Title: [ANN] PHPCoinAddress - create public/private key pairs for Bitcoin, etc Post by: zamgo on May 09, 2013, 12:54:54 PM PHPCoinAddress is a PHP Object that creates public/private key pairs for Bitcoin and many other cryptocoins.
PHPCoinAddress is intended to be easy to integrate into other PHP projects. More info: https://github.com/zamgo/PHPCoinAddress This is a beta release, and the project is still under active development. Be careful before using this in a production environment. Example usage: Code: require_once 'PHPCoinAddress.php'; Title: Re: [ANN] PHPCoinAddress - create public/private key pairs for Bitcoin, etc Post by: zamgo on May 09, 2013, 12:56:59 PM I'm gathering a Prefix list for as many cryptocoin variations as possible to include into PHPCoinAddress. Please feel free to report errors on this list, or fix missing prefixes, or report OK tests, or to suggest new coins. For new coins, please include the public and private prefixes in either Decimal or Hex, or just a pointer to a source code repository where the prefixes can be found. I'll keep this post updated as new versions of PHPCoinAddress are released.
Code: Version 0.2.0.pre Title: Re: [ANN] PHPCoinAddress - create public/private key pairs for Bitcoin, etc Post by: QueenB on May 26, 2013, 07:08:36 PM How about the one for Digital Coin/WorldCoin?
DGC: https://github.com/baritus/digitalcoinSource WDC: https://github.com/worldcoinproject/Worldcoin Title: Re: [ANN] PHPCoinAddress - create public/private key pairs for Bitcoin, etc Post by: Raoul Duke on June 22, 2013, 06:05:52 PM Awesome stuff you have here! You should include some cryptocoin donation addresses on the readme file and on the OP, ya know? ;)
Title: Re: [ANN] PHPCoinAddress - create public/private key pairs for Bitcoin, etc Post by: nahtnam on December 14, 2013, 12:38:52 AM Wow this is really great! It would be really useful if someone could port it to Ruby on Rails!
Title: Re: [ANN] PHPCoinAddress - create public/private key pairs for Bitcoin, etc Post by: Abdussamad on December 14, 2013, 02:03:45 AM The private keys generated by this script are not safe. You can see on line 240 of phpcoinaddress.php that mt_rand is used to generate the private key. That function is not safe for cryptographic use:
Code: for ($i = 0; $i < 32; $i++) { $privBin .= chr(mt_rand(0, $i ? 0xff : 0xfe)); } Quote Caution http://php.net/mt_RandThis function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using openssl_random_pseudo_bytes() instead. This is the same problem that was found in bitfreak's shopping cart script: http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg03064.html Title: Re: [ANN] PHPCoinAddress - create public/private key pairs for Bitcoin, etc Post by: nahtnam on December 14, 2013, 02:10:00 AM The private keys generated by this script are not safe. You can see on line 240 of phpcoinaddress.php that mt_rand is used to generate the private key. That function is not safe for cryptographic use: Code: for ($i = 0; $i < 32; $i++) { $privBin .= chr(mt_rand(0, $i ? 0xff : 0xfe)); } Quote Caution http://php.net/mt_RandThis function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using openssl_random_pseudo_bytes() instead. This is the same problem that was found in bitfreak's shopping cart script: http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg03064.html What would be the best way to fix it? Title: Re: [ANN] PHPCoinAddress - create public/private key pairs for Bitcoin, etc Post by: Abdussamad on December 14, 2013, 02:25:51 AM Looks like this has already been reported:
https://github.com/zamgo/PHPCoinAddress/pull/1 Title: Re: [ANN] PHPCoinAddress - create public/private key pairs for Bitcoin, etc Post by: nahtnam on December 14, 2013, 02:28:55 AM Looks like this has already been reported: https://github.com/zamgo/PHPCoinAddress/pull/1 So if I download it now, it would be much safer? Title: Re: [ANN] PHPCoinAddress - create public/private key pairs for Bitcoin, etc Post by: Abdussamad on December 14, 2013, 02:33:47 AM Looks like this has already been reported: https://github.com/zamgo/PHPCoinAddress/pull/1 So if I download it now, it would be much safer? No the use of mt_rand continues which is why I too encountered it. Wait for the developer to respond. Title: Re: [ANN] PHPCoinAddress - create public/private key pairs for Bitcoin, etc Post by: nahtnam on December 14, 2013, 02:34:37 AM Looks like this has already been reported: https://github.com/zamgo/PHPCoinAddress/pull/1 So if I download it now, it would be much safer? No the use of mt_rand continues which is why I too encountered it. Wait for the developer to respond. Oh. I thought on the ticket it said that it removed all instances of mt_rand. Title: Re: [ANN] PHPCoinAddress - create public/private key pairs for Bitcoin, etc Post by: Abdussamad on December 14, 2013, 02:44:36 AM Looks like this has already been reported: https://github.com/zamgo/PHPCoinAddress/pull/1 So if I download it now, it would be much safer? No the use of mt_rand continues which is why I too encountered it. Wait for the developer to respond. Oh. I thought on the ticket it said that it removed all instances of mt_rand. That's a pull request by another forum member. He's requesting zamgo to incorporate this change in his script. Title: Re: [ANN] PHPCoinAddress - create public/private key pairs for Bitcoin, etc Post by: nahtnam on December 14, 2013, 02:45:22 AM Looks like this has already been reported: https://github.com/zamgo/PHPCoinAddress/pull/1 So if I download it now, it would be much safer? No the use of mt_rand continues which is why I too encountered it. Wait for the developer to respond. Oh. I thought on the ticket it said that it removed all instances of mt_rand. That's a pull request by another forum member. He's requesting zamgo to incorporate this change in his script. And BTW that pull request does not address the use of mt_rand that I've reported above. You can see that here: https://github.com/zamgo/PHPCoinAddress/blob/master/PHPCoinAddress.php#L240 Oh ok. Thank you. Title: Re: [ANN] PHPCoinAddress - create public/private key pairs for Bitcoin, etc Post by: FuzzyBear on November 20, 2014, 03:00:21 AM I assume the original dev has abandoned this project with no response to the pull requests from Abdussamad to the security issue found.
I have forked the original project and pulled in the recommended changes and am hosting it here : http://phpcoinaddress.peercointalk.org/ Github repo: https://github.com/FuzzyBearBTC/PHPCoinAddress Donate to the development of this project on Peer4commit: http://peer4commit.com/projects/139 any requests please PM me, if the project takes off seriously again I will start an official thread Fuzzybear |