Bitcoin Forum
December 05, 2016, 02:47:42 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 [25] 26 27 28 29 30 31 32 33 34 35 36 37 38 39 »
  Print  
Author Topic: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key  (Read 109982 times)
pointbiz
Sr. Member
****
Offline Offline

Activity: 426

1ninja


View Profile
November 10, 2013, 03:57:00 PM
 #481

how do you spend the funds that are stored to a bip38 encrypted password wallet?

found an answer: http://www.bit2factor.org and click "decrypt private key".   then import that private key into a client, or sweep it using something like the cold storage spend feature in mycelium for android.  to do that, you can generate a qr code of the private key using the "wallet details" tab from bitaddress.org and then scan that from mycelium.


It is not clear but you can decrypt the BIP38 on the "wallet details" tab. You just enter the BIP38 key and click View Details and it will show the passphrase input and a button to decrypt.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
1480906062
Hero Member
*
Offline Offline

Posts: 1480906062

View Profile Personal Message (Offline)

Ignore
1480906062
Reply with quote  #2

1480906062
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
BitFanatic
Newbie
*
Offline Offline

Activity: 17


View Profile
November 11, 2013, 01:01:34 PM
 #482

I've noticed that on the paper wallet page you have the option to choose how many wallets you wish to create. The problem is that the "random" secureRandom object is used for ALL of the wallets which you create on that page. Why is the object not refreshed on each wallet creation?

Why would it be? Entropy is not 'used up'. Recreating the object won't save you if you don't have enough entropy.


In fact in bitaddress.org a small amount entropy is constantly added with every mouse move, mouse click and key press.

Code:
<body onclick="SecureRandom.seedTime();" onkeypress="SecureRandom.seedTime();" onmousemove="ninja.seeder.seed(event);">

edit3: On further inspection I've found this is not true. Even though seedTime() is invoked, the entropy is not added to the PRNG used to create private keys. There is a TODO in the source about reseeding so the author has this in mind.



Also please could somebody explain this bit of logic for randomising the 256 digits in this bit of code:

      while (sr.pptr < sr.poolSize) {  // extract some randomness from Math.random()
         t = Math.floor(65536 * Math.random());
         sr.pool[sr.pptr++] = t >>> 8;
         sr.pool[sr.pptr++] = t & 255;
      }

What is the reasoning of the bitand and the >>> 8? Couldn't this be a bit shift to a different integer? Why 8? Please explain to me.

Thanks!

It's pretty clear to me that the code is like this to extract two bytes from each call of Math.random()

So the first line in that loop creates a random number in the range [0, 65536) which is the standard 16 bit range.
The next line with the right shift by 8 adds the upper 8 bits to the sr.pool array, the line after that adds the lower 8 bits to the sr.pool array.

I'm not too sure why the author doesn't extract one byte at a time. Although I'm pretty confident it won't steal your bitcoins doing it either way.
Code:
while (sr.pptr < sr.poolSize) {
sr.pool[sr.pptr++] = Math.floor(256 * Math.random());
}


Soon enough, all these fears can be rested when something like this is added. I imagine a nice text entry box where the user can type in anything they like. I'll be extracting randomness from /dev/random on my LiveCD and copypasting the result into the text entry box.
Other paranoid people might be taking a photo with their hand covering the camera, since the fluctuations on the CCDs are a good source of randomness. Others might even download from random.org

edit: needless to say you could do that now by modifying the source. Add this to the code right after sr.seedInt(window.screenY); when sr is initialised.
Code:
secret_seed = "372f7e2fd2d01ce2a1d71dc072acbba4c6fd25a1087cd7f153f4ec0ce37e1ede"
for (t = 0; t < secret_seed.length; ++t) {
sr.pool[sr.pptr++] ^= secret_seed.charCodeAt(t) & 255;
if (sr.pptr >= sr.poolSize) sr.pptr -= sr.poolSize;
}

Then put whatever you want into secret_seed and that entropy will be added to the RNG.
I'm not responsible for any loss of bitcoins. Peer review of my code happily accepted.

edit2: for completeness I'd run this on the terminal to obtain 16 bytes (128 bits) of entropy.
Code:
cat /dev/random | head -c 16 | sha256sum

This is extremely helpful. Thanks for clearing this up yakov, I have sent you a little donation Smiley
yakov
Jr. Member
*
Offline Offline

Activity: 40


View Profile
November 11, 2013, 08:34:22 PM
 #483

Thank you(!)
nightengale
Hero Member
*****
Offline Offline

Activity: 560


View Profile
November 12, 2013, 04:45:31 AM
 #484

Where can I find the SHA-1 for version 2.6.1?
Its About Sharing
Legendary
*
Offline Offline

Activity: 1064


Antifragile


View Profile
November 12, 2013, 07:27:48 AM
 #485

Thanks for the BIP38 integration. It feels a lot more secure having a password to get to the wallet, though I realize passwords can be forgotten.

? - Is there a walk through available on importing it into the wallet? (E.g. - How do we "cash in" (import) using the BitcoinQT client? I imagine we need the private key format to do the import.) I will play with a fraction of a BTC of course before utilizing the new wallets.

