Bitcoin Forum
July 26, 2021, 12:24:31 PM *
News: Latest Bitcoin Core release: 0.21.1 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1]
1  Bitcoin / Bitcoin Technical Support / Re: Why has my newly created Bitcoin address already been used? on: May 18, 2020, 03:12:10 AM
Downloading those sites, running them offline, and only using the "Wallet Details" to enter your dice made HEX PrivKey to get your address, should be ok, right?
Not necessarily. A site could quite easily just show you a pre-generated address from a list of pre-generated addresses which all belong to a malicious attacker, regardless of what private key you enter. Downloading the site and running it offline won't protect against that at all.

If you are going to go down that route, then you should use multiple sources to make sure that they generate the same address, and the sources you use should be open source. If you are unable to audit the code yourself, then find someone trusted to do it for you, or look for community consensus that the site or service is trusted. Ideally, the computer you enter your private key to should be permanently airgapped rather than just temporarily offline. If you don't have an airgapped computer, then a run a live OS from a USB stick. You could download and verify Electrum from electrum.org, as well as an open source site such as bitaddress.org from their GitHub, and ensure the address generated by each service matches.

Sorry if my question is a bit off topic, I'm quite new here and I would really appreciate someone pointing me out to the right direction.

So... What would be the best way to create your address? sadly, at the end you will end up trusting someone else... many people say "just buy a hardware wallet" but then ppl are just trusting that company...

I liked the idea of creating PrivKeys myself, with dices or any other kind of entropy because that way I am totally sure I am the only one that knows it, but at the end I don't know what to do with it, how do I get an Address from an HEX Priv Key?? What about downloading several paper wallets sites, running them offline in a Live OS and comparing their results to make sure they are giving me the same WIF and Address?? does anyone have a better suggestion??

At the end, what is what most people do to have their OWN wallets? most people download the Bitcoin Core or what?? or they just thrust on someone else's code?? What does most people here do?? (Own nodes I suppose??)

Thanks in advance!
2  Bitcoin / Bitcoin Technical Support / Re: Why has my newly created Bitcoin address already been used? on: May 17, 2020, 05:55:00 PM
It's obviously scam, person who bought walletgenerator, has also bitcoinpaperwallet.

After some research, please look at this:
https://medium.com/mycrypto/disclosure-key-generation-vulnerability-found-on-walletgenerator-net-potentially-malicious-3d8936485961

and then you can find directory listing is enabled:
https://bitcoinpaperwallet.com/bitcoinpaperwallet/

and finally this modified website:
https://bitcoinpaperwallet.com/bitcoinpaperwallet/generate-walletfe23t9u2fhjnj3f32.html

random generator is broken in same way as in the article:
Code:
        var coinImgUrl = "https://bitcoinpaperwallet.com/bitcoinpaperwallet/images/logo-" + whichDesign + ".png";
...
        var base64 = "data:image/png;base64," + btoa([].reduce.call(new Uint8Array(this.response),function(p,c){return p+String.fromCharCode(c)},''));
                for(var i = 0; i < base64.length; i++)
                {
                    if(i+3 < base64.length)
                    {
                        if(base64.charCodeAt(i) != 0 && base64.charCodeAt(i+1) != 0 && base64.charCodeAt(i+2) != 0 && base64.charCodeAt(i) != 1 && base64.charCodeAt(i+1) != 1 && base64.charCodeAt(i+2) != 1)
                        {
                            SecureRandom.seedInt((base64.charCodeAt(i) * base64.charCodeAt(i+1) * base64.charCodeAt(i+2))*(i+1));
                        }
                    }
                }
                SecureRandom.loaded = 1;
            };

So, beware of bitcoinpaperwallet.com and walletgenerator.net, they will steal your coins !!!



Question Good Sirs!

Downloading those sites, running them offline, and only using the "Wallet Details" to enter your dice made HEX PrivKey to get your address, should be ok, right?

Or what would be the best option to get an address from an HEX PrivKey?

Awesome work discovering this! much thanks!
Pages: [1]
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!