Bitcoin Forum
March 25, 2017, 05:56:53 AM *
News: Latest stable version of Bitcoin Core: 0.14.0  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 [40]
  Print  
Author Topic: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key  (Read 114370 times)
dooglus
Legendary
*
Offline Offline

Activity: 2100



View Profile
December 24, 2016, 08:46:00 PM
 #781

IN the end I get a WARNING however

It's saying the signature is good for the key:

Quote
Good signature from "pointbiz <pointbiz@bitaddress.org>"

but that it has no way of checking that the key you used is the correct one.

Anyone can make a key for pointbiz@bitaddress.org. You need to check that you have the right one. If you do, everything is fine, and you can ignore the warning.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
Remember that Bitcoin is still beta software. Don't put all of your money into BTC!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1490421413
Hero Member
*
Offline Offline

Posts: 1490421413

View Profile Personal Message (Offline)

Ignore
1490421413
Reply with quote  #2

1490421413
Report to moderator
silversurfer1958
Full Member
***
Offline Offline

Activity: 235


View Profile WWW
January 01, 2017, 07:17:37 PM
 #782

at https://bitaddress.org The url is :-

https://www.bitaddress.org/bitaddress.org-v3.3.0-SHA256-dec17c07685e1870960903d8f58090475b25af946fe95a734f88408cef4aa194.html

I'd expect the Sha256 Hash of the downloaded file to be dec17c07685e1870960903d8f58090475b25af946fe95a734f88408cef4aa194

However, after downloading the file and checking it with a Sha256 CRC it gives a Sha256 Hash of

739DDD62F01F06DDA02E7E69AEA9AF7526AB2349F02372619B92C5A952E02E6B

Where did I make a mistake.

pointbiz
Sr. Member
****
Offline Offline

Activity: 429

1ninja


View Profile
January 01, 2017, 08:07:18 PM
 #783

at https://bitaddress.org The url is :-

https://www.bitaddress.org/bitaddress.org-v3.3.0-SHA256-dec17c07685e1870960903d8f58090475b25af946fe95a734f88408cef4aa194.html

I'd expect the Sha256 Hash of the downloaded file to be dec17c07685e1870960903d8f58090475b25af946fe95a734f88408cef4aa194

However, after downloading the file and checking it with a Sha256 CRC it gives a Sha256 Hash of

739DDD62F01F06DDA02E7E69AEA9AF7526AB2349F02372619B92C5A952E02E6B

Where did I make a mistake.



You must save the page as "HTML only" otherwise the browser returns a version with different spacing and HTML tags the browser slightly alters.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
silversurfer1958
Full Member
***
Offline Offline

Activity: 235


View Profile WWW
January 01, 2017, 11:05:50 PM
 #784

That's it, well spotted, saved the pages as HTML only and the Sha256 Hash is now :-

dec17c07685e1870960903d8f58090475b25af946fe95a734f88408cef4aa194

As it should be.

Thanks for taking the time to look in to this,
Now I know I can trust the page offline.

silversurfer1958
Full Member
***
Offline Offline

Activity: 235


View Profile WWW
January 02, 2017, 12:07:46 AM
 #785

Devs do not suggest people use Brainwallets because humans can Never come up with something
as cryptographically secure as a truly random number.
One of the problems Bitcoin has is the speed with which a Sha256 Hash can be calculated from a password in put.
Billions of Hashes per second are possible today with a modern PC and decent graphics card.

Here's the basics of passwords.

Let's imagine you had to create a password, but were only allowed to use 1 letter for your password.
That would mean your password is one of only 26 possibilities (assuming our English alphabet)

Mathematically that would be represented as 26 to the power 1 which equals 26.

Now imagine we were allowed two letters in our password, it could be anything from aa, ab,ac...az, ba, bb...zz
The number of possibilities would then be 26 to the power 2.

Now imagine we are allowed to use both upper and lower characters, this would give a possible number of
combinations as 52 to the power 2.

Add in the numerical digits and we have 62 to the power 2 (remember we can only use 2 alphanumeric chars at this point)

Now let us add in say, 10 Special Characters eg, - + { [ ] } * £ $ %

Now we have 72 to the power 2 (72 squared possibilities) where the 2 comes from the number of characters we are alloweed to use.

Now let us be allowed to use 8 characters in our password.

