Bitcoin Forum
January 20, 2019, 12:09:40 AM *
News: Latest Bitcoin Core release: 0.17.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Can Bitaddress.org be trusted?  (Read 4804 times)
calkob
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500


View Profile
April 23, 2017, 06:17:07 PM
 #1

Hi all i have been using paperwallets created at bitaddress for years, but came across this post on reddit, any truth? 

[–]magasilver [score hidden] 2 hours ago
Well, you move the security of a 256 bit random down to a user selectable passphrase, which in hard crypto are worthless.
There is no way to memorize a bip38 paper wallet, so you lose the paper its gone.
Very dangerous to spend -> best to sweep the first time it is decoded, and be careful with change.
Lets not forget the most popular bip38 site, bitadrress, is in the control of known scmamers who are incentivized to play games with the random numbers.
The modern paperwallet is generated with paper and dice, and is a bip39 menmonic driving a bip44 wallet. you can easily memorize it and not lose everything with the piece of paper. There is no need for a second passphrase which will always be weak. And they are easy to import into a great number of wallets safely, without the risks of change loss or identity compromise.

Thanks
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1547942980
Hero Member
*
Offline Offline

Posts: 1547942980

View Profile Personal Message (Offline)

Ignore
1547942980
Reply with quote  #2

1547942980
Report to moderator
1547942980
Hero Member
*
Offline Offline

Posts: 1547942980

View Profile Personal Message (Offline)

Ignore
1547942980
Reply with quote  #2

1547942980
Report to moderator
1547942980
Hero Member
*
Offline Offline

Posts: 1547942980

View Profile Personal Message (Offline)

Ignore
1547942980
Reply with quote  #2

1547942980
Report to moderator
newIndia
Legendary
*
Offline Offline

Activity: 1554
Merit: 1013


View Profile
April 23, 2017, 07:58:44 PM
 #2

Could u please point to the permalink of the actual comment?
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1002


Core dev leaves me neg feedback #abuse #political


View Profile
April 24, 2017, 10:03:36 PM
 #3

Hi all i have been using paperwallets created at bitaddress for years, but came across this post on reddit, any truth? 

[–]magasilver [score hidden] 2 hours ago
Well, you move the security of a 256 bit random down to a user selectable passphrase, which in hard crypto are worthless.
There is no way to memorize a bip38 paper wallet, so you lose the paper its gone.
Very dangerous to spend -> best to sweep the first time it is decoded, and be careful with change.
Lets not forget the most popular bip38 site, bitadrress, is in the control of known scmamers who are incentivized to play games with the random numbers.
The modern paperwallet is generated with paper and dice, and is a bip39 menmonic driving a bip44 wallet. you can easily memorize it and not lose everything with the piece of paper. There is no need for a second passphrase which will always be weak. And they are easy to import into a great number of wallets safely, without the risks of change loss or identity compromise.

Thanks

I haven't seen any proof that bitaddress is in control of scammers or that the source code is doing anything malicious, but I also haven't seen that anyone has inspected and reviewed the code.  Also, the online page can be modified anytime, so if someone reviewed it last year and it was changed today, may be a problem.

Paper and dice are a great way to go, because its unhackable.  So the advice here is good. 

cr1776
Legendary
*
Offline Offline

Activity: 2128
Merit: 1014


View Profile
April 24, 2017, 10:25:16 PM
Last edit: April 25, 2017, 12:36:57 AM by cr1776
 #4

The link mentioned in the one you responded to was bitadrress not bitaddress, FYI.  

One should always clone and run a local copy, OP.

Hi all i have been using paperwallets created at bitaddress for years, but came across this post on reddit, any truth?  

[–]magasilver [score hidden] 2 hours ago
Well, you move the security of a 256 bit random down to a user selectable passphrase, which in hard crypto are worthless.
There is no way to memorize a bip38 paper wallet, so you lose the paper its gone.
Very dangerous to spend -> best to sweep the first time it is decoded, and be careful with change.
Lets not forget the most popular bip38 site, bitadrress, is in the control of known scmamers who are incentivized to play games with the random numbers.
The modern paperwallet is generated with paper and dice, and is a bip39 menmonic driving a bip44 wallet. you can easily memorize it and not lose everything with the piece of paper. There is no need for a second passphrase which will always be weak. And they are easy to import into a great number of wallets safely, without the risks of change loss or identity compromise.

Thanks

I haven't seen any proof that bitaddress is in control of scammers or that the source code is doing anything malicious, but I also haven't seen that anyone has inspected and reviewed the code.  Also, the online page can be modified anytime, so if someone reviewed it last year and it was changed today, may be a problem.

