Bitcoin Forum
December 04, 2016, 10:39:19 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [23] 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 »
  Print  
Author Topic: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key  (Read 109979 times)
Trader Steve
Hero Member
*****
Offline Offline

Activity: 725


"How do you eat an elephant? One bit at a time..."


View Profile
October 18, 2013, 05:17:08 AM
 #441

Thanks again for this great tool!
1480891159
Hero Member
*
Offline Offline

Posts: 1480891159

View Profile Personal Message (Offline)

Ignore
1480891159
Reply with quote  #2

1480891159
Report to moderator
1480891159
Hero Member
*
Offline Offline

Posts: 1480891159

View Profile Personal Message (Offline)

Ignore
1480891159
Reply with quote  #2

1480891159
Report to moderator
1480891159
Hero Member
*
Offline Offline

Posts: 1480891159

View Profile Personal Message (Offline)

Ignore
1480891159
Reply with quote  #2

1480891159
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480891159
Hero Member
*
Offline Offline

Posts: 1480891159

View Profile Personal Message (Offline)

Ignore
1480891159
Reply with quote  #2

1480891159
Report to moderator
1480891159
Hero Member
*
Offline Offline

Posts: 1480891159

View Profile Personal Message (Offline)

Ignore
1480891159
Reply with quote  #2

1480891159
Report to moderator
kwukduck
Legendary
*
Offline Offline

Activity: 1564


View Profile
October 21, 2013, 07:15:43 AM
 #442

I noticed the current version on the website (v2.4) is quite old (2013-02-17) compared to the one at github (v2.5)(2013-08-29) a lot of changes seem to have been made.

Why isn't the code on the website updated? Has the code on github been reviewed anywhere? is it usable and secure to begin with? Should i use the 'old' one or the new one?

14b8PdeWLqK3yi3PrNHMmCvSmvDEKEBh3E
minimalB
Donator
Hero Member
*
Offline Offline

Activity: 627


View Profile
October 21, 2013, 10:52:10 PM
 #443

Interesting, i have exactly the same question as you kwukduck : )

v2.4 is online but master download on github is v2.5. Can anyone elaborate why is it this way?
pointbiz
Sr. Member
****
Offline Offline

Activity: 426

1ninja


View Profile
October 23, 2013, 04:29:05 AM
 #444

I noticed the current version on the website (v2.4) is quite old (2013-02-17) compared to the one at github (v2.5)(2013-08-29) a lot of changes seem to have been made.

Why isn't the code on the website updated? Has the code on github been reviewed anywhere? is it usable and secure to begin with? Should i use the 'old' one or the new one?

v2.4 is a solid release use that until v2.5 is on the website, however there are no known issue with v2.5. I'm thinking about changing the versioning to X.Y.Z and incrementing with each checkin to github.

v2.5 is a major release with BIP38 encrypted private keys on the Paper Wallets tab, it's almost done. I've been checking in along the way to make forking/merging with other developers easier. It also gives people time to audit the code as there are updated versions of the CryptoJS libraries.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
Dabs
Staff
Legendary
*
Offline Offline

Activity: 1512


64blocks.com


View Profile WWW
October 23, 2013, 07:32:22 AM
 #445

hi pointbiz! Don't forget to use compressed keys by default for everything. Smiley

64blocks.com Social Multiplayer Dice (Gambling) - Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
minimalB
Donator
Hero Member
*
Offline Offline

Activity: 627


View Profile
October 23, 2013, 08:36:30 AM
 #446

@pointbiz: is it possible to download v2.4 master from github? Can't seem to find it. Only v2.5. Thanks.
dillpicklechips
Sr. Member
****
Offline Offline

Activity: 438


View Profile
October 24, 2013, 09:13:14 PM
 #447

v2.5 is a major release with BIP38 encrypted private keys on the Paper Wallets tab, it's almost done. I've been checking in along the way to make forking/merging with other developers easier. It also gives people time to audit the code as there are updated versions of the CryptoJS libraries.
Will you allow crazy high values for BIP38 encrypted keys? If I'm only making one key I don't mind having the browser calculate all night long if that means brute forcing will be extremely hard. Or is that something that can't change according to BIP38?
pointbiz
Sr. Member
****
Offline Offline

Activity: 426

1ninja


View Profile
October 24, 2013, 11:01:22 PM
 #448

Here is a feature request that I think would help assuage people's fears about random number generation, which have become more valid the more we hear about NSA-rigged RNG.

