I noticed the current version on the website (v2.4) is quite old (2013-02-17) compared to the one at github (v2.5)(2013-08-29) a lot of changes seem to have been made.
Why isn't the code on the website updated? Has the code on github been reviewed anywhere? is it usable and secure to begin with? Should i use the 'old' one or the new one?
v2.4 is a solid release use that until v2.5 is on the website, however there are no known issue with v2.5. I'm thinking about changing the versioning to X.Y.Z and incrementing with each checkin to github. v2.5 is a major release with BIP38 encrypted private keys on the Paper Wallets tab, it's almost done. I've been checking in along the way to make forking/merging with other developers easier. It also gives people time to audit the code as there are updated versions of the CryptoJS libraries. |
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
October 23, 2013, 07:32:22 AM |
|
hi pointbiz! Don't forget to use compressed keys by default for everything.  |
|
|
|
minimalB
Donator
Hero Member
Offline
Activity: 674
Merit: 522
|
|
October 23, 2013, 08:36:30 AM |
|
@pointbiz: is it possible to download v2.4 master from github? Can't seem to find it. Only v2.5. Thanks.
|
|
|
|
|
|
dillpicklechips
|
|
October 24, 2013, 09:13:14 PM |
|
v2.5 is a major release with BIP38 encrypted private keys on the Paper Wallets tab, it's almost done. I've been checking in along the way to make forking/merging with other developers easier. It also gives people time to audit the code as there are updated versions of the CryptoJS libraries.
Will you allow crazy high values for BIP38 encrypted keys? If I'm only making one key I don't mind having the browser calculate all night long if that means brute forcing will be extremely hard. Or is that something that can't change according to BIP38? |
|
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
October 24, 2013, 11:01:22 PM |
|
Here is a feature request that I think would help assuage people's fears about random number generation, which have become more valid the more we hear about NSA-rigged RNG.
Right now, the script collects entropy by way of mouse movements.
I propose that the script also collect some additional entropy by way of the keyboard.
When the script generates new private keys, the private key should be SHA256(user-entered-string | prng-generated-string) (where | is concatenation).
I agree and consider this a high priority item on the TODO. Further, the string provided to SHA256 should be optionally printed somewhere on the note as an "audit code" (it could be invisible unless the user decides to click something to make it visible).
The purpose of the audit code is to allow anybody to reproduce the private key by hashing the string. If it can be proven that the user-entered-string is part of the entropy that went into the private keys, then any user sophisticated enough to actually provide enough entropy via the keyboard can be reasonably assured that even if the prng is defective (whether by design or accident), that his keys are secure.
What is the formula to take the audit code and reproduce the private key after you have the printed paper wallet? |
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
October 25, 2013, 03:27:13 AM |
|
Will you allow crazy high values for BIP38 encrypted keys? If I'm only making one key I don't mind having the browser calculate all night long if that means brute forcing will be extremely hard. Or is that something that can't change according to BIP38?
BIP38 sort of hard codes some fairly expensive parameters where on today's computers, a native implementation does one in under a second, and a typical javascript implementation on a desktop might take ten seconds. Allowing crazy high values in BIP38 is not really feasible because if they can be set too high, then it discourages developers from supporting it, because their services can be subjected to denial of service attacks by any user who sends a BIP38 code that asks for hours of CPU time just to decrypt. I agree and consider this a high priority item on the TODO.
Sweet, the paranoid side of me is very happy. What is the formula to take the audit code and reproduce the private key after you have the printed paper wallet?
Simply use the audit code as though it were a SHA256 brain wallet and it should yield the same private key and address. |
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
October 25, 2013, 04:05:20 AM |
|
Android complains about non-trusted CA for bitaddress. Pointbiz, would you please state here who issued the certificate, and provide the serial number and the fingerprint? Thanks!
Serial Number: 14 b3 cb e0 a1 af 8c d6 5b 87 e2 13 a9 38 6b ec Fingerprint: 4c 99 b0 fb c5 42 5d d7 1c 53 81 ec 49 0c 5e cc 76 e2 4a f9 Issuer: PositiveSSL CA 2 |
|
|
|
|
dillpicklechips
|
|
October 25, 2013, 04:38:29 AM |
|
Cool. Will BIP38 be added to bulk? Does wallet details section decrypt encrypted keys? |
|
|
|
|
|
slothbag
|
|
October 25, 2013, 09:40:16 AM
Last edit: October 25, 2013, 10:05:35 AM by slothbag |
|
Awesome, thanks pointbiz. Quick question, how do you decrypt a BIP38 encrypted key? The "Wallet details" tab doesn't recognize it.Edit: Sorry, yes the Wallet details tab does support it, user error |
|
|
|
|
|
canton
|
|
October 29, 2013, 03:25:17 PM |
|
Pointbiz, I forgot whether or not I've mentioned to you that Gavin sent me a patch for my own fork of bitaddress to take advantage of crypto.getRandomValues (if supported by the browser) to generate better random numbers. I've had this in place at https://bitcoinpaperwallet.com for a couple months now, and I meant to issue a github pull request but I just haven't gotten around to it. See the link below to see where Gavin suggested adding it. I don't think you've added this support, but since crypto.getRandomValues is fairly well supported at this point, I think it's worth adding to bitaddress.org. MOAR random please! https://github.com/cantonbecker/bitcoinpaperwallet/commit/b4c2cf68e79f9f469cd180238d9377086058aaa9PS: As always, thanks for your continued work on this excellent engine. Happily donated another .25BTC just now https://blockchain.info/tx/4fddde7eea3a9af15c6a120fe93b6da9fe6a1da287c1c448c47615407a7f87f9May I remind everyone on this thread that Pointbiz's project is essential to ongoing easy and safe security of offline bitcoin? His donation address is 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN - Canton
|
|
|
|
|
minimalB
Donator
Hero Member
Offline
Activity: 674
Merit: 522
|
|
October 29, 2013, 10:14:23 PM |
|
BIP38 integration is just, well, wow. Thanks so much!
