|
lukaexpl (OP)
|
 |
August 17, 2017, 08:08:39 AM |
|
Lets say you use this page in an offline mode, print the encrypted keys, stamp it on metal, store it somewhere in a vault etc.
That should provide you reasonable security.
However, that site is the only one I could find doing the decryption of encrypted private keys.
The fear that I have is that if the site is gone would you be able to employ a sufficiently able programmer to create an encryption/decryption program with the information publicly available regarding this encryption protocol?
Thanks
|
|
|
|
|
|
|
|
|
|
"I'm sure that in 20 years there will either be very large transaction volume or no volume." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
dunand
|
|
August 17, 2017, 01:08:05 PM |
|
You know that you can save the bitaddress.org page on your computer right?
No need to hope for the site to exist in the future.
|
|
|
|
|
|
lukaexpl (OP)
|
|
August 17, 2017, 01:32:24 PM |
|
I do! Thanks. I would only put my mind at more ease knowing that recreating something like BIP38 protocol is relatively simple task for the educated.
|
|
|
|
|
|
lukaexpl (OP)
|
|
August 18, 2017, 08:40:38 AM |
|
You know that you can save the bitaddress.org page on your computer right?
No need to hope for the site to exist in the future.
When you run the proccess of private key creation using bitaddress.org is it enough to be offline or should you be made to jump through hoops by burning Linux installation, running it on a computer with harddrive plugged out, no internet connection etc.? |
|
|
|
|
|
dunand
|
|
August 18, 2017, 11:35:02 AM |
|
You know that you can save the bitaddress.org page on your computer right?
No need to hope for the site to exist in the future.
When you run the proccess of private key creation using bitaddress.org is it enough to be offline or should you be made to jump through hoops by burning Linux installation, running it on a computer with harddrive plugged out, no internet connection etc.? If you are 100% sure your computer is safe from spyware... |
|
|
|
|
|
lukaexpl (OP)
|
|
August 18, 2017, 11:38:04 AM |
|
Thanks. So for ultimate safety you should take the hard route.
Is there such a spyware that can simultaneously log your keystrokes and capture your screen because that would be required to steal your encrypted private keys if you only intended to stamp them for example on a metal plate after seeing them on a screen within an offline version of bitaddress.org?
|
|
|
|
|
ranochigo
Legendary
 Offline
Activity: 2954
Merit: 4163
|
|
August 18, 2017, 11:53:17 AM |
|
Is there such a spyware that can simultaneously log your keystrokes and capture your screen because that would be required to steal your encrypted private keys if you only intended to stamp them for example on a metal plate after seeing them on a screen within an offline version of bitaddress.org?
Those kind of malwares are fairly common and almost any malware have these capabilities. Even a keylogger will work, they just need your encrypted key and the password and they can do whatever they want. If you want to be safe, you HAVE to install a clean OS offline and load the website in your offline instance. Your cold storage can be considered as compromised once the computer it has is connected to the internet. |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
cr1776
Legendary
Offline
Activity: 4018
Merit: 1299
|
|
August 18, 2017, 12:06:22 PM |
|
I do! Thanks. I would only put my mind at more ease knowing that recreating something like BIP38 protocol is relatively simple task for the educated.
You can also fork it on github which gives you another online backup of it. |
|
|
|
|
|
lukaexpl (OP)
|
|
August 18, 2017, 12:41:14 PM |
|
Is there such a spyware that can simultaneously log your keystrokes and capture your screen because that would be required to steal your encrypted private keys if you only intended to stamp them for example on a metal plate after seeing them on a screen within an offline version of bitaddress.org?
Those kind of malwares are fairly common and almost any malware have these capabilities. Even a keylogger will work, they just need your encrypted key and the password and they can do whatever they want. Thanks. So the keylogger gets my password but if I only write down an encrypted key and than shut bitaddress.org I should be half-way safe because it would have the password but not what it unlocks - namely encrypted private key. |
|
|
|
|
cr1776
Legendary
Offline
Activity: 4018
Merit: 1299
|
|
August 18, 2017, 02:39:10 PM |
|
Is there such a spyware that can simultaneously log your keystrokes and capture your screen because that would be required to steal your encrypted private keys if you only intended to stamp them for example on a metal plate after seeing them on a screen within an offline version of bitaddress.org?
Those kind of malwares are fairly common and almost any malware have these capabilities. Even a keylogger will work, they just need your encrypted key and the password and they can do whatever they want. Thanks. So the keylogger gets my password but if I only write down an encrypted key and than shut bitaddress.org I should be half-way safe because it would have the password but not what it unlocks - namely encrypted private key. You also should clear the browser cache, quit the browser etc after doing it. |
|
|
|
|
|
lukaexpl (OP)
|
|
August 19, 2017, 08:52:51 AM |
|
Those kind of malwares are fairly common and almost any malware have these capabilities. Even a keylogger will work, they just need your encrypted key and the password and they can do whatever they want.