Right now, the script collects entropy by way of mouse movements.

I propose that the script also collect some additional entropy by way of the keyboard.

When the script generates new private keys, the private key should be SHA256(user-entered-string | prng-generated-string) (where | is concatenation).  
I agree and consider this a high priority item on the TODO.

Further, the string provided to SHA256 should be optionally printed somewhere on the note as an "audit code" (it could be invisible unless the user decides to click something to make it visible).

The purpose of the audit code is to allow anybody to reproduce the private key by hashing the string.  If it can be proven that the user-entered-string is part of the entropy that went into the private keys, then any user sophisticated enough to actually provide enough entropy via the keyboard can be reasonably assured that even if the prng is defective (whether by design or accident), that his keys are secure.
What is the formula to take the audit code and reproduce the private key after you have the printed paper wallet?

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
October 25, 2013, 03:27:13 AM
 #449

Will you allow crazy high values for BIP38 encrypted keys? If I'm only making one key I don't mind having the browser calculate all night long if that means brute forcing will be extremely hard. Or is that something that can't change according to BIP38?

BIP38 sort of hard codes some fairly expensive parameters where on today's computers, a native implementation does one in under a second, and a typical javascript implementation on a desktop might take ten seconds.  Allowing crazy high values in BIP38 is not really feasible because if they can be set too high, then it discourages developers from supporting it, because their services can be subjected to denial of service attacks by any user who sends a BIP38 code that asks for hours of CPU time just to decrypt.

I agree and consider this a high priority item on the TODO.

Sweet, the paranoid side of me is very happy.

What is the formula to take the audit code and reproduce the private key after you have the printed paper wallet?

Simply use the audit code as though it were a SHA256 brain wallet and it should yield the same private key and address.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
pointbiz
Sr. Member
****
Offline Offline

Activity: 426

1ninja


View Profile
October 25, 2013, 04:00:46 AM
 #450

v2.5.1

https://www.bitaddress.org/bitaddress.org-v2.5.1-SHA1-b7bda19c2327cc44a81b68a44926a9f8057ed681.html
 - BIP38 passphrase protected paper wallets. Thanks to casascius, scintill, Zeilap.
   Paper Wallet tab and Wallet Details tab support BIP38.
 - Compressed address support on Bulk Wallet tab.
 - Greek translations thanks to ifaist0s

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
pointbiz
Sr. Member
****
Offline Offline

Activity: 426

1ninja


View Profile
October 25, 2013, 04:05:20 AM
 #451

Android complains about non-trusted CA for bitaddress. Pointbiz, would you please state here who issued the certificate, and provide the serial number and the fingerprint? Thanks!

Serial Number: ‎14 b3 cb e0 a1 af 8c d6 5b 87 e2 13 a9 38 6b ec
Fingerprint: ‎4c 99 b0 fb c5 42 5d d7 1c 53 81 ec 49 0c 5e cc 76 e2 4a f9
Issuer: PositiveSSL CA 2

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
dillpicklechips
Sr. Member
****
Offline Offline

Activity: 438


View Profile
October 25, 2013, 04:38:29 AM
 #452

v2.5.1

https://www.bitaddress.org/bitaddress.org-v2.5.1-SHA1-b7bda19c2327cc44a81b68a44926a9f8057ed681.html
 - BIP38 passphrase protected paper wallets. Thanks to casascius, scintill, Zeilap.
   Paper Wallet tab and Wallet Details tab support BIP38.
 - Compressed address support on Bulk Wallet tab.
 - Greek translations thanks to ifaist0s

Cool. Will BIP38 be added to bulk?  Does wallet details section decrypt encrypted keys?
slothbag
Sr. Member
****
Offline Offline

Activity: 369



View Profile
October 25, 2013, 09:40:16 AM
 #453

Awesome, thanks pointbiz.

Quick question, how do you decrypt a BIP38 encrypted key?  The "Wallet details" tab doesn't recognize it.

Edit: Sorry, yes the Wallet details tab does support it, user error Smiley
canton
Sr. Member
****
Offline Offline

Activity: 259



View Profile WWW
October 29, 2013, 03:25:17 PM
 #454

Pointbiz, I forgot whether or not I've mentioned to you that Gavin sent me a patch for my own fork of bitaddress to take advantage of crypto.getRandomValues (if supported by the browser) to generate better random numbers.

