Bitcoin Forum

https://kryptowallet.org/ (https://kryptowallet.org/)  ;D ;D ;D We love BTCBTCBTCBTC

It's time to get a secure Bitcoin wallet.We don't store your Bitcoins locally or on our servers. So there is no Hacking possible like in MtGox.

Why should You use KryptoWallet ?

We are Open Source
We are a zero footprint wallet.
We support online or cold storage.
You can access your Bitcoin at every Computer with/without Internet access

We will do everything we can to protect your Bitcoins.

However you also need to take responsibility and follow these guidelines.

 Never give out your passphrase.
 Consider multiple passphrases
 Never lose your passphrases.

For more infomation visit kryptowallet.org/ (http://kryptowallet.org/) or newtimes.co (http://newtimes.co) Try also our encrypted Cloud Service newtimes.co/infinity (http://newtimes.co/infinity)

https://newtimes.co/download/logo.png

Copyright (C) NewTimes/Devision KryptoWallet.

Just curious, how much complexity do you enforce when generating a passphrase?

It would seem that running an extensive dictionary password attack could yield some ill-gotten dividends if you have a high enough usage.

If the private keys are generated from an encrypted passphrase, then I cannot access my bitcoins if your site goes down, right?

Where is the encryption of the passphrase done? Do I send the passphrase to your service or is your encryption key sent to me?

AES 256bit keys with AES 128bit

At your Browser Cache, there is your Wallet,BTC ... saved. If you delete your Cache you still have access to your Coins

But what algorithm do you use to generate the private keys from the passphrase?

AES 256bit with OpenSSL, bitcoind in JavaScrypt

How do you generate additional addresses?

Your passphrase is turned into a 128bit key and it is into a 256bit key encrypted which is then stretched into 10 bitcoin addresses. There is no limit but for now 10 per passphrase should be adequate. (OpenSSL+AES+Bitcoind)

Sorry, I didn't understand your answer. Let's assume the wallet isn't cached.

If the wallet is not cached, then the passphrase must be encrypted to generate the private keys. Do I send my passphrase to you to be encrypted or do you send the encryption key to me?

If the wallet is not cached, then I can only access my bitcoins if your service is available because I need you to encrypt the passphrase, right?

Nothing of that. If you access our Server your PC download the SourceCode and encrypt/decrypt there the Wallet. But if you delete the Browser Cache your PC download the Code again and open the Wallet again. The Website is only the GUI/Userinterface for the Wallet. Your passphrase is like a door key. All Software runs local at your PC

Hold on. You want me, to trust you ( a stranger) with my bitcoin in YOUR wallet... on a site that uses javascript... that claims to encrypt my wallet with a key YOU generate via javascript.

PASS

Thanks. I understand.

Next question ... As I understand it, the passphrase is encrypted as a first step to generate the private keys. Where does the key used to encrypt the passphrase come from?

Hold on. Your Bitcoins are not at my Wallet there are in you PC. I generate nothing

You are using javascript. There is no reason on the planet for anyone to use javascript. Period. It's a steaming pile of shit with a bazillion known vulnerabilities and more found daily.

Now i don't und er stand you question. But i try to answer.

Generate:

1. Your Browser download the Scrypt
2. You generate a passphrase (OpenSSL+AES)
3. Bitcoind generate a encypted Wallet (AES) and generate 10 addresses (JavaScrypt/Bitcoind/Bitcoinj)
4.It encrypt all together (OpenSSL+AES)

Login:

1. You access KryptoWallet (online)
2.You enter the passphrase (offline)
3. It decrypt the passphase (offline) (OpenSSL with AES)
4.It decrypt the Wallet (OpenSSL with AES) (offline)
5. access to Wallet (offline)

This is a short Version of how KryptoWallet works

No. JavaScript is secure. And not all is JavaScrypt the most is HTML,PHP. Java+JavaScrypt only for Bitcoind (https://code.google.com/p/bitcoinj/)

So where is the wallet stored?  It can't be in your cache because if you delete your cache you'd delete your wallet

In the Browser Cache. And no if you delete the Browser Cache you still can access your Bitcoin. You passphrase is your access(the key). With the passphrase you can generate again the Wallet with the same addresses and privat keys. Your passphrase is you Wallet only encypted

If you have more question ask  here or at support@newtimes.co

How does bitcoind generate a wallet.dat from a passphrase?

