Bitcoin Forum
December 05, 2016, 06:51:41 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 [27] 28 29 30 31 32 33 34 35 36 37 38 39 »
  Print  
Author Topic: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key  (Read 110007 times)
maxmint
Hero Member
*****
Offline Offline

Activity: 686



View Profile
December 01, 2013, 12:18:27 PM
 #521

v2.6.2 support input of a private key in base6 format which shall be defined as:
99 characters (1,2,3,4,5,0) where 1=1 and 6=0

This allows you to create a private key with physical randomness with 99 rolls of a die. Use 3 dice and do 33 rolls.
Then enter the 99 character string into the wallet details tab of bitaddress.org and you've got yourself a truly randomly generated bitcoin wallet.

When using 99 rolls, the highest base6 number one could come up would be this:
Code:
555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555

This results in this hex private key:
Code:
F0BB8A1BBDE9163B9E053E8F918BF8E4D34034D7FFFFFFFFFFFFFFFFFFFFFFFF

I'm quoting from the Bitcoin wiki:
Quote
Nearly every 256-bit number is a valid private key. Specifically, any 256-bit number between 0x1 and 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141 is a valid private key.

Now there's quite a large amount of numbers between
the highest dice generated number at F0BB8A1BBDE9163B9E053E8F918BF8E4D34034D7FFFFFFFFFFFFFFFFFFFFFFFF
and
the upper limit at FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141

It seems the 99-rolls dice method is not using the full range of possible private keys, leaving the upper 5.96% of possible keys untouched.

I don't think that's a real problem because the pool of dice generated possible private keys is still huge. But I would prefer a dice method that covers the full range of possible private keys. 100 rolls should be enough, but that could produce number that are too large.
Is there any easy solution to this?

In any case, I love the principle of rolling my own private keys and not being dependent on software RNGs.

My PGP-Key: 462D02D8
Verify my messages using keybase: https://keybase.io/maxmint
1480963901
Hero Member
*
Offline Offline

Posts: 1480963901

View Profile Personal Message (Offline)

Ignore
1480963901
Reply with quote  #2

1480963901
Report to moderator
1480963901
Hero Member
*
Offline Offline

Posts: 1480963901

View Profile Personal Message (Offline)

Ignore
1480963901
Reply with quote  #2

1480963901
Report to moderator
1480963901
Hero Member
*
Offline Offline

Posts: 1480963901

View Profile Personal Message (Offline)

Ignore
1480963901
Reply with quote  #2

1480963901
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 02, 2013, 08:34:56 PM
 #522


I don't think that's a real problem because the pool of dice generated possible private keys is still huge. But I would prefer a dice method that covers the full range of possible private keys. 100 rolls should be enough, but that could produce number that are too large.
Is there any easy solution to this?

not really...

You are getting 255.91 bits of entropy with 99 dice rolls.  The idea that you're losing almost 6% of "something" makes it sound much scarier than it is.

I will bet that a private key that has only 224 random bits is still for all intents and purposes secure, even though 99.999999999%+ of the key space is being left on the table.

And then, keep in mind that a bitcoin address only has 160 bits of entropy in the first place.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
December 04, 2013, 05:18:04 PM
 #523

One or two of the operators stated that depositing more than one time to the public address of a printed bitaddress "wallet"/keypair will create too many signatures which the hackers will use to decode the private address.

You're probably talking about this issue:
  https://bitcointalk.org/index.php?topic=271486

Spending multiple times from the same address will allow hackers to deduce your private key if the random number generator in the client you're using to do the spending is no good.  There's no danger in sending multiple times to the same address (except that when you come to spend the coins you deposited, you are effectively spending multiple times from that address).

It's only when you come to spend from the address that the risk exists.

EdgarT
Newbie
*
Offline Offline

Activity: 2


View Profile
December 04, 2013, 06:19:29 PM
 #524

I translated bitaddress.org (v2.6.2; I'll take care of the latest changes asap) into German. How should I go about submitting it?
pointbiz
Sr. Member
****
Offline Offline

Activity: 426

1ninja


View Profile
December 05, 2013, 03:43:32 AM
 #525

I translated bitaddress.org (v2.6.2; I'll take care of the latest changes asap) into German. How should I go about submitting it?

I answered you in PM but incase other people are wondering for other languages the best way to submit translations is to fork the code at github:
https://github.com/pointbiz/bitaddress.org

And submit a pull request.

You just need to modify the file:
src/ninja.translator.js

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
pointbiz
Sr. Member
****
Offline Offline

Activity: 426

1ninja


View Profile
December 10, 2013, 03:45:51 AM
 #526

v2.6.6
https://www.bitaddress.org/bitaddress.org-v2.6.6-SHA1-0d68accca48df174b6b4f48544498f333dc6e33a.html
 - German translations thanks to gerEDH.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
mrkent
Sr. Member
****
Offline Offline

Activity: 249


Try Purse Instant! https://purse.io/instant


View Profile WWW
December 11, 2013, 07:48:25 PM
 #527

Just used it for first time today to pass out Christmas gifts at the office. It was well received but a pain in the ass to load up each wallet individually. Is it possible to provide a URI that'll automatically send 1 transaction of fixed size to each of the wallet generated?

  Spend BTCBTCBTCBTCBTCBTC @ amazon
Save 10-25% with Ƀ worldwide - PurseIO
Anonymously▃▃▃▃▃▃ ⌚Fast ⚖Safe ⓑOn Credit
Buy BTC w. Card
  Worldwide - Purse.IO
pointