Bitcoin Forum

What I am describing here is not for everyone, and if you argue that a hardware wallet it easier you very well may be right. I just really like the idea of not needing additional hardware to generate addresses that are safe from malware. Even though I have never had malware (I've been Linux since 1998)

This is how I generate bitcoin addresses for long term storage of coins I do not intend to spend :

https://bitcoin.librelamp.com/address.phps

To see it in action just remove the the s from phps.

If your browser can't load the page it probably means your browser does not support TLS 1.2 and/or ECDSA certificates.

I do not run it from a public web server for my own key generation. I run it in apache running on my dedicated bitcoin PC (CentOS 7) and it can only be accessed locally, not even from other PCs on my home network.

The salt - okay this is why some people are definitely better off with a hardware wallet.

The salt should not be considered a security feature because it is hard-coded right in the php.
Don't rely upon salts to provide security. So-called "Brain" wallets are a stupid concept even with a salt.

The pass phrase you use when generating an address needs to be one you probably won't remember and thus needs to be written down and stored someplace safe until you actually need the stored coins. I use a safe deposit box. If you don't have one, they are cheap, and you really should even if not for bitcoin because it is good to have copies of things like insurance papers in a safe place away from your house.

When using a salt make it a good one, but don't assume no one will ever discover what it is.

Pass phrase should be something like "Billy Toyota sd%%#1 angry kitten plate jungle"

The purpose of the salt is really just in case my pass phrase isn't as random as I thought. But with it hard-coded in the script, you have to make your pass phrases under the assumption that someone other than you may know what it is.

-=-

Anyway what I like about this solution is it doesn't require specific hardware that can cause a delay in access to my funds if it fails. It doesn't require a barcode scanner or tying in long strings of nonsense directly (the keys). It clearly highlights the pass phrase used to generate the keys so I can easily see if I made a typo when generating the keys. I don't have to print anything, I can just write it on a 3x5 with a pen and put it in an envelope.

I only recommend using this if you have a PC with relatively good physical security. Encrypted filesystem, secure OS, etc. because with the salt hard-coded in the php, a keyboard sniffer and you are hosed.

At some point I will rewrite the part that creates the public key from the ECDSA key, there's a php interface to the secp256k1 library the bitcoin developers are working on but that php library is still rather alpha.

Oh and the encodeBase58() function I stole from somewhere else years ago and I don't remember where. But bitcoin base58 is different from many, both in alphabet order and the leading 0s matter.

Enjoy if you like this sort of thing, I understand this isn't for anyone. I wouldn't suggest my mother use this, for example.

Thanks for your sharing. I thought what many ppl do is to dowload bitaddress.org script and run it on an off line computer, and print out the cold address.

I don't like to print things. I don't even own a printer. When I print I send a PDF to a print shop and then go pick it up.

And when printing, you either end up with a long address you have to type in or you need a QR scanner. Pass phrases are easy to type because they are mostly words and then you just cut and paste the base58.

But different strokes for different folks.

if you're going to go to all that trouble why not
go to the next level and use physical entropy
(dice, coins, etc).

How one generates the pass phrase is up to them. There's lots of different tools that generate a pass phrase in different ways, IMHO that doesn't belong in the php itself.

I don't want to have to trust php's pRNG so that really is beyond the scope of the script.

The script does require a fairly large salt (though it doesn't completely force a good one) and then adds to the salt with some hashes, giving at least some protection to people who do not have very random pass phrases. But the script itself should not do anything random.