In the passphrase is you wallet.dat encypted

I am going now to sleep i reply later. If you want now a answer try a mail to support@newtimes.co maby anybody of the Team don't sleep.

I understand now. Your site says that the passphrase is encrypted before being used to generate addresses, but it is not.

You made me laugh.

OK,  thanks that you found a "bug" in the translation

You are confusing Java with Javascript. Javascript is not related to Java in any way. Almost every website on the web uses javascript in some form or the other. For example, this forum.

I'm confusing nothing, https://www.google.com/#q=javascript+exploits About 3,190,000 results (0.29 seconds)

Sure, java has more exploits... but javascript is almost as bad, that's why noscript and scriptno block BOTH.

+1 Whats the problem i know that in the WWW are JavaScrypt Exploids, but almost every WebSite use JavaScrypt on anyway i use it only for the Bitcoind, beacause so you don't need a Server to use the Wallet in offline mod. Google use also JavaScrypt, with your opinion Google is bad, beacuse it uses JavaScrypt

The problem is no one should be using a web wallet, no one. Let alone a web wallet run by some random guy on a forum that speaks in broken English.

Sorry we are from Germany, and this is not a online Wallet this is a offline Wallet. Use only need your browser for the GUI, you could download the SourceCode and open index.html or index.php and use the Wallet on a PC without Internet connection. Kryptowallet.org is only the GUI/UserInterface

I like the electrum compatibility but I am not sure about the RNG (RC4) you are using. I would not advice using wallets based on passphrases generated by this site just yet.

Also there are some UI bugs. When you logout you can't log back in. It gets stuck on the open wallet progress bar.

The open wallet button also remains disabled until you press a key while the text field has focus. For example if you copy paste a passphrase instead of typing it out.

The way the UI is structured around the open wallet area is also confusing. It makes it look like we are supposed to enter a human generated passphrase. I suggest hiding the text field until you choose to open an existing wallet.

This is for the security. You can't open the Wallet with copy and paste you need to do Ctrl+V or write manual.
The stuck on the progress bar is normal. The Browser try to download again the SoureCode, but you allready had a copy. Just refresh the Browser.

We don't use RNG (RC4), how do you get on this

It uses arcfour as prng?

js/newtimes.js -> generatepassword() -> rng_get_bytes()

extjs/bitcoin/rng.js -> rng_get_bytes () -> rng_get_byte() -> prng_new_state()

extjs/bitcoin/prng4.js -> prng_new_state() creates arcfour object

I am no expert so I think we should wait for a cryptologist to look at this.

If you mean how we generate a passphrase we use a dictionary based on from Electrum’s (we use different words)

A cryptologist expert has allready looked at the SoureCode, it's very secure. 2.11 trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion centuries would take to hack a passphrase.

[js/newtimes.js -> generatepassword() -> rng_get_bytes()

extjs/bitcoin/rng.js -> rng_get_bytes () -> rng_get_byte() -> prng_new_state()

extjs/bitcoin/prng4.js -> prng_new_state() creates arcfour object] this is how the passphrase generator works. Your are good at this, but some items missing

So kryptowallet is a copy of carbon wallet:

http://carbonwallet.com/

No, only to about 30-40% we added a bigger dictionary, added AES256bit, a faster GUI, a new design, more funktions .......
Carbonwallet was only the base like Bitcoin for Litecoin. Litecoin use a other PoW, but is based on Bitcoin. That is same like here. Kryptowallet use a other encryption than Carbonwallet

The SourceCode of Kryptowallet.com and Carbonwallet.com you can't compare. Me as a cryptographer and some other of the NewTimes team have changed the SourceCode so much that you can only compare the Code-Core (base of KryptoWallet/Carbonwallet)