Any recommended BIP38 links would be appreciated.

Thanks,
IAS

BTC = Black Swan.
BTC = Antifragile - "Some things benefit from shocks; they thrive and grow when exposed to volatility, randomness, disorder, and stressors and love adventure, risk, and uncertainty. Robust is not the opposite of fragile.
Stephen Gornick
Legendary
*
Offline Offline

Activity: 1988



View Profile
November 12, 2013, 03:16:28 PM
 #486

Is there a walk through available on importing it into the wallet?

Bitcoin-Qt doesn't support BIP-0038 so you'ld need to convert the decrypt the BIP-0038 encrypted private key and then import that [edit: into your client, such as Bitcoin-Qt].  To decrypt the BIP-0038 encrypted private key click on the Wallet Details tab of BitAddress.org and enter or paste the BIP-0038 encrypted private key.  It will then prompt you for the BIP-0038 passphrase, and if it was correct the page will show the Bitcoin address and the private key (both the WIF, as well as WIF Compressed).

yakov
Jr. Member
*
Offline Offline

Activity: 40


View Profile
November 12, 2013, 03:20:56 PM
 #487

Is there a walk through available on importing it into the wallet?

Bitcoin-Qt doesn't support BIP-0038 so you'ld need to convert the decrypt the BIP-0038 encrypted private key and then import that.  To decrypt the BIP-0038 encrypted private key click on the Wallet Details tab of BitAddress.org and enter or paste the BIP-0038 encrypted private key.  It will then prompt you for the BIP-0038 passphrase, and if it was correct the page will show the Bitcoin address and the private key (both the WIF, as well as WIF Compressed).

And then after that you can import it into BitcoinQT (or most other wallets)
https://en.bitcoin.it/wiki/Paper_wallet#Redeeming_Keys_and_Withdrawing_Funds
13Charlie
Full Member
***
Offline Offline

Activity: 214



View Profile
November 12, 2013, 04:12:45 PM
 #488

Thanks for the BIP38 integration. It feels a lot more secure having a password to get to the wallet, though I realize passwords can be forgotten.

? - Is there a walk through available on importing it into the wallet? (E.g. - How do we "cash in" (import) using the BitcoinQT client? I imagine we need the private key format to do the import.) I will play with a fraction of a BTC of course before utilizing the new wallets.

Any recommended BIP38 links would be appreciated.

Thanks,
IAS

After searching for this answer for a while, I found that I was able to get the funds from my BIP0038 encrypted paper wallet imported to my Blockchain.info wallet.
Under the Import/Export section, you'll find a place to "Import Private Key".
Once you input the encrypted private key, it askes for the passphrase you used to encrypt it with.

Super easy !

Side notes:
- Don't be tempted to use the "Import Paper Wallet" with the webcam option at the bottom of that page. You'll get an "Unsupported key format" error message.
- You can use webqr.com if you're lazy like me and don't want to type out the entire addrress.

Not ignoring anyone. . . . . Yet
Tip Jar - 18YWB8cQ8vb5s7PTGvxu1E6DqmQV3Srj2W
Its About Sharing
Legendary
*
Offline Offline

Activity: 1064


Antifragile


View Profile
November 12, 2013, 09:05:33 PM
 #489

Thanks again for all the replies. I tested it out - simple, nice, effective!

I guess the best thing (as you never want to lose the password), is to make it something you absolutely won't forget. Even something simple takes a lot of time in Scrypt to hack (as long as you know your wallet was compromised you will have time.)

Or, absolutely put it in a few key places, and back it up also.  I mean, you need the password and the BIP38 Private Key, so it is a sort of 2FA.

Any ideas?

IAS

BTC = Black Swan.
BTC = Antifragile - "Some things benefit from shocks; they thrive and grow when exposed to volatility, randomness, disorder, and stressors and love adventure, risk, and uncertainty. Robust is not the opposite of fragile.
pointbiz
Sr. Member
****
Offline Offline

Activity: 426

1ninja


View Profile
November 13, 2013, 01:09:34 AM
 #490

Where can I find the SHA-1 for version 2.6.1?

At this time I only sign SHA1 hashes for versions that go on the bitaddress.org website.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
kfruit
Jr. Member
*
Offline Offline

Activity: 56


View Profile
November 13, 2013, 08:53:36 AM
 #491

I have asked this all over, so sorry for that, but one last time: Is there a way to make this work on the raspberry pi? Everytime I try it either hangs or doesn't finish even within 5+ hours of waiting. Is there a way to calculate how long it should take knowing the raspberry pi (version B) specs? I'm talking about using the BIP 38. Thanks!

nitrogensports.EU - Anonymous Sports Betting! Bet with 0 confirmations! Easy & Fun.
1NQ7fwH4tuPaakXBgbqaSYRjo3oeTixujw
nightengale
Hero Member
*****
Offline Offline

Activity: 560


View Profile
November 14, 2013, 02:30:21 AM
 #492

Where can I find the SHA-1 for version 2.6.1?