If you want to be safe, you HAVE to install a clean OS offline and load the website in your offline instance. Your cold storage can be considered as compromised once the computer it has is connected to the internet.
If the keyloggers are so prevalent and powerful aren't we at risk of having masterseed or mnemonic stolen everytime we TYPE it in any type of wallet that takes keyboard input. Is there a way around it, like for example displaying randomly ordered keyboard on screen within such software. Why is that not implemented or am I being naive without being aware of it? |
|
|
|
|
ranochigo
Legendary
Offline
Activity: 2954
Merit: 4163
|
|
August 19, 2017, 09:08:04 AM |
|
If the keyloggers are so prevalent and powerful aren't we at risk of having masterseed or mnemonic stolen everytime we TYPE it in any type of wallet that takes keyboard input.
Yes. That's why you have to be careful about what you download and click. Is there a way around it, like for example displaying randomly ordered keyboard on screen within such software. Why is that not implemented or am I being naive without being aware of it?
Yes. It's called on-screen keyboard. Most wallet don't implement it and I can see why. If there is a keylogger in your computer, there's an extremely high chance of your computer also having other malware (RAT) and that can do whatever they want with your wallet. |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
|
Kaller
|
|
August 19, 2017, 02:00:27 PM |
|
Yes you can do this safely.
First, wipe your computer first to make sure there are no viruses.
Turn turn off internet when you get to Bitaddress.
You can still generate addresses with the internet off.
Finally, print the keys and voila, you have secure keys!
Unless you have a virus no one will know them.
|
|
|
|
|
|
mpufatzis
|
|
August 26, 2017, 10:27:28 AM |
|
Use a Raspberry Pi.
Burn an SD Card with Linux, run the saved (in a memory stick) Bitaddress webpage using the RPi web browser and make as many keys as you wish.
Print the keys in a printer (you can connect it to RPi too, google for more informations) or encrypt the list in the the memory stick using pgp.
Format or destroy the SD Card and never use the memory stick in a computer.
|
|
|
|
|
|
jal007
|
|
August 28, 2017, 10:36:28 PM |
|
instead of using betaadress i think you should try this https://keybase.io/warp/ they scrypt algorithm and pbkdf2 with ability to use salt key they describe there algorithm like this. s1 = scrypt(key=(passphrase||0x1), salt=(salt||0x1), N=218, r=8, p=1, dkLen=32) s2 = pbkdf2(key=(passphrase||0x2), salt=(salt||0x2), c=216, dkLen=32, prf=HMAC_SHA256) keypair = generate_bitcoin_keypair(s1 ⊕ s2) |
|
|
|
|
achow101
Moderator
Legendary
Offline
Activity: 3374
Merit: 6535
Just writing some code
|
|
August 28, 2017, 11:13:51 PM |
|
instead of using betaadress i think you should try this https://keybase.io/warp/ they scrypt algorithm and pbkdf2 with ability to use salt key they describe there algorithm like this. s1 = scrypt(key=(passphrase||0x1), salt=(salt||0x1), N=218, r=8, p=1, dkLen=32) s2 = pbkdf2(key=(passphrase||0x2), salt=(salt||0x2), c=216, dkLen=32, prf=HMAC_SHA256) keypair = generate_bitcoin_keypair(s1 ⊕ s2) No, don't do that. That is making a brainwallet, which is not what OP is asking. It is not encrypting private keys or using BIP 38 or doing anything of the sort that OP is asking about. Please do not post if you don't know what you are talking about. |
|
|
|
Kakmakr
Legendary
Offline
Activity: 3430
Merit: 1957
Leading Crypto Sports Betting & Casino Platform
|
|
August 29, 2017, 06:37:42 AM |
|
You do not need the site to "decrypt" the private keys. This can be done with other sites and software, where you sweep the private key to use those bitcoins. You use that site to generate your paper wallets. < public & private key combination >
Just take note : Simply generating this offline are not a fail-safe method to protect the information that were generated. Some Malware can still log information in "offline" mode and then make that available to their "master" when the computer are online again.
I prefer to use a cheap second-hand computer that will never be used online again, to generate my paper wallets. ^smile^
|
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
gentlemand
Legendary
Offline
Activity: 2590
Merit: 3008
Welt Am Draht
|
|
August 29, 2017, 10:27:37 AM |
|
If you are 100% sure your computer is safe from spyware...
It makes far more sense to do it with a machine that'll never see the internet again. You can get something that'll do the job for $20. If you ever do need to access the internet again with it just give it a comprehensive wipe. It's far more reassuring doing all your crypto stuff on something you know can't possibly leak. |
|
|
|
|
|
