bitaddress.org - bug & concerns

[BitFanatic]

I replied this same info on the main bitaddress.org thread about 12 hours ago but am yet to get a response.

Disclaimer: I am no expert especially with Javascript.

I have been digging through the bitaddress.org code and I have a couple of concerns in generating the paper wallet addresses.

I've noticed that on the paper wallet page you have the option to choose how many wallets you wish to create. The problem is that the "random" secureRandom object is used for ALL of the wallets which you create on that page. Why is the object not refreshed on each wallet creation?

Let me show this with screenshot.

https://i.imgur.com/96ppaNM.jpg

So this random object value is used for ALL of the wallets when creating them in bulk. Surely the secureRandom should be recreated for each wallet?

Also please could somebody explain this bit of logic for randomising the 256 digits in this bit of code:

      while (sr.pptr < sr.poolSize) {  // extract some randomness from Math.random()
         t = Math.floor(65536 * Math.random());
         sr.pool[sr.pptr++] = t >>> 8;
         sr.pool[sr.pptr++] = t & 255;
      }

What is the reasoning of the bitand and the >>> 8? Couldn't this be a bit shift to a different integer? Why 8? Please explain to me.

Thanks!

[neutrinox]

I don't understand the code well enough to answer your specific concern.

My biggest concern at bitaddress.org is the use of external javascript files. This gives the host of those files the possibility to execute any javascript on the page. They could easily insert a function that sends the private keys to a third party website. If that's done only 1 of 10 times, it's hard to get caught.

Also, a week ago when I was trying to teach my college how to create a wallet, bitaddress.org displayed invalid security certificate -errors. Needles to say we stopped using the site immediately. Was a pretty embarrassing situation for me.

I'm taking a look at cascasius's address utility that included Bip0038 two factor encryption. This post on reddit made me curious:
http://www.reddit.com/r/Bitcoin/comments/1q7inm/this_paper_wallet_now_contains_0225_btc_and_is/

 

[BitFanatic]

I don't understand the code well enough to answer your specific concern.

My biggest concern at bitaddress.org is the use of external javascript files. This gives the host of those files the possibility to execute any javascript on the page. They could easily insert a function that sends the private keys to a third party website. If that's done only 1 of 10 times, it's hard to get caught.

Also, a week ago when I was trying to teach my college how to create a wallet, bitaddress.org displayed invalid security certificate -errors. Needles to say we stopped using the site immediately. Was a pretty embarrassing situation for me.

I'm taking a look at cascasius's address utility that included Bip0038 two factor encryption. This post on reddit made me curious:
http://www.reddit.com/r/Bitcoin/comments/1q7inm/this_paper_wallet_now_contains_0225_btc_and_is/

 

Yeah - all I wanted to do was modify the code a bit to add some of my own extra randomness to it for my sanity... But this has put me off completely now! I just want to create a really secure paper wallet where I don't need to trust somebody... Any ideas?

[DobZombie]

I don't understand the code well enough to answer your specific concern.

My biggest concern at bitaddress.org is the use of external javascript files. This gives the host of those files the possibility to execute any javascript on the page. They could easily insert a function that sends the private keys to a third party website. If that's done only 1 of 10 times, it's hard to get caught.

Also, a week ago when I was trying to teach my college how to create a wallet, bitaddress.org displayed invalid security certificate -errors. Needles to say we stopped using the site immediately. Was a pretty embarrassing situation for me.

I'm taking a look at cascasius's address utility that included Bip0038 two factor encryption. This post on reddit made me curious:
http://www.reddit.com/r/Bitcoin/comments/1q7inm/this_paper_wallet_now_contains_0225_btc_and_is/

 

Yeah - all I wanted to do was modify the code a bit to add some of my own extra randomness to it for my sanity... But this has put me off completely now! I just want to create a really secure paper wallet where I don't need to trust somebody... Any ideas?

why don't you multiple the output random number by the current time code.  that'll add an extra layer of entropy

[RoxxR]

I don't understand the code well enough to answer your specific concern.

My biggest concern at bitaddress.org is the use of external javascript files. This gives the host of those files the possibility to execute any javascript on the page. They could easily insert a function that sends the private keys to a third party website. If that's done only 1 of 10 times, it's hard to get caught.

Also, a week ago when I was trying to teach my college how to create a wallet, bitaddress.org displayed invalid security certificate -errors. Needles to say we stopped using the site immediately. Was a pretty embarrassing situation for me.

I'm taking a look at cascasius's address utility that included Bip0038 two factor encryption. This post on reddit made me curious:
http://www.reddit.com/r/Bitcoin/comments/1q7inm/this_paper_wallet_now_contains_0225_btc_and_is/

 

Yeah - all I wanted to do was modify the code a bit to add some of my own extra randomness to it for my sanity... But this has put me off completely now! I just want to create a really secure paper wallet where I don't need to trust somebody... Any ideas?

You may like the NoBrainr tool, also on this subforum. It's a little frugal but, I found it to be really easy to "review", even though I'm not a developer. It's so tiny there's little space to hide malicious code.

[grue]

So this random object value is used for ALL of the wallets when creating them in bulk. Surely the secureRandom should be recreated for each wallet?

because reusing it doesn't decrease the entropy of resulting wallets.

My biggest concern at bitaddress.org is the use of external javascript files. This gives the host of those files the possibility to execute any javascript on the page. They could easily insert a function that sends the private keys to a third party website. If that's done only 1 of 10 times, it's hard to get caught.
 

it does? the page is a single html file with no other dependencies.

Yeah - all I wanted to do was modify the code a bit to add some of my own extra randomness to it for my sanity... But this has put me off completely now! I just want to create a really secure paper wallet where I don't need to trust somebody... Any ideas?

why don't you multiple the output random number by the current time code.  that'll add an extra layer of entropy

better idea: xor the output random number by the current time code. multiplying will add a bias toward bigger numbers.

[canton]

Hi there,

My fork of bitaddress.org is virtually identical (in crypto not graphic design) except in the random number generator -- particularly the bit you're concerned about. It's not due to any crypto expertise on my own part: Gavin Andresen kindly sent me a patch to the bitaddress.org code which lets sufficiently advanced browsers use window.crypto.getRandomValues if it's available.


Here's the change:
https://github.com/cantonbecker/bitcoinpaperwallet/commit/b4c2cf68e79f9f469cd180238d9377086058aaa9

Here's the parent page:
https://github.com/cantonbecker/bitcoinpaperwallet

You can demo the generator here:
https://bitcoinpaperwallet.com

I've mentioned this amendment to pointbiz / bitaddress and I suspect it's under consideration.

- Canton
 

[yakov]

I've responded to your post in the bitaddress.org thread.
https://bitcointalk.org/index.php?topic=43496.msg3540166#msg3540166

I was also thinking about the RNG it uses, I quickly wrote some code where you can add your own entropy if you wish, though it requires some javascript and linux knowledge

[inform]

What is this blockchain walet analog?  or? 

[neutrinox]

it does? the page is a single html file with no other dependencies.

You are right, I was wrong. I thought it's linking to google libraries, but it was a mistake on my behalf. It's simply crediting those libraries, not linking to them. I apologize and stand corrected!