|
March 25, 2013, 08:18:34 AM |
|
I have a simple work around for your problem. Take a private key that bitaddress.org has generated, add a recognizable word to it and then make random deletions of other parts of the key equal to the number of letters in you chosen word (so the key stays the same length). Then make several other 'random' substitutions of your own choosing. At this point your key should be unknowable and unguessable EVEN IF bitaddress.org was feeding you non-random private keys to begin with. Then use bitaddress.org to make an address out of your modified private key. To make sure it is giving you the address that ACTUALLY corresponds with your custom private key, double check by feeding the private key into Armory and make sure the resulting addresses are identical. Check against a third program if you are still paranoid. Finally, check to make sure your recognizable word is in the private key at all times, to make sure nothing has been switched on you.
This method is a little bit tedious, but I believe it ensures against all possible methods of trickery, unless all of the programs you use to do the verification are malicious in the same way. People might argue that adding a known word to the private key makes it less random. Sure. It does. But even if you reduce the key space from 256-bits to 200-bits, it is still secure by todays methods. 256-bits is no good if someone knows the code.
|