Bitcoin Forum
April 25, 2019, 10:53:27 PM *
News: Latest Bitcoin Core release: 0.17.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Brainwallet.org safe to use?  (Read 954 times)
lyth0s
Legendary
*
Offline Offline

Activity: 1260
Merit: 1000


World Class Cryptonaire


View Profile
November 11, 2013, 08:35:37 AM
 #1

So i'm considering using a brain wallet and I was wondering if anyone can take a look at brainwallet.org 's source code and tell me if it truly is all client side javascript? I'm curious to know if the site has any way to get/use the private keys I generate there? I know I can also download the source and run it locally (which I have done), but I already used a passphrase I would like to keep on their main website.


Any advice is greatly appreciated!

Under network activity on my web browser all I see is "get" upon page loads (and no activity when i enter a passphrase), which I believe means nothing was sent to their server...not sure though

Monero - Truly Anonymous Digital Cash. Bitcoin Reading List 2017
1556232807
Hero Member
*
Offline Offline

Posts: 1556232807

View Profile Personal Message (Offline)

Ignore
1556232807
Reply with quote  #2

1556232807
Report to moderator
1556232807
Hero Member
*
Offline Offline

Posts: 1556232807

View Profile Personal Message (Offline)

Ignore
1556232807
Reply with quote  #2

1556232807
Report to moderator
1556232807
Hero Member
*
Offline Offline

Posts: 1556232807

View Profile Personal Message (Offline)

Ignore
1556232807
Reply with quote  #2

1556232807
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1556232807
Hero Member
*
Offline Offline

Posts: 1556232807

View Profile Personal Message (Offline)

Ignore
1556232807
Reply with quote  #2

1556232807
Report to moderator
1556232807
Hero Member
*
Offline Offline

Posts: 1556232807

View Profile Personal Message (Offline)

Ignore
1556232807
Reply with quote  #2

1556232807
Report to moderator
1556232807
Hero Member
*
Offline Offline

Posts: 1556232807

View Profile Personal Message (Offline)

Ignore
1556232807
Reply with quote  #2

1556232807
Report to moderator
Financisto
Hero Member
*****
Offline Offline

Activity: 572
Merit: 559

0=m


View Profile WWW
November 11, 2013, 08:58:36 AM
Last edit: August 29, 2015, 07:53:46 PM by Financisto
 #2

Before going any further, I'd suggest that you read the discussion about using it right here: https://bitcointalk.org/index.php?topic=251037.0

For the rest, all I've got to say is: keep doing it all (address creation, transactions, storage, signing etc.) offline.

IMHO, that javascript application was meant for using offline.

EDIT: don't ever trust this implementation because they don't even use KDF.

0=m BitcoinTalk's Escrow Providers: Ranking & Blacklist 0=m If you think freedom matters, please help keeping these privacy projects alive (donating some coins): Tor 0=m Tails 0=m Qubes OS 0=m Whonix 0=m ProtonMail 0=m Tutanota 0=m VeraCrypt 0=m PrivacyTools.io m=0
lyth0s
Legendary
*
Offline Offline

Activity: 1260
Merit: 1000


World Class Cryptonaire


View Profile
November 11, 2013, 09:58:30 AM
 #3

Thank you sir

Monero - Truly Anonymous Digital Cash. Bitcoin Reading List 2017
Financisto
Hero Member
*****
Offline Offline

Activity: 572
Merit: 559

0=m


View Profile WWW
November 11, 2013, 10:54:33 AM
 #4

Thank you sir

You're welcome.

At last, but not least: everytime you spend funds from an address, do it with all its funds.

e.g. You wanna send 2 BTC from an address funded with 3 BTC.

1) Right way to do it:

yoursendaddress: 3 BTC

BTC sent to:

receiveaddress: 2 BTC + fees

yourchangeaddress: ~ 1 BTC


2) Wrong way to do it:

yoursendaddress1: 3 BTC

BTC sent (only) to:

receiveaddres: 2 BTC

i.e. always consider the change (and fees). Because of bitcoin and its blockchain architecture, all funds from one address has to be spent as follows:

address1 (all funds) -> address2 + fees

OR

address1 (all funds) -> address2 + changeaddress + fees

Hope that explanation helps you avoiding future problems.

0=m BitcoinTalk's Escrow Providers: Ranking & Blacklist 0=m If you think freedom matters, please help keeping these privacy projects alive (donating some coins): Tor 0=m Tails 0=m Qubes OS 0=m Whonix 0=m ProtonMail 0=m Tutanota 0=m VeraCrypt 0=m PrivacyTools.io m=0
lyth0s
Legendary
*
Offline Offline

Activity: 1260
Merit: 1000


World Class Cryptonaire


View Profile
November 12, 2013, 10:18:37 AM
 #5

Would the change not automatically go back to the sending address?

Monero - Truly Anonymous Digital Cash. Bitcoin Reading List 2017
Financisto
Hero Member
*****
Offline Offline

Activity: 572
Merit: 559

0=m


View Profile WWW
November 13, 2013, 01:51:20 AM
Last edit: August 29, 2015, 07:52:24 PM by Financisto
 #6

Can't remember by now.

But as far as I can tell, when you broadcast the transaction (generated with brainwallet app) and do not set an change address, blockchain will reject it.

0=m BitcoinTalk's Escrow Providers: Ranking & Blacklist 0=m If you think freedom matters, please help keeping these privacy projects alive (donating some coins): Tor 0=m Tails 0=m Qubes OS 0=m Whonix 0=m ProtonMail 0=m Tutanota 0=m VeraCrypt 0=m PrivacyTools.io m=0
TheButterZone
Legendary
*
Offline Offline

Activity: 2450
Merit: 1010


Pay with SegWit!


View Profile WWW
November 13, 2013, 06:09:55 AM
 #7

Can't not remember by now.

But as far as I can tell, when you broadcast the transaction (generated with brainwallet app) and do not set an change address, blockchain will reject it.

It used to automatically make the address you're sending from the change address, but IIRC I got errors from bc.i/pushtx when I last tried to use BW. I just went over to Electrum without looking into it. Maybe that's why.

Saying that you don't trust someone because of their behavior is completely valid.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!