That gives us a number of possible combinations as 72 to the power 8 which is  722,204,136,308,736

722 Trillion possible combinations.

While that sounds a lot of possibilities, remember, computers can calculate Sha 256 Hashes at a rate of Billion per second,
assuming a single PC (IE not including multiple PCs working together as in a Botnet, or a Govt or Private Supercomputer)

a Trillion is only 1000 x a Billion, so this means a PC could theoretically calculate all the possible hashes of an 8 char password in
1000 seconds (roughly)

In order to keep our password out of the clutches of hackers, we need Trillions of Trillions of Possibilities at least.

That means we need at least another 3 characters, at a bare minimum, even that would barely take us out of the reach of
Hackers using Brute force methods.
So we need 8 + another 10 characters at least, let's say twenty characters.

You might want to try input on your calculator what 72 to the power 20 is...
It's a huge number ~ 1.4   X 10^37   way out of the reach of any Hacker using a PC and possibly out of the reach of a Govt agency
using a super computer.

It's tempting to think then that if I have a brainwallet password that's 20 characters long, then it's secure enough and the answer
is that it might not be.
The problem is that Hackers have several character sets they can use, they can use dictionary words like Mike, or Church or Kitten.
While the word 'Kitten' has 6 characters in it, it should really only be calculated as one character because it's a dictionary word.
It's trivial for a modern PC to go through all the words in the dictionary, therefore any words you use in your brainwallet password
should be calculated as 1 character, not 6 as in the case of kitten.

Eg, if your brainwallet password is ***Robert-14091963***  A password that might be used by someone called Robert who was born on
14/09/1963

This is 21 characters long, Mathematically it might appear to be highly secure, but remember, there are far fewer 6 letter words
than the random 52^6 possibilities that it replaces.
In other words, we've reduced the strength of our password by 52^6 Ie we're reduced our password strength by 19 Trillion.
Many passwords will also have a birthdate in them, eg, 14091963  the problem with using a birthday in your password is that noone
alive today was born after 1900 (OK, a few exceptions) this means that there are very much fewer possibilities
because no one for example was born in 1658 (although someone might use that date, but the vast majority of birthdates
used in brainwallet passwords is going to be from Jan 1st 1900 onwards.  
a mere 117 years, x 365 days, a mere 42,000 possibilities, which is trivial for a PC to run through.

As a crude calculation, if you have used in your password, a name and a birthdate, the name and the birthdate
should be treated as 1 character each.

This means that cryptographically, our Password above ***Robert-14091963*** should not be regarded as a 21 character
password, but as a 9 character password.

This is well within the reach of Brainwallet hackers.

Personally, I love the concept of Brainwallets, they allow people to effectively store wealth in their head, but it's very important
that people understand their potential weaknesses, if used naively.

There are a number of solutions to this, being more cryptic with your passwords, increasing the length etc.
Another way is to generate your Bitcoin, Sha256 hashes (Public and private keys) using a much slower hashing algorithm.
This is the method chosen by Warpwallet.

https://keybase.io/warp/warp_1.0.8_SHA256_5111a723fe008dbf628237023e6f2de72c7953f8bb4265d5c16fc9fd79384b7a.html

Note the Sha256 hash

Here's a discussion on Warp wallet on reddit

https://www.reddit.com/r/Bitcoin/comments/37s8bj/psa_warp_wallet_is_a_much_better_brain_wallet/

The purpose of this post is not to suggest one method over another but to hopefully illustrate why they must be
used with a Great deal of thought, as does any method in storing cryptocurrencies.

  
Financisto
Hero Member
*****
Offline Offline

Activity: 490

★★★★★


View Profile
January 11, 2017, 02:41:37 AM
 #786

^^ Very interesting analysis you wrote right here but don't forget that Bitaddress' core business is Paper Wallet not Brainwallet.

Your post might be interpreted in many other manners...  Wink

bussybuddy
Full Member
***
Online Online

Activity: 154


Become Bitcoin Expert | Buy Digital Assets


View Profile WWW
January 11, 2017, 08:34:36 AM
 #787

Nice work!
Keep on!

Gyrsur
Legendary
*
Offline Offline

Activity: 1596


#BEL+++++


View Profile WWW
January 15, 2017, 09:09:58 PM
 #788

love Bitaddress.org !

but a better implementation of a BrainWallet is WarpWallet because it needs more computing resources to attack it.

https://keybase.io/warp

newIndia
Legendary
*
Offline Offline

Activity: 1120


View Profile
January 15, 2017, 11:29:30 PM
 #789

but a better implementation of a BrainWallet is WarpWallet because it needs more computing resources to attack it.

That means, it is still insecure.

itsybitsyperson
Newbie
*
Offline Offline

Activity: 1


View Profile
March 03, 2017, 02:53:14 AM
 #790

Hi. I think a brain wallet made from BitAddress.org got hacked.
The brain term was 15 characters long. Is that sufficient?

