[ANN] bitaddress.org Safe JavaScript Bitcoin address/private key

[Dabs]

I'm waiting for the bulk generation of compressed public keys. The page already has this capability in the Wallet Details Tab.

Try the patch I just wrote.  It's a pretty straightforward change, especially since compressed support is nicely integrated into the core code.  You can download the html here.

That works. Thanks. I also got the vanitygen version that makes compressed keys. That one is faster (since it is compiled.)

[pointbiz]

Hey,

this guy http://www.davidduckwitz.de got a 1:1 copy of your script and writes down that his script is by "danielduckwitz"

Is that okay for you that other people use your code and claim that is theirs? He also sells is on the website for 18 euro



How is your copyright? Are you fine with that or not?

If you are not fine with that than you might write in this posting

https://bitcointalk.org/index.php?topic=200820.0

Copy his name and address and reply it in his thread. so his theft is written down there forever.


BTW: He changed the donation address to his own wallet. We should bust this moth********

He broke multiple laws in germany with that. "urheberrecht". And he SOLD you script for 18 EUR. Maybe you should  accept a donation of 10k€ in order to get his public address deleted in the forums... You have the right to do that.

I don't know what happened with the thread you pointed me too. I think the posts got deleted. Thank you for notifying me of this.
As a general notice what David Duckwitz has done is not okay with me. I ran a diff and essentially all he did was change the logo and then claim copyright over the complete work/page by removing my copyright from the footer and replacing his. He should have left my copyright and donation address. At least he has maintained the copyright notice within the source. He can copyright his own logo in his image file but he cannot claim copyright over the complete work.

Two summarize there is a copyright within the source code (the unrendered document) and also a copyright displayed in the rendered version. Both copyrights should be maintained when people fork. Those who make significant changes can add on their own copyright notices.

I have licensed this as an MIT license to encourage people to produce valuable forks. And also because the project relies heavily on MIT and BSD licenses from code I got from the projects of Stephan Thomas, Tom Wu and others. I've even noted in the footer that there is code from other people included in the project.

[pointbiz]

In addition to what I mentioned above. For the safety of end users of these JavaScript Wallet Generators be vary cautious when you use a fork... not everything is the real McCoy. Remember it's safer to download the HTML and run locally with your internet disconnected. Use firebug or Chrome developer tools to monitor the network calls and make sure no calls to external URLs are made.

Example's of forks that are well done and respectful of the original copyrights and donation addresses:
http://liteaddress.org/
https://bitcoinpaperwallet.com/bitcoinpaperwallet/generate-wallet.html

I personally reviewed the liteaddress.org fork at v2.3 and it's trustworthy.

[payb.tc]

I personally reviewed the liteaddress.org fork at v2.3 and it's trustworthy.

when you did that, did you do a checksum you can share with us? because your 2.3 might not be the same as our 2.3.

[canton]

Example's of forks that are well done and respectful of the original copyrights and donation addresses

Hi pointbiz,

I super super super want to make sure I'm being respectful and complete with my forking and copyright notices. Can you please make sure I'm making proper attribution? I'm enormously thankful of your work, and each time I update my code I've got the phrase "standing on the shoulders of giants" running through my head.

https://bitcoinpaperwallet.com/bitcoinpaperwallet/generate-wallet.html

Thanks and please feel free to let me know with total candor anything you'd like amended.

- Canton Becker

PS: the main/instructional website at bitcoinpaperwallet.com also credits bitaddress.org, see: http://cl.ly/image/3K2h362D3O26

[pointbiz]

Example's of forks that are well done and respectful of the original copyrights and donation addresses

Hi pointbiz,

I super super super want to make sure I'm being respectful and complete with my forking and copyright notices. Can you please make sure I'm making proper attribution? I'm enormously thankful of your work, and each time I update my code I've got the phrase "standing on the shoulders of giants" running through my head.

https://bitcoinpaperwallet.com/bitcoinpaperwallet/generate-wallet.html

Thanks and please feel free to let me know with total candor anything you'd like amended.

- Canton Becker

PS: the main/instructional website at bitcoinpaperwallet.com also credits bitaddress.org, see: http://cl.ly/image/3K2h362D3O26

All good. Your site is an example of how to do it right 

FYI David Duckwitz translated your site into German and put it copyright under his name. At least he kept the donation addresses...
http://bitcoinwallet.davidduckwitz.de/

[Michael_S]

Seems this guy (davidduckwitz.de) has removed the inadequate copyright note in the meantime, but he still sells the free software for 19 Euro in his web shop.

Moreover, there are plenty of embarrassing spelling errors everywhere on his pages, and his web design is very bad, which is funny because he advertises himself as a web designer. But I think this still does not give him the right to sell free software for his own benefit.

PS: This person seems to also have an account in this forum: user name "davidduckwitz", zero posts.

Summary: David Duckwitz, Fulda, Germany, Homepage davidduckwitz.de (hosted by 1und1.de), claims to be a web designer, however his own website shows a relatively disadvantageous web design, he does not write proper German as a matter of fact, he sells other people's (free) software as his own SW as a matter of fact.

(given all these facts it is difficult to refrain from using ..... words, but everyone can judge by him/herself - I feel sick for some completely unknown reason .............)

[pointbiz]

I personally reviewed the liteaddress.org fork at v2.3 and it's trustworthy.

when you did that, did you do a checksum you can share with us? because your 2.3 might not be the same as our 2.3.

