Bitcoin Forum

Truecrypt/Veracrypt uses something interesting during the creation of encrypted volumes: it asks for the user to move his mouse in random patterns for extra entropy. Could this be beneficial when creating an HD wallet for the first time? See this:

https://www.youtube.com/watch?v=cxo8xosH_TI&t=15m07s

Just an idea if someone is developing a wallet or if this could be implemented within existing wallets improving entropy.

There are wallets doing that already.
Like this one

https://bitcoinpaperwallet.com/bitcoinpaperwallet/generate-wallet.html

You move your mouse until you make the necessary entropy. You can use your keyboard as well with your mouse movements. After that, your private key is generated.

However, I read somewhere that humans are not good sources of entropy.... so maybe that is not a good idea. We problably keep moving the mouse in some crazy pattern.

When I do this, I move my mouse with my other hand, and criss cross my hands on the keyboards to make it less likely to use a repetitive pattern.

I always assumed this isn't the only source of entropy they use, but it's added to some other random generator in the computer. I've just tested it on https://www.bitaddress.org: without using my mouse (Tab many times to be able to type in the entry field), I filled it by holding the A-button. After that, I did the same again. As expected, this produced 2 different private keys.

I agree that the website uses also another source of entropy. Otherwise, some private keys generated would eventually collide.

And different users would eventually share the same keys , as this website is very popular and new keys are generated every day

True.
You will not get the same address. Bitaddress does not use only mouse movements or keystrokes to generate entropy:

I believe the idea is to address the risk of having flawed RNG because of the computer being compromised and not producing truly random numbers when directed.

A compromised computer producing not truly random numbers is unlikely to produce a collusion after two 'random' events. They will rather produce random numbers in a smaller space. The output will appear random without testing, but someone with knowledge of the specific space numbers will be generated will be able to generate a collusion with fairly low effort.

The movement of the mouse is intended to counter the above risk in adding user specific random to create a larger space of possible private keys even if the computer's random function is compromised.

If computer/OS random function (such as /dev/random) is compromised, then that means your computer most likely is compromised as well since you need superuser access to compromise it.
It's different case if there's malicious update by OS provider or OS's random function had vulnerability to begin with.

Besides, good entropy won't help if the output is biased.

This site isn't safe (https://www.reddit.com/r/Bitcoin/comments/cs68ri/my_paper_wallet_generated_on/). Please remove your active link to it. You don't want to help it rank better in the search engine results pages!

No site is safe for newbies. You should always use a hardware wallet if you are a newbie.

It was his fault.

That guuy didn't follow recommendations and is now crying that he was hacked....

If the site is compromised it doesn't matter if you use it offline or online. The owner of the site could easily set it up to generate compromised private keys. Other users have complained about this site too. It  is not safe.

Do you know how much people have complained about electrum already ? Countless..
Do you regard electrum as not being safe too ?

I do not agree with any kind of paper wallet creation through websites (regardless whether online or offline). But without proper evidence, or at least some indications, calling a random paper wallet website not safe is not completely correct.
No website is safe for newbies. No web wallet is. And no desktop wallet is.
Nothing is safe for a user without common sense. Not even a hardware wallet.

Are there any indications why this website should be avoided (besides newbies complaining about it) ?

The original owner washed his hands (https://www.reddit.com/r/btc/comments/942435/bitcoinpaperwalletcom_is_under_new_ownership/) of it years ago. He may have sold it to a scammer or he may have broken bad himself. It cannot be trusted.

Did you expect that the former owner of the website do anything different? He said he sold the website and cannot be responsible for it anymore

What did you expect? Like "ok, I sold my website but I can guarantee that the new owner is an honest guy and I am responsible for his actions"

That's not how things work. And if you properly airgap your computer, the risks of using this website are very low (or non existent)

Not necessarily.

If the PRNG is sabotaged or it is coded to only create X (e.g. 1.000.000) different private keys, then even using it offline would not be safe.
And that would probably be the most realistic attack if an bad actor would use such a site to steal funds.

If you sell your site to a scammer then you definitely bear some responsibility. You're setting people up to lose money. The only way to legitimately exit such a business is to sell it to someone you know is honest. Otherwise you don't sell it at all and yes that means you lose out on the gains but it is the right thing to do.

An example of the correct way to do things can be found in the sale of multibit software to keepkey. The multibit developers made sure to sell to a trusted entity in the space. When Keepkey found themselves incapable of maintaining the software they chose to shutdown the project rather than sell it to a malicious entity. They could have sold it and recovered the amount they spent on acquiring multibit but they chose doing the right thing over material gains. All in all no user lost funds and the reputations of all parties involved were maintained.


No, you are mistaken. If the site is malicious it could be programmed to generate private keys known to the site owner. In that case it doesn't need network connectivity to compromise wallets so using it offline doesn't make a damn bit of difference.

