MagicBit15 (OP)
Sr. Member
Offline
Activity: 294
Merit: 250
Let's Start a Cryptolution!!
|
|
April 15, 2013, 05:30:26 AM |
|
I have been into making paper wallets on my own for a while never used a javascript or web based one. I am sure this is a silly question but bitaddress.org been around for a while, pretty secure I assume. Like make paper wallet, no logs etc.,
Any positive experiences would be great!!
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
maaku
Legendary
Offline
Activity: 905
Merit: 1011
|
|
April 15, 2013, 05:34:41 AM |
|
Worried? Save it to usb key, load on linux live cd with no network connection.
|
I'm an independent developer working on bitcoin-core, making my living off community donations. If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
|
|
|
keatonatron
Sr. Member
Offline
Activity: 308
Merit: 250
Jack of oh so many trades.
|
|
April 15, 2013, 05:40:42 AM |
|
Worried? Save it to usb key, load on linux live cd with no network connection.
Exactly. If the software can't connect to the internet, and can't save any information on the computer to be sent later, it's impossible for it to let someone else know what you've generated. The site itself suggests this method. (So far I don't think anyone has ever had a "bad experience" using the generator")
|
1KEATSvAhbB7yj2baLB5xkyJSnkfqPGAqk
|
|
|
beckspace
|
|
April 15, 2013, 06:05:28 AM |
|
Exactly. If the software can't connect to the internet, and can't save any information on the computer to be sent later, it's impossible for it to let someone else know what you've generated. The site itself suggests this method.
Not quite. The software may be compromised in a way that it "generates" for you some attacker's pre-generated keys. Even in offline mode, a compromised code can be disastrous. Trust no one in any time. Check the source.
|
|
|
|
keatonatron
Sr. Member
Offline
Activity: 308
Merit: 250
Jack of oh so many trades.
|
|
April 15, 2013, 06:43:55 AM |
|
Exactly. If the software can't connect to the internet, and can't save any information on the computer to be sent later, it's impossible for it to let someone else know what you've generated. The site itself suggests this method.
Not quite. The software may be compromised in a way that it "generates" for you some attacker's pre-generated keys. Even in offline mode, a compromised code can be disastrous. Trust no one in any time. Check the source. That is true.
|
1KEATSvAhbB7yj2baLB5xkyJSnkfqPGAqk
|
|
|
apetersson
|
|
April 15, 2013, 07:01:30 AM |
|
just to throw in some doubt: have you verified that the random number generator has enough randomness? that there is no known secret seen involved in the key generation?
|
|
|
|
aantonop
Full Member
Offline
Activity: 196
Merit: 116
Entrepreneur, coder, hacker, pundit, humanist.
|
|
April 15, 2013, 07:13:37 AM |
|
Checkout OpenPaperWallet, a community project where we're building a kit for making beautiful, secure paper wallets. https://bitcointalk.org/index.php?topic=155847.0;allThe designs are coming out great, the project has been moving at a nice speed and we should be doing the first production run in a couple of weeks...
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
April 15, 2013, 07:27:28 AM |
|
Okay, who has looked at the source code and see where the random numbers are generated?
|
|
|
|
Grinder
Legendary
Offline
Activity: 1284
Merit: 1001
|
|
April 15, 2013, 08:35:03 AM |
|
Trust no one in any time. Check the source.
And also write your own compiler and create your own hardware from scratch. Being paranoid is really hard.
|
|
|
|
keatonatron
Sr. Member
Offline
Activity: 308
Merit: 250
Jack of oh so many trades.
|
|
April 15, 2013, 01:12:14 PM |
|
Trust no one in any time. Check the source.
And also write your own compiler and create your own hardware from scratch. Being paranoid is really hard. Better yet design your own bitcoin-like currency/protocol and try to get everyone else to use it. That's the only way you can really be sure Satoshi won't come back with an alien fleet and target those who stole his precious coins.
|
1KEATSvAhbB7yj2baLB5xkyJSnkfqPGAqk
|
|
|
z12
Member
Offline
Activity: 63
Merit: 10
|
|
April 15, 2013, 05:41:59 PM |
|
Okay, who has looked at the source code and see where the random numbers are generated?
The seed is generated using javascript while you work with your computer (move mouse, press keys etc.) perhaps throw away a few first generated keys and they are random enough
|
|
|
|
MagicBit15 (OP)
Sr. Member
Offline
Activity: 294
Merit: 250
Let's Start a Cryptolution!!
|
|
April 15, 2013, 09:04:44 PM |
|
Wow awesome feedback, can always trust you guys for the down and dirty!! Thanks again!!
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
April 16, 2013, 02:30:52 AM Last edit: April 16, 2013, 03:16:51 AM by Dabs |
|
The seed is generated using javascript while you work with your computer (move mouse, press keys etc.) perhaps throw away a few first generated keys and they are random enough
I don't mind how the seed is generated. But how are the random numbers themselves generated? What is the PRNG bitaddress is using or how does it work? I will look at the source code to find out, but if you already know, kindly post here. Thanks. Edit: It uses timers and mouse positions to generate the seed. It uses Random number generator with ArcFour PRNG. Based on comments in the source code. Can this web html javascript be compiled? I want to run it as natively as possible, for speed. Javascript is interpreted, correct?
|
|
|
|
|