Bitcoin Forum

We knows that well-reviewed software is better, but it's better to find some alternatives.

I found some javascripts that allow you to generate offline private key randomly, what are the important parts of the code that I guarantee that the private key will be generated

• randomly
• unique (as same level as electrum)

Please: Dont say just download electrum or any other well-reviewed software.

No it's not better to find some alternatives, it's better to use the widely used and reviewed solution with a good reputation.


What's the point of asking questions if you only want to hear answers that would validate your opinion?


The low-hanging fruit would be to check that the function used to get random values is  Crypto.getRandomValues() (https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues) and not Math.random() or some library.

But it's pointless, you need to make a full software review to decide if the software is safe or not. If you don't have a high-lavel expertise in the target programming language, you won't be able to do it.

Well, that's the correct answer because the alternative is for you to be an expert in that particular language (like the javascript you mentioned above) and review the code yourself. I'm not familiar with javascript to tell you where to look and what to look for, if it were c# and  you had posted a link to the source code of the project you were planning to use, then I would be able to look at it and point out what to look for. So the answer is for you to stick to well reviewed software such as Electrum or Bitcoin Core.

Keep in mind that it is not enough to just look at the random() function, you have to see what the whole code is doing. It may have the correct random() function but the button you click in UI may not even use that!

If you don't trust well-reviewed reputable software with which to generate random numbers, just generate them manually using cards, dice, coin flips, or other methods that provide decent entropy. The alternative to that must not be other software that is less known/reviewed and may contain unexpected bugs, vulnerabilities, and backdoors. As for other questions: you can't prove the number you get is actually random no matter what methods of generation, software, or manual, you are employing. And you can't prove its uniqueness because it would require the knowledge of all other already generated private keys which you obviously can't know.

How about this?



Why not? It's most practical option if you're not cryptography/math expert.

You can use tools that can help you generate your wallet seed based on the results of a dice:
https://bitcointalk.org/index.php?topic=5317199.msg58955841#msg58955841
I know that from that point on you will have to create your private key from the seed.

You should read that thread, maybe you get more ideas for what you want to achieve.


Or, after all, the private key is just an awfully large integer.
If I've read/calculated it correctly, it's a number between 1 and 115792089237316195423570985008687907852837564279074904382605163141518161494337
You can easily pick yourself a number in that range (and convert it into WIF). But, as others said, there's quite a good chance you'll go for some "nice pattern" and will make your private key weak.

I think you basically need to reviews the code.
Do you mindset sharing it?

Javascript's randomness is not very good.
For example, Math.random()  is not really random. So if your scripts uses it, I think it is not good.
https://hackernoon.com/how-does-javascripts-math-random-generate-random-numbers-ef0de6a20131


You can try some libs such as
https://github.com/bitcoinjs/bitcoinjs-lib
https://bcoin.io/

I never used them.. but you can even run a full node using bcoin