This sounds interesting. Can you tell us what features your site offers that bitaddress.org doesnt offer ?
Can you provide screenshots, proof of your work or even create an announcement thread maybe ?
As of right now, I wouldn't download and run a file from a Newbie.
Thanks for your message, sam00! My repo actually offers less features than bitaddress.org, as it just does the paper wallet, not the other types.
I really just thought it would be cool to be able to have a "native" app you could potentially install with apt instead of the site and quite frankly it was my first time trying Electron.
Also as you said I'm a super noob so there is probably no reason to use my app over the OG.
I wouldn't say it sounds interesting, sounds fishy to me. Looks like the source code is mostly the same from the original webpage. For example compare this script from the new program:
https://github.com/boomdev/billify/blob/d472db85683b30f1b63dc84122234e43e0a055bd/js/ninja.paperwallet.jswith this from the original page:
https://github.com/pointbiz/bitaddress.org/blob/72aefc03e0d150c52780294927d95262b711f602/src/ninja.paperwallet.jsNothing wrong with it, the licence allows to use the code, and the new repository cites everything correctly in the licence file, as required.
But the point of an address generator is to be sure that it is safe. The application in the deb file is an Electron app. It includes a large amount of binary executable for the Chromium extension. It would be (relatively) easy to modify Chromium, to modify one of the JavaScript programs to generate addresses which are unsafe and predictable.
With the original website, you can examine each JavaScript file that it is safe, and then just open it in an unmodified webbrowser of your choice on an internet disconnected computer to generate your wallet. This would be the safest way. There is no need for an Electron app. Even more so because it generates a paper wallet, so you can't verify it. For example if it would provide the a brain wallet functionality as well, then you could test a brain wallet address with the old site, and then compare it with the new site to check if it works, before using it for your secret brain wallet.
That said, the deb file might be innocent. But it is simply not needed and I wouldn't install or run it.
You are correct, programmer-frank, the original site is safer/better. There is nothing fishy here though - or at the very least none intended. This "project" was a learning opportunity (which I think is encouraged by the author of bitaddress.org) and I was out of my depth in the cryptographic side of the codebase but it was
a lot of fun. I debated using Electron, tried a few alternatives that don't bundle Chromium & Nodejs (namely tauri & neutralino) but for some reason I stuck with Electron.
I also see why using the deb (or rpm) directly would be illadvised. The best way to use the app would prabably be to build it from the source code - which, yeah, kinda defies the purpose of it all
To be fair, I'm not sure most people actually audited the code of bitaddress.org before using it (now I have, at least in part), but it's all about having the option - I guess.
All in all, a pretty pointless result for a not-so-pointless exercise, might you agree.
Anyways, thanks to you both for taking the time.
Show Posts
