|
Title: Brainwallet.org safe to use? Post by: lyth0s on November 11, 2013, 08:35:37 AM So i'm considering using a brain wallet and I was wondering if anyone can take a look at brainwallet.org 's source code and tell me if it truly is all client side javascript? I'm curious to know if the site has any way to get/use the private keys I generate there? I know I can also download the source and run it locally (which I have done), but I already used a passphrase I would like to keep on their main website.
Any advice is greatly appreciated! Under network activity on my web browser all I see is "get" upon page loads (and no activity when i enter a passphrase), which I believe means nothing was sent to their server...not sure though Title: Re: Brainwallet.org safe to use? Post by: Financisto on November 11, 2013, 08:58:36 AM Before going any further, I'd suggest that you read the discussion about using it right here: https://bitcointalk.org/index.php?topic=251037.0
For the rest, all I've got to say is: keep doing it all (address creation, transactions, storage, signing etc.) offline. IMHO, that javascript application was meant for using offline. EDIT: don't ever trust this implementation because they don't even use KDF. Title: Re: Brainwallet.org safe to use? Post by: lyth0s on November 11, 2013, 09:58:30 AM Thank you sir
Title: Re: Brainwallet.org safe to use? Post by: Financisto on November 11, 2013, 10:54:33 AM Thank you sir You're welcome. At last, but not least: everytime you spend funds from an address, do it with all its funds. e.g. You wanna send 2 BTC from an address funded with 3 BTC. 1) Right way to do it: yoursendaddress: 3 BTC BTC sent to: receiveaddress: 2 BTC + fees yourchangeaddress: ~ 1 BTC 2) Wrong way to do it: yoursendaddress1: 3 BTC BTC sent (only) to: receiveaddres: 2 BTC i.e. always consider the change (and fees). Because of bitcoin and its blockchain architecture, all funds from one address has to be spent as follows: address1 (all funds) -> address2 + fees OR address1 (all funds) -> address2 + changeaddress + fees Hope that explanation helps you avoiding future problems. Title: Re: Brainwallet.org safe to use? Post by: lyth0s on November 12, 2013, 10:18:37 AM Would the change not automatically go back to the sending address?
Title: Re: Brainwallet.org safe to use? Post by: Financisto on November 13, 2013, 01:51:20 AM Can't remember by now.
But as far as I can tell, when you broadcast the transaction (generated with brainwallet app) and do not set an change address, blockchain will reject it. Title: Re: Brainwallet.org safe to use? Post by: TheButterZone on November 13, 2013, 06:09:55 AM Can't not remember by now. But as far as I can tell, when you broadcast the transaction (generated with brainwallet app) and do not set an change address, blockchain will reject it. It used to automatically make the address you're sending from the change address, but IIRC I got errors from bc.i/pushtx when I last tried to use BW. I just went over to Electrum without looking into it. Maybe that's why. |