|
Title: Bitaddress.org security. Top Notch? Post by: MagicBit15 on April 15, 2013, 05:30:26 AM I have been into making paper wallets on my own for a while never used a javascript or web based one. I am sure this is a silly question but bitaddress.org been around for a while, pretty secure I assume. Like make paper wallet, no logs etc.,
Any positive experiences would be great!! Title: Re: Bitaddress.org security. Top Notch? Post by: maaku on April 15, 2013, 05:34:41 AM Worried? Save it to usb key, load on linux live cd with no network connection.
Title: Re: Bitaddress.org security. Top Notch? Post by: keatonatron on April 15, 2013, 05:40:42 AM Worried? Save it to usb key, load on linux live cd with no network connection. Exactly. If the software can't connect to the internet, and can't save any information on the computer to be sent later, it's impossible for it to let someone else know what you've generated. The site itself suggests this method. (So far I don't think anyone has ever had a "bad experience" using the generator") Title: Re: Bitaddress.org security. Top Notch? Post by: beckspace on April 15, 2013, 06:05:28 AM Exactly. If the software can't connect to the internet, and can't save any information on the computer to be sent later, it's impossible for it to let someone else know what you've generated. The site itself suggests this method. Not quite. The software may be compromised in a way that it "generates" for you some attacker's pre-generated keys. Even in offline mode, a compromised code can be disastrous. Trust no one in any time. Check the source. Title: Re: Bitaddress.org security. Top Notch? Post by: keatonatron on April 15, 2013, 06:43:55 AM Exactly. If the software can't connect to the internet, and can't save any information on the computer to be sent later, it's impossible for it to let someone else know what you've generated. The site itself suggests this method. Not quite. The software may be compromised in a way that it "generates" for you some attacker's pre-generated keys. Even in offline mode, a compromised code can be disastrous. Trust no one in any time. Check the source. That is true. Title: Re: Bitaddress.org security. Top Notch? Post by: apetersson on April 15, 2013, 07:01:30 AM just to throw in some doubt: have you verified that the random number generator has enough randomness? that there is no known secret seen involved in the key generation?
Title: Re: Bitaddress.org security. Top Notch? Post by: aantonop on April 15, 2013, 07:13:37 AM Checkout OpenPaperWallet, a community project where we're building a kit for making beautiful, secure paper wallets.
https://bitcointalk.org/index.php?topic=155847.0;all The designs are coming out great, the project has been moving at a nice speed and we should be doing the first production run in a couple of weeks... Title: Re: Bitaddress.org security. Top Notch? Post by: Dabs on April 15, 2013, 07:27:28 AM Okay, who has looked at the source code and see where the random numbers are generated?
Title: Re: Bitaddress.org security. Top Notch? Post by: Grinder on April 15, 2013, 08:35:03 AM Trust no one in any time. Check the source. And also write your own compiler and create your own hardware from scratch. Being paranoid is really hard.Title: Re: Bitaddress.org security. Top Notch? Post by: keatonatron on April 15, 2013, 01:12:14 PM Trust no one in any time. Check the source. And also write your own compiler and create your own hardware from scratch. Being paranoid is really hard.Better yet design your own bitcoin-like currency/protocol and try to get everyone else to use it. That's the only way you can really be sure Satoshi won't come back with an alien fleet and target those who stole his precious coins. Title: Re: Bitaddress.org security. Top Notch? Post by: z12 on April 15, 2013, 05:41:59 PM Okay, who has looked at the source code and see where the random numbers are generated? The seed is generated using javascript while you work with your computer (move mouse, press keys etc.) perhaps throw away a few first generated keys and they are random enough Title: Re: Bitaddress.org security. Top Notch? Post by: MagicBit15 on April 15, 2013, 09:04:44 PM Wow awesome feedback, can always trust you guys for the down and dirty!! Thanks again!!
Title: Re: Bitaddress.org security. Top Notch? Post by: Dabs on April 16, 2013, 02:30:52 AM The seed is generated using javascript while you work with your computer (move mouse, press keys etc.) perhaps throw away a few first generated keys and they are random enough I don't mind how the seed is generated. But how are the random numbers themselves generated? What is the PRNG bitaddress is using or how does it work? I will look at the source code to find out, but if you already know, kindly post here. Thanks. Edit: It uses timers and mouse positions to generate the seed. It uses Random number generator with ArcFour PRNG. Based on comments in the source code. Can this web html javascript be compiled? I want to run it as natively as possible, for speed. Javascript is interpreted, correct? |