I've had this in place at https://bitcoinpaperwallet.com for a couple months now, and I meant to issue a github pull request but I just haven't gotten around to it. See the link below to see where Gavin suggested adding it. I don't think you've added this support, but since crypto.getRandomValues is fairly well supported at this point, I think it's worth adding to bitaddress.org. MOAR random please! Smiley

https://github.com/cantonbecker/bitcoinpaperwallet/commit/b4c2cf68e79f9f469cd180238d9377086058aaa9

PS: As always, thanks for your continued work on this excellent engine. Happily donated another .25BTC just now
https://blockchain.info/tx/4fddde7eea3a9af15c6a120fe93b6da9fe6a1da287c1c448c47615407a7f87f9

May I remind everyone on this thread that Pointbiz's project is essential to ongoing easy and safe security of offline bitcoin? His donation address is 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN

- Canton

https://bitcoinpaperwallet.com - Gorgeous 2-sided tri-fold paper wallets with tamper-evident features. *** Now with BIP38 & dice generator ***

My RSA Key ID & Fingerprint: 36E1D9B6 / AB12 6777 451C 7A18 C172 3297 C525 F065 0B16 DF4B
minimalB
Donator
Hero Member
*
Offline Offline

Activity: 627


View Profile
October 29, 2013, 10:14:23 PM
 #455

BIP38 integration is just, well, wow. Thanks so much!
wuchengjian
Newbie
*
Offline Offline

Activity: 8


View Profile
October 30, 2013, 11:01:01 AM
 #456

great tool!
pointbiz
Sr. Member
****
Offline Offline

Activity: 426

1ninja


View Profile
October 31, 2013, 01:04:20 AM
 #457

Pointbiz, I forgot whether or not I've mentioned to you that Gavin sent me a patch for my own fork of bitaddress to take advantage of crypto.getRandomValues (if supported by the browser) to generate better random numbers.

I've had this in place at https://bitcoinpaperwallet.com for a couple months now, and I meant to issue a github pull request but I just haven't gotten around to it. See the link below to see where Gavin suggested adding it. I don't think you've added this support, but since crypto.getRandomValues is fairly well supported at this point, I think it's worth adding to bitaddress.org. MOAR random please! Smiley

https://github.com/cantonbecker/bitcoinpaperwallet/commit/b4c2cf68e79f9f469cd180238d9377086058aaa9

PS: As always, thanks for your continued work on this excellent engine. Happily donated another .25BTC just now
https://blockchain.info/tx/4fddde7eea3a9af15c6a120fe93b6da9fe6a1da287c1c448c47615407a7f87f9

May I remind everyone on this thread that Pointbiz's project is essential to ongoing easy and safe security of offline bitcoin? His donation address is 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN

- Canton

This is the first I've heard. Thank you for mentioning it. I will add it soon.
And thanks for the donation! Also, great site. Your paper wallet design looks great.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
dillpicklechips
Sr. Member
****
Offline Offline

Activity: 438


View Profile
October 31, 2013, 02:41:36 AM
 #458

I tried putting the encrypted key in the wallet details tab but it didn't work. Am I missing something?
pointbiz
Sr. Member
****
Offline Offline

Activity: 426

1ninja


View Profile
October 31, 2013, 03:58:38 AM
 #459

I tried putting the encrypted key in the wallet details tab but it didn't work. Am I missing something?

When you enter your encrypted key and click View Details it should display an input box for the passphrase.

Does the passphrase box appear?

This is the regex I use:
/^6P[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]{56}$/


Can you generate an encrypted key that does not work that you are willing to share with a passphrase to help diagnose?


Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
dillpicklechips
Sr. Member
****
Offline Offline

Activity: 438


View Profile
October 31, 2013, 04:30:30 AM
 #460

I tried putting the encrypted key in the wallet details tab but it didn't work. Am I missing something?

When you enter your encrypted key and click View Details it should display an input box for the passphrase.

Does the passphrase box appear?

This is the regex I use:
/^6P[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]{56}$/


Can you generate an encrypted key that does not work that you are willing to share with a passphrase to help diagnose?


I'm using Chrome and an example key 6PfMEYvZfwTv7SccHBx6B7mfFBEoV AdAdyUUYpufneihL9a62d35xA4Sbw and no password box appears. When I click details it just says it's not a valid key and if it should be a sha256 hash instead...
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [23] 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!