The point is to add an extra set of entropy on top of using /dev/random and whatever other RNG, it's just to spice things up after you've setup your whole thing, obviously you can't depend on mouse input alone, but I don't see how this isn't an improvement in overall entropy, assuming the whole thing is done in an airgapped computer and so on (unlike the guy that requested that online site).

Well, until you have some evidence that this is happening, you can't condemn the website.

You showed me a link of a newbie that lost hia funds because he didn't take any precaution and didn't follow website recommendations.

Using your mouse for additional 'randomness' will only help against a narrow subset of possible attacks, but one that is difficult to detect.

This might help you if you are using an 'offline' computer to generate private keys that has previously been exposed to the internet, but that will not be connected to the internet in the future. An attacker may anticipate this and mess with the /dev/random function and nothing else.

I understand this private key generation will take both the output from the /dev/random and the mouse movements converted into a number, and display a private key based on both. So if the /dev/random produces the same output two times, the difference in mouse movements will cause the software to produce two private keys.

This won't happen. /dev/random uses multiple sources as entroy, including CPU interrupts and noise from drivers.
You won't produce the same result twice. Adding mouse movement won't change much.

/dev/random and /dev/urandom both are considered good PRNGs.


And even tho an attacker might be able to compromise those files, this also means he already compromised the system and therefore does not need to change /dev/random at all.

Another victim of bitcoin paper wallet dot com: https://www.reddit.com/r/CryptoCurrency/comments/cyd6uj/bitcoinpaperwalletcom_scam_or_not_4_btc_stolen/ .

The duration of mouse movements play a huge role as well. It gets exponentially more secure the longer you move your mouse around. every movement of the mouse so to say makes its predictability increasingly more difficult. So even if you move the mouse in a predictable manner for 10 seconds, if you move it in a non-standard way for 1 additional movement it becomes practically impossible to predict. Now do this for 30 seconds and you see where this is going. I don't have the math for this at hand right now, but it is simple statistics.

I use https://www.bitaddress.org for my paper wallets and they also use mouse input for extra entropy, but I see a article posted in 2016 says it is not safe to use it? https://www.newsbtc.com/2016/12/11/bitcoin-users-stop-using-bitaddress-org-look-alternatives/

I have not had one of the 100's of Paper wallets that I created "offline" with this script, being compromised. I used a old second hand computer & printer that were not connected to the internet to create these wallets and then I physically destroyed it.  ;)

Anyone else care to explain why https://www.bitaddress.org would not be safe to use?

from reddit by luke-jr (https://www.reddit.com/r/Bitcoin/comments/5hif91/is_bitaddressorg_still_safe/db0nd2f/?st=k06des01&sh=1347ee8f) taken from that article:

although i have to disagree about calling the "tool" unsafe just because users may use it wrong (points 1 and 3 and partly 2). for example if someone is using the website then they don't understand what this tool is for, and for these types of users no wallet or other tool is safe because they can lose their money just the same way.
or regarding #3 paper wallets have a clear purpose, they are meant to be used as a cold storage which means when you have a certain amount of bitcoin and want to "store" that for a long time. again if you are reusing that address then you are using the tool wrong.
as for point #2, if the source code is run on a clean and offline computer (like a live Linux from a DVD) then i don't see how this could even be an issue.

There could be bugs in the implementation of some algorithms, for example regarding PRNG's.
Or they might be simply using outdated libraries, which even could already contain known vulnerability, decreasing the entropy used to generate the private key(s).

The javascript aspect isn't really influenced by where it is run (online / offline pc), but by the code and libraries itself.
A faulty implementation could result in easily crackable private keys. And you have no proper and comfortable way of checking the code / libraries.


A better way would be to simply create a wallet (e.g. core or electrum) on an offline computer with a live distro and use that private key for a paper wallet.

well, the same argument could be made about any other implementation and it would be true!

i am not an expert and since i have never used this project for anything serious i have never needed to check the source code but it is open source and you could check it. if you found a vulnerability in the implementation, the libraries and the way it is using them then let us know with specifics. otherwise only talking about possibilities covers all the tools, libraries, wallets and implementations out there.

This would still require people to download and run the source code, not to simply download the webpage (what everyone is suggesting to do).
And most of the time it is easier to check C/Java/Python code than javascript. Most websites use tons of JS libraries which makes it almost impossible to check them all.

JS is known to be somewhat risky when dealing with crypto operations.

My way to go would still be to either 1) generate a private key using the linux command line or 2) to use a well-known wallet (e.g. electrum / core).

I have seen that long ago, even Openbsd does it at first (ssh init?) boot (if you don't move the mouse it simply takes longer). Also noticeably Keepass and other password managers, before generating a random password.

I don't think they use only the mouse, but a combination of sources, just to make random more random :)