Bitcoin Forum
November 20, 2017, 02:19:27 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Bitaddress.org security. Top Notch?  (Read 2298 times)
MagicBit15
Sr. Member
****
Offline Offline

Activity: 294


Let's Start a Cryptolution!!


View Profile
April 15, 2013, 05:30:26 AM
 #1

I have been into making paper wallets on my own for a while never used a javascript or web based one. I am sure this is a silly question but bitaddress.org been around for a while, pretty secure I assume. Like make paper wallet, no logs etc.,

Any positive experiences would be great!!

Tips for Tips: 1Jy8ZycPNjnwNLevNwoRRqPAKkZ8Fqnukc
I won the poetry contest!! https://bitcointalk.org/index.php?topic=219714.40 Thank You, Sir Lambert!!
+5 Rep: Successful Forum Transactions: https://bitcointalk.org/index.php?topic=176117.0  https://bitcointalk.org/index.php?topic=209024.0 https://bitcointalk.org/index.php?topic=233052 Check My Rep!!
1511187567
Hero Member
*
Offline Offline

Posts: 1511187567

View Profile Personal Message (Offline)

Ignore
1511187567
Reply with quote  #2

1511187567
Report to moderator
1511187567
Hero Member
*
Offline Offline

Posts: 1511187567

View Profile Personal Message (Offline)

Ignore
1511187567
Reply with quote  #2

1511187567
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
maaku
Legendary
*
Offline Offline

Activity: 905


View Profile
April 15, 2013, 05:34:41 AM
 #2

Worried? Save it to usb key, load on linux live cd with no network connection.

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
keatonatron
Sr. Member
****
Offline Offline

Activity: 322


Jack of oh so many trades.


View Profile
April 15, 2013, 05:40:42 AM
 #3

Worried? Save it to usb key, load on linux live cd with no network connection.

Exactly. If the software can't connect to the internet, and can't save any information on the computer to be sent later, it's impossible for it to let someone else know what you've generated. The site itself suggests this method.

(So far I don't think anyone has ever had a "bad experience" using the generator")

1KEATSvAhbB7yj2baLB5xkyJSnkfqPGAqk
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
April 15, 2013, 05:42:46 AM
 #4

I have been into making paper wallets on my own for a while never used a javascript or web based one. I am sure this is a silly question but bitaddress.org been around for a while, pretty secure I assume. Like make paper wallet, no logs etc.,

Any positive experiences would be great!!


Bitcoin is to trust no one. As people said before unplug your computer from the internet, create your paper wallet, then close the browser, plug back in. You have a very secure paper wallet.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
beckspace
Sr. Member
****
Offline Offline

Activity: 442


"Proof-of-Asset Protocol"


View Profile
April 15, 2013, 06:05:28 AM
 #5

Exactly. If the software can't connect to the internet, and can't save any information on the computer to be sent later, it's impossible for it to let someone else know what you've generated. The site itself suggests this method.

Not quite. The software may be compromised in a way that it "generates" for you some attacker's pre-generated keys. Even in offline mode, a compromised code can be disastrous.

Trust no one in any time. Check the source.

|
 
 
50
|
 




                       ▄
           ▄▄▄▄▄▄███████
▄▄▄▄█████  █████████████
█████████  █████████████
█████████  █████████████
█████████  █████████████
█████████  █████████████
█████████  █████████████

█████████  █████████████
█████████  █████████████
█████████  █████████████
█████████  █████████████
█████████  █████████████
▀▀▀▀█████  █████████████
           ▀▀▀▀▀▀███████
                       ▀
|
 
 
$1,5 M
|



        ▄▄▄█████████▄▄▄
      ▄█████▀▀███▀▀█████▄
    ▄███▀     ███     ▀███▄
   ████       ███       ████
  ███▀                   ▀███
 ███▀                     ▀███
▄██▀       █████████       ▀██▄
███                         ███
███        █████████        ███
███                         ███
▀██▄       █████████       ▄██▀
 ███▄                     ▄███
  ███▄                   ▄███
   ████       ███       ████
    ▀███▄     ███     ▄███▀
      ▀█████▄▄███▄▄█████▀
        ▀▀▀█████████▀▀▀
|
 
|
 
<>
<>
<>
<>
 
GITHUB
TWITTER
YOUTUBE
FACEBOOK
keatonatron
Sr. Member
****
Offline Offline

Activity: 322


Jack of oh so many trades.