At this time I only sign SHA1 hashes for versions that go on the bitaddress.org website.

Thanks for the response. I was trying to find a download link for 2.6.0 then but could not find one... I'm probably just missing it, apologies in advance for the stupidity of asking.
pointbiz
Sr. Member
****
Offline Offline

Activity: 426

1ninja


View Profile
November 14, 2013, 02:53:56 AM
 #493

Where can I find the SHA-1 for version 2.6.1?

At this time I only sign SHA1 hashes for versions that go on the bitaddress.org website.

Thanks for the response. I was trying to find a download link for 2.6.0 then but could not find one... I'm probably just missing it, apologies in advance for the stupidity of asking.

It was actually a good question for some reason github only makes zips available for the newest version of the branch.

This is a link to the raw HTML for the commit for v2.6.0
https://raw.github.com/pointbiz/bitaddress.org/05b59f75609cd50cd8a75c5ede8177650fbdd81a/bitaddress.org.html

You can see this by going here and clicking the raw button:
https://github.com/pointbiz/bitaddress.org/blob/05b59f75609cd50cd8a75c5ede8177650fbdd81a/bitaddress.org.html

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
pointbiz
Sr. Member
****
Offline Offline

Activity: 426

1ninja


View Profile
November 14, 2013, 02:55:58 AM
 #494

I have asked this all over, so sorry for that, but one last time: Is there a way to make this work on the raspberry pi? Everytime I try it either hangs or doesn't finish even within 5+ hours of waiting. Is there a way to calculate how long it should take knowing the raspberry pi (version B) specs? I'm talking about using the BIP 38. Thanks!

I don't know. It takes a lot of RAM and other resources for BIP38. Mobile phones and Raspberry Pi's might choke.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
kfruit
Jr. Member
*
Offline Offline

Activity: 56


View Profile
November 14, 2013, 04:33:50 AM
 #495

Thanks pointbiz, that's what I was afraid of, I should have just bought a cheap notebook it seems! I was just hoping maybe there was a way of segmenting it or something where it would be easier to handle at once, but I suppose it would take too much effort to program that just so it could work on low level computers, especially since it already works relatively quickly on modern smartphones.

nitrogensports.EU - Anonymous Sports Betting! Bet with 0 confirmations! Easy & Fun.
1NQ7fwH4tuPaakXBgbqaSYRjo3oeTixujw
nightengale
Hero Member
*****
Offline Offline

Activity: 560


View Profile
November 14, 2013, 09:10:51 PM
 #496

Thanks for your responses and all your work on bitaddress.org.

I'm getting ready to generate a batch of public-private key pairs for long term cold storage. If I boot my system to an Ubuntu LiveCD, can I just use the bitaddress.org .html file by itself, or do I need to include the other java-related files to generate functional, secure key pairs?
BitFanatic
Newbie
*
Offline Offline

Activity: 17


View Profile
November 14, 2013, 09:56:03 PM
 #497

Thanks for your responses and all your work on bitaddress.org.

I'm getting ready to generate a batch of public-private key pairs for long term cold storage. If I boot my system to an Ubuntu LiveCD, can I just use the bitaddress.org .html file by itself, or do I need to include the other java-related files to generate functional, secure key pairs?

There are no dependencies so you'll only need the html file.
nightengale
Hero Member
*****
Offline Offline

Activity: 560


View Profile
November 14, 2013, 10:07:32 PM
 #498

Thanks for your responses and all your work on bitaddress.org.

I'm getting ready to generate a batch of public-private key pairs for long term cold storage. If I boot my system to an Ubuntu LiveCD, can I just use the bitaddress.org .html file by itself, or do I need to include the other java-related files to generate functional, secure key pairs?

There are no dependencies so you'll only need the html file.


Thanks for the response -- can pointbiz confirm this?
BitFanatic
Newbie
*
Offline Offline

Activity: 17


View Profile
November 14, 2013, 11:43:08 PM
 #499

Thanks for your responses and all your work on bitaddress.org.

I'm getting ready to generate a batch of public-private key pairs for long term cold storage. If I boot my system to an Ubuntu LiveCD, can I just use the bitaddress.org .html file by itself, or do I need to include the other java-related files to generate functional, secure key pairs?

There are no dependencies so you'll only need the html file.


Thanks for the response -- can pointbiz confirm this?

Single out the html file on your own and run it in your browser and you'll see that it still works the same Smiley
pointbiz
Sr. Member
****
Offline Offline

Activity: 426

1ninja


View Profile
November 14, 2013, 11:50:45 PM
 #500

Thanks for your responses and all your work on bitaddress.org.

I'm getting ready to generate a batch of public-private key pairs for long term cold storage. If I boot my system to an Ubuntu LiveCD, can I just use the bitaddress.org .html file by itself, or do I need to include the other java-related files to generate functional, secure key pairs?

There are no dependencies so you'll only need the html file.


Thanks for the response -- can pointbiz confirm this?

confirmed

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 [25] 26 27 28 29 30 31 32 33 34 35 36 37 38 39 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!