|
|
|
|
|
wuchengjian
Newbie
Offline
Activity: 7
Merit: 0
|
|
October 30, 2013, 11:01:01 AM |
|
great tool!
|
|
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
October 31, 2013, 01:04:20 AM |
|
Pointbiz, I forgot whether or not I've mentioned to you that Gavin sent me a patch for my own fork of bitaddress to take advantage of crypto.getRandomValues (if supported by the browser) to generate better random numbers. I've had this in place at https://bitcoinpaperwallet.com for a couple months now, and I meant to issue a github pull request but I just haven't gotten around to it. See the link below to see where Gavin suggested adding it. I don't think you've added this support, but since crypto.getRandomValues is fairly well supported at this point, I think it's worth adding to bitaddress.org. MOAR random please! https://github.com/cantonbecker/bitcoinpaperwallet/commit/b4c2cf68e79f9f469cd180238d9377086058aaa9PS: As always, thanks for your continued work on this excellent engine. Happily donated another .25BTC just now https://blockchain.info/tx/4fddde7eea3a9af15c6a120fe93b6da9fe6a1da287c1c448c47615407a7f87f9May I remind everyone on this thread that Pointbiz's project is essential to ongoing easy and safe security of offline bitcoin? His donation address is 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN - Canton This is the first I've heard. Thank you for mentioning it. I will add it soon. And thanks for the donation! Also, great site. Your paper wallet design looks great. |
|
|
|
|
dillpicklechips
|
|
October 31, 2013, 02:41:36 AM |
|
I tried putting the encrypted key in the wallet details tab but it didn't work. Am I missing something?
|
|
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
October 31, 2013, 03:58:38 AM |
|
I tried putting the encrypted key in the wallet details tab but it didn't work. Am I missing something?
When you enter your encrypted key and click View Details it should display an input box for the passphrase. Does the passphrase box appear? This is the regex I use: /^6P[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]{56}$/ Can you generate an encrypted key that does not work that you are willing to share with a passphrase to help diagnose? |
|
|
|
|
dillpicklechips
|
|
October 31, 2013, 04:30:30 AM |
|
I tried putting the encrypted key in the wallet details tab but it didn't work. Am I missing something?
When you enter your encrypted key and click View Details it should display an input box for the passphrase. Does the passphrase box appear? This is the regex I use: /^6P[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]{56}$/ Can you generate an encrypted key that does not work that you are willing to share with a passphrase to help diagnose? I'm using Chrome and an example key 6PfMEYvZfwTv7SccHBx6B7mfFBEoV AdAdyUUYpufneihL9a62d35xA4Sbw and no password box appears. When I click details it just says it's not a valid key and if it should be a sha256 hash instead... |
|
|
|
|
minimalB
Donator
Hero Member
Offline
Activity: 674
Merit: 522
|
|
October 31, 2013, 09:57:16 AM |
|
I'm using Chrome and an example key 6PfMEYvZfwTv7SccHBx6B7mfFBEoV AdAdyUUYpufneihL9a62d35xA4Sbw and no password box appears. When I click details it just says it's not a valid key and if it should be a sha256 hash instead...
It works fine in Firefox v24.0 I entered encrypted private key "6PfMEYvZfwTv7SccHBx6B7mfFBEoVAdAdyUUYpufneihL9a62d35xA4Sbw" and when i pressed "View Details" the "Enter BIP38 Passphrase" field appeared. |
|
|
|
|
|
dillpicklechips
|
|
October 31, 2013, 04:16:20 PM |
|
I'm using Chrome and an example key 6PfMEYvZfwTv7SccHBx6B7mfFBEoV AdAdyUUYpufneihL9a62d35xA4Sbw and no password box appears. When I click details it just says it's not a valid key and if it should be a sha256 hash instead...
It works fine in Firefox v24.0 I entered encrypted private key "6PfMEYvZfwTv7SccHBx6B7mfFBEoVAdAdyUUYpufneihL9a62d35xA4Sbw" and when i pressed "View Details" the "Enter BIP38 Passphrase" field appeared. Not sure if anything changed but it worked for me today. Weird. |
|
|
|
|
|