I'm new to much of this - but here is the PUBLIC address of the wallet:
12ZcsaB7DhDvWjkDAA59E3gfd8SXdDfRKV

I'm trying to read this on blockchain.info
I'm trying to find the address that the final .5 bitcoin was xferred to on 11/13/2016
I think i'm reading something wrong because the address I think it goes to has a larger balance but shows only (1) transaction. I can't see how that could be. Could someone help me understand this?
What is the address that the last transaction goes to?

Thanks so much...
Lasergun
Hero Member
*****
Offline Offline

Activity: 656


https://tr.im/42coin


View Profile WWW
March 03, 2017, 10:21:40 AM
 #791

Hi. I think a brain wallet made from BitAddress.org got hacked.
The brain term was 15 characters long. Is that sufficient?

I'm new to much of this - but here is the PUBLIC address of the wallet:
12ZcsaB7DhDvWjkDAA59E3gfd8SXdDfRKV

I'm trying to read this on blockchain.info
I'm trying to find the address that the final .5 bitcoin was xferred to on 11/13/2016
I think i'm reading something wrong because the address I think it goes to has a larger balance but shows only (1) transaction. I can't see how that could be. Could someone help me understand this?
What is the address that the last transaction goes to?

Thanks so much...


Your coins were sent to 1A8hjfvXMeiss9fEtpS5qGSFAa28MdXqDQ.
Semvak
Jr. Member
*
Offline Offline

Activity: 39


View Profile
March 04, 2017, 04:10:38 AM
 #792

Anyone can guarantee for using these service? I mean, how if site got hacked Huh
Lasergun
Hero Member
*****
Offline Offline

Activity: 656


https://tr.im/42coin


View Profile WWW
March 04, 2017, 09:00:45 AM
 #793

Anyone can guarantee for using these service? I mean, how if site got hacked Huh

To be safe It is highly recommend using this software on a computer that is offline, and stays offline.
shorena
Legendary
*
Offline Offline

Activity: 1190


ALL escrow is signed! https://keybase.io/verify


View Profile WWW
March 04, 2017, 01:04:53 PM
 #794

Anyone can guarantee for using these service? I mean, how if site got hacked Huh

To be safe It is highly recommend using this software on a computer that is offline, and stays offline.

That wouldnt help against all attacks. E.g. the code could be altered in a way to use only a specific section of all possible keys. Thus they would appear random, while they not actually are. If you want to make sure you are not fucked, read the code or trust in others that have done so.

pointbiz
Sr. Member
****
Offline Offline

Activity: 429

1ninja


View Profile
March 04, 2017, 02:13:06 PM
 #795

Anyone can guarantee for using these service? I mean, how if site got hacked Huh

To be safe It is highly recommend using this software on a computer that is offline, and stays offline.

That wouldnt help against all attacks. E.g. the code could be altered in a way to use only a specific section of all possible keys. Thus they would appear random, while they not actually are. If you want to make sure you are not fucked, read the code or trust in others that have done so.

Download from github for the most security. Random number generator is fine it's been peer reviewed.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
Morthawt
Jr. Member
*
Offline Offline

Activity: 32


Hey there! I am Wesley G aka Morthawt


View Profile WWW
March 23, 2017, 12:32:26 AM
 #796

Very blummin nice! It has been quite some years since I even looked into, let alone involved with (since the Mt Gox debacle) since I am clueless of where to buy or sell bitcoins in an easy and legit bank-like manner (not some ebay bidding trading kind of site, so if you know of any good ones in the UK please let me know. I would like to dip my toe back into BTC as a user not a miner)

I would like to request you add an option to the paper wallet section to make some kind of cover to prevent someone seeing through an envelope. Kind of like how pin numbers for credit cards have random wavy lines and things right up against the pin to make it way hard or maybe even impossible to detect the info. It would be nice if there were some kind of thing like that, which you can sandwich face to face with the actual page to protect the QR codes through an envelope?

Just an idea.

Amazing system you have made. I was at first annoyed thinking it was a system making me dependent on going to a website but now I know it is offline and I have it saved I am very very happy indeed :-)

Free and open source Bitcoin exchange rate monitor and alerting program: http://forum.bitcoin.org/index.php?topic=14818.0
To show your support and appreciation for my bitcoin exchange rate watcher send me a donation: 1MTkF9ZTcXtgvQX245TwTL2Ko3NMvJHz6P
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 [40]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!