View Profile
April 15, 2013, 06:43:55 AM
 #6

Exactly. If the software can't connect to the internet, and can't save any information on the computer to be sent later, it's impossible for it to let someone else know what you've generated. The site itself suggests this method.

Not quite. The software may be compromised in a way that it "generates" for you some attacker's pre-generated keys. Even in offline mode, a compromised code can be disastrous.

Trust no one in any time. Check the source.

That is true.

1KEATSvAhbB7yj2baLB5xkyJSnkfqPGAqk
apetersson
Hero Member
*****
Offline Offline

Activity: 666



View Profile
April 15, 2013, 07:01:30 AM
 #7

just to throw in some doubt: have you verified that the random number generator has enough randomness? that there is no known secret seen involved in the key generation?
aantonop
Full Member
***
Offline Offline

Activity: 196


Entrepreneur, coder, hacker, pundit, humanist.


View Profile WWW
April 15, 2013, 07:13:37 AM
 #8

Checkout OpenPaperWallet, a community project where we're building a kit for making beautiful, secure paper wallets.

https://bitcointalk.org/index.php?topic=155847.0;all

The designs are coming out great, the project has been moving at a nice speed and we should be doing the first production run in a couple of weeks...


Bitcoin entrepreneur - OpenBitcoinStore,SafePaperWallet,BitcoinPressCenter.org... and more.
Host on LetsTalkBitcoin.
Dabs
Staff
Legendary
*
Online Online

Activity: 1862



View Profile
April 15, 2013, 07:27:28 AM
 #9

Okay, who has looked at the source code and see where the random numbers are generated?

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
Grinder
Legendary
*
Offline Offline

Activity: 1285


View Profile
April 15, 2013, 08:35:03 AM
 #10

Trust no one in any time. Check the source.
And also write your own compiler and create your own hardware from scratch. Being paranoid is really hard.
keatonatron
Sr. Member
****
Offline Offline

Activity: 322


Jack of oh so many trades.


View Profile
April 15, 2013, 01:12:14 PM
 #11

Trust no one in any time. Check the source.
And also write your own compiler and create your own hardware from scratch. Being paranoid is really hard.

Better yet design your own bitcoin-like currency/protocol and try to get everyone else to use it. That's the only way you can really be sure Satoshi won't come back with an alien fleet and target those who stole his precious coins.

1KEATSvAhbB7yj2baLB5xkyJSnkfqPGAqk
z12
Member
**
Offline Offline

Activity: 60


View Profile
April 15, 2013, 05:41:59 PM
 #12

Okay, who has looked at the source code and see where the random numbers are generated?

The seed is generated using javascript while you work with your computer (move mouse, press keys etc.) perhaps throw away a few first generated keys and they are random enough
MagicBit15
Sr. Member
****
Offline Offline

Activity: 294


Let's Start a Cryptolution!!


View Profile
April 15, 2013, 09:04:44 PM
 #13

Wow awesome feedback, can always trust you guys for the down and dirty!! Thanks again!!

Tips for Tips: 1Jy8ZycPNjnwNLevNwoRRqPAKkZ8Fqnukc
I won the poetry contest!! https://bitcointalk.org/index.php?topic=219714.40 Thank You, Sir Lambert!!
+5 Rep: Successful Forum Transactions: https://bitcointalk.org/index.php?topic=176117.0  https://bitcointalk.org/index.php?topic=209024.0 https://bitcointalk.org/index.php?topic=233052 Check My Rep!!
Dabs
Staff
Legendary
*
Online Online

Activity: 1862



View Profile
April 16, 2013, 02:30:52 AM
 #14

The seed is generated using javascript while you work with your computer (move mouse, press keys etc.) perhaps throw away a few first generated keys and they are random enough

I don't mind how the seed is generated. But how are the random numbers themselves generated? What is the PRNG bitaddress is using or how does it work?

I will look at the source code to find out, but if you already know, kindly post here. Thanks.

Edit:
It uses timers and mouse positions to generate the seed. It uses Random number generator with ArcFour PRNG. Based on comments in the source code.

Can this web html javascript be compiled? I want to run it as natively as possible, for speed. Javascript is interpreted, correct?

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!