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

liteaddress.org v2.3 reviewed on June 8 2013:
https://raw.github.com/litecoin-project/liteaddress.org/fb0d5318b8eb2102ecf7c3310a0e8ae4a03b8445/bitaddress.org.html
SHA1: 3b71cca53ebb0e892b7f5577e08339c828707573
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJRs/PVAAoJEIdJe5Fjl09a4JMH/jBcttw0TRuNLJNThQL1g1nF
ncV4xbbxoVm1xXz7Y+HfLTjSpVfLtHmZxjjhoIRuWi7vgO013/yCA3KY6gVebGF3
NEuRY9IPmF/RurpAXrSMKRJJfgXhj4IoI4XsDbqmp7qYbLVjz9EWXYiXlcaefAp9
GS8ecp8SnbLE/b7EPm8/oUL/Z9n3RQgcd8m7OSSC9dITkAWcJbizmDcaJNZvepVJ
ZpU73f1XjgaymkMxLxq7kfxi7aHjbrgZsxeDOhuP1Lgwc2vvJvUYvMhplSeU0R+5
fUx8rqh9U5XwdVnE2q2tm7vKD+7lT+W7efWxpS/2QmQYGE3BL21EtqXbfBdSh5E=
=qPn1
-----END PGP SIGNATURE-----

[coblee]

Thanks pointbiz. I created the Litecoin clone of bitaddress.org and wasn't planning to profit from it. So I left your donation address as is. Thanks for such a great site!

[bitpop]

pointbiz, everytime I try to check your pgp messages, I get an error, not enough info?
I imported your ninja key

[Financisto]

What about a namecoin implementation of bitaddress.org ?
It would be very useful.

Glad to see that you forked and did it (namecoinia) by yourself!

"If you want it well done, do it yourself!"

By the way, what about adding a zip version (github) in order to use it as an offline address generator?

[dilb3rt]

What about a namecoin implementation of bitaddress.org ?
It would be very useful.

Glad to see that you forked and did it (namecoinia) by yourself!

"If you want it well done, do it yourself!"

By the way, what about adding a zip version (github) in order to use it as an offline address generator?

You can save the bitcoinaddress.org.html file locally and load it in the browser to use it offline.

[niko]

Android complains about non-trusted CA for bitaddress. Pointbiz, would you please state here who issued the certificate, and provide the serial number and the fingerprint? Thanks!

[🏰 TradeFortress 🏰]

Android complains about non-trusted CA for bitaddress. Pointbiz, would you please state here who issued the certificate, and provide the serial number and the fingerprint? Thanks!

Just verify the SHA256 hash: 1d5951f6a04dd5a287ac925da4e626870ee58d60

[niko]

Android complains about non-trusted CA for bitaddress. Pointbiz, would you please state here who issued the certificate, and provide the serial number and the fingerprint? Thanks!

Just verify the SHA256 hash: 1d5951f6a04dd5a287ac925da4e626870ee58d60

How do I save a page from android stock browser, then verify the sha256?

[payb.tc]

What about a namecoin implementation of bitaddress.org ?
It would be very useful.

Glad to see that you forked and did it (namecoinia) by yourself!

"If you want it well done, do it yourself!"

By the way, what about adding a zip version (github) in order to use it as an offline address generator?

sorry couldn't find a namecoinia thread...

any chance you could make this value known in the popup box that comes up:

minPassphraseLength: 15

saying it's "too short" without actually telling the user how short, is a bit

[salfter]

A while back, I did a Bitgem fork.  It's on my pool site:

https://bitgem.dyndns.org/bitgemaddress.html

It's also at GitHub:

https://github.com/salfter/bitaddress.org

I removed the bitaddress.org logo at the top (since it doesn't really apply here), replaced the paper-wallet artwork with my hastily cobbled-together Bitgem note design, edited some of the text on the bulk-wallet tab, and changed a few constants here and there to produce Bitgem addresses.  Copyright and donation-address messages were left alone, but I figured it'd be appropriate to remove the PGP-key and version-history links and redirect the GitHub link to my fork.  My donation addresses (BTC & BTG) are included at the bottom as an add-on.

[casascius]

Here is a feature request that I think would help assuage people's fears about random number generation, which have become more valid the more we hear about NSA-rigged RNG.

Right now, the script collects entropy by way of mouse movements.

I propose that the script also collect some additional entropy by way of the keyboard.

When the script generates new private keys, the private key should be SHA256(user-entered-string | prng-generated-string) (where | is concatenation).  Further, the string provided to SHA256 should be optionally printed somewhere on the note as an "audit code" (it could be invisible unless the user decides to click something to make it visible).

The purpose of the audit code is to allow anybody to reproduce the private key by hashing the string.  If it can be proven that the user-entered-string is part of the entropy that went into the private keys, then any user sophisticated enough to actually provide enough entropy via the keyboard can be reasonably assured that even if the prng is defective (whether by design or accident), that his keys are secure.

A side benefit is it also allows for easier practical auditing of forks.  Someone who is rightfully paranoid that a fork created to add feature X could also contain a weakened PRNG can satisfy his fear by making up for it in the form of extra entropy typed into the box.

[Trader Steve]

Thanks again for this great tool!

[kwukduck]

I noticed the current version on the website (v2.4) is quite old (2013-02-17) compared to the one at github (v2.5)(2013-08-29) a lot of changes seem to have been made.

Why isn't the code on the website updated? Has the code on github been reviewed anywhere? is it usable and secure to begin with? Should i use the 'old' one or the new one?