Paper and dice are a great way to go, because its unhackable.  So the advice here is good.  
ImHash
Hero Member
*****
Offline Offline

Activity: 812
Merit: 505


WPP ENERGY - BACKED ASSET GREEN ENERGY TOKEN


View Profile
April 24, 2017, 11:00:11 PM
 #5

If you can't verify the service using your browser's tools then don't use them, is it bitadrress or bitaddress? was it a typo or not? you can as well use it offline in your browser so accusations such as this one is uncalled for.

I'd suggest you to visit GitHub and do some searching spend 2 hours learning about addresses and different ways of generating them.
Services such as bitaddress.org are simply providing free services for the convenience of the community.

﹏﹏﹋﹌﹌ WPP ENERGY ﹌﹌﹋﹏﹏
≈ WORLD POWER PRODUCTION ≈

████████████
██████████████████████
██████████████████████████████
██████████████████████████████████
████████████████████████████████████████
██████████████████████████████████████████
██████████████████████████████████████████████
███████████████████████████████████████████████
██████████████████████████████████████████████████
████████████████████████████████████████████████████
█████████████████████████████████████████████████████
████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████
███████████████████████████████████████████████████████████
███████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████
███████████████████████████████████████████████████████
██████████████████████████████████████████████████████
████████████████████████████████████████████████████
██████████████████████████████████████████████████
████████████████████████████████████████████████
██████████████████████████████████████████████
██████████████████████████████████████████
████████████████████████████████████████
██████████████████████████████████
██████████████████████████████
██████████████████████
████████████
bL4nkcode
Copper Member
Hero Member
*****
Offline Offline

Activity: 1078
Merit: 608


Runs only for coffee.


View Profile WWW
April 25, 2017, 01:42:02 AM
 #6

Eversince I didn't hear anything yet that someone got scam using bitaddress.org generated address.
For your security, you can run bitaddress in offline mode by saving offline the page turning off your internet also and generate new address for your future use. And please double or even triple check the link before you do something.

..bustadice..         ▄▄████████████▄▄
     ▄▄████████▀▀▀▀████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
 ██████████████▄▄▄▄██████████████
  ▀████████████████████████████▀
                     ▄▄███████▄▄
                  ▄███████████████▄
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
                  ▀███████████████▀
                     ▀▀███████▀▀
           ▄██▄
           ████
            ██
            ▀▀
 ▄██████████████████████▄
██████▀▀██████████▀▀██████
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
██████████████████████████
██████████████████████████
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ████████████
......Play......
chineseprancing
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500



View Profile
April 25, 2017, 03:28:55 AM
 #7

If you have doubt in that online wallet do not make any deposit, there are many online wallet which is sure your money will keep secured and not doubt to scam. Just be careful we do not want to get scammed!

jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1002


Core dev leaves me neg feedback #abuse #political


View Profile
April 25, 2017, 03:37:53 AM
 #8

Play around with this and use dice if you want to be safe... besides, dice are fun Smiley

https://github.com/bitcoinjs/bip39

jaceefrost
Hero Member
*****
Offline Offline

Activity: 840
Merit: 1000


View Profile
April 25, 2017, 03:44:46 AM
 #9

I am using a generated address from that website for almost a year now and never have I encountered any problem with it. My balance remains safe even after leaving it in there for so long so I don't think that that statement has truthfulness. Maybe he was talking about a different or maybe he used a different site or something.

              ▄▄█████▄▄
             ▐█▀ ▄▄▄ ▀█▌
             █▌ █▌ ▐█ ▐█
             ▐█▄ ▀▀▀▀█▄
           ▄█▀▀▀████▄ ▀█▄
 ▄▄████▀ ▄█▀            ▀█▄▄▄█████▄▄
▐█▀ ▄▄▄▄█▀                ▐█▀ ▄▄▄ ▀█▌
█▌ █▌ ▐█ ▐█     ▄███▄     █▌ █▌ ▐█ ▐█
▐█▄ ▀▀▀ ▄█▌     ▀███▀     ▐█▄ █▀▀ ▄█▌
 ▀▀█████▀▀       ▐█▌       ▀▀▐▌▄██▀▀
      ▀█▌        ▐█▌        
        █        ▐█▌        ▐▌
      ▄▄▐▌▀██▄▄        ▄▄█████▄▄
     ▐█▀ █▄▄ ▀█▌      ▀▀▀ ▄▄▄ ▀█▌
     █▌ █▌ ▐█ ▐█▀▀▀▀▀▀▀▀▀█▌ ▐█ ▐█
     ▐█▄ ▀▀▀ ▄█▌      ▐█▄ ▀▀▀ ▄█▌
      ▀▀█████▀▀        ▀▀█████▀▀
.M A G N U M..
..CRYPTOCURRENCY WALLET...



      ▄▄██████▄▄
      ▀████████▀
        ██████
     ▄█▄      ▄▄
   ▄██▀   ▐███████
  ███▌ ▄▌  ██████▀▀
 ████████  ▐████  ▄████▄
▐██████████████▌  ▀████▀
████████▀         ▄▄  ▄▄
███████  ▄████▄   ▀████▀
 ██████   ▀▀▀▀    ▄▄  ▄▄
   ▀▀██  ▀█▄▄█▀   ▀████▀

MULTIPLY

YOUR
──── ─ ─ ──
FUNDS
.by  DPoS.
──────────

Delegate XTZ in
ONE-Click

..by  100+ AIRDROPS..

    available for Claiming
.CREATE WALLET.

                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
   
             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀
   BTC
calkob
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500


View Profile
April 25, 2017, 02:54:17 PM
 #10

The link mentioned in the one you responded to was bitadrress not bitaddress, FYI.  


I was guessing that it is a spelling mistake as the poster said "Lets not forget the most popular bip38 site,"  Which i presume is Bitaddress.org.

I have been using the site for 3 years myself so i do trust it,  but lets be honest unless someone has checked the code thoroughly or knows the creator, how can we be sure there is not a long term scam here ?  I know that there is a bitcointalk thread for it, which might help asking there.

Heres the original thread on reddit.  https://www.reddit.com/r/Bitcoin/comments/670zhy/summary_pitfalls_of_paper_wallets/
gentlemand
Legendary
*
Online Online

Activity: 1890
Merit: 1484


Always remember - I love you


View Profile
April 25, 2017, 02:58:01 PM
 #11

I had coins on a paper wallet sitting there for the best part of four years created with it. At no point did they do a runner. If Bitaddress.org, and not some pathetic ripoff, was compromised we'd certainly be hearing about it.

dopeydog
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
November 18, 2017, 11:40:07 AM
 #12

The key point that everyone has missed, is the bitaddress.org works offline. Go to the site then go offline (turn off WiFi or pull your cable out, whatever). Then save the webpage itself to your computer (e.g. Chrome, right click in browser and Save As). It's a single HTML file, which is mainly JavaScript. A further step you could take is to save the file to a USB stick and then put it on a PC that is permanently offline. But really, who has one of those? The next best thing is to only run it on a separate browser on your PC that you only use for this purpose and never use online. But anyway, the whole process of generating your address and private key can be done while you are offline.  OK, technically they could trick you by creating a cookie with JavaScript and then when you do go online, they could read it.  That's why i suggested using a separate offline-only browser (Actually, I'm not sure they could do this cookie trick anyway if you are running a saved page on your computer as it is no longer on their domain - but I could be wrong).

But here's the point - anyone can view and scrutinize the source code anytime they want, although obviously you'll need to be a programmer to understand it. It's all client-side, no server-side processing so no server-side code (obviously, because the whole thing works offline). So I would say it is extremely transparent.
boranes
Sr. Member
****
Offline Offline

Activity: 532
Merit: 253


View Profile
November 18, 2017, 12:31:09 PM
 #13

The link mentioned in the one you responded to was bitadrress not bitaddress, FYI.  


I was guessing that it is a spelling mistake as the poster said "Lets not forget the most popular bip38 site,"  Which i presume is Bitaddress.org.

I have been using the site for 3 years myself so i do trust it,  but lets be honest unless someone has checked the code thoroughly or knows the creator, how can we be sure there is not a long term scam here ?  I know that there is a bitcointalk thread for it, which might help asking there.

Heres the original thread on reddit.  https://www.reddit.com/r/Bitcoin/comments/670zhy/summary_pitfalls_of_paper_wallets/

It is obviously spelling mistake.
OP don't you think you are being a little paranoid here?
Probably someone did check code and i don't see any reason why we shoulnd't trust bitaddress, besides, it is old almost as bitcoin itself.
Fidemoga
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250


View Profile
November 19, 2017, 06:35:13 AM
 #14

So OP of the article was on pishing site of bitaddress? Anyway. As we can use it also offline the probability of getting scammed should be low. Programmers would also have already shouted out here on bitcointalkforum, if there would be something wrong with the code.
Pages: [1]
  Print  
 
Jump to:  

Bitcointalk.org is not available or authorized for sale. Do not believe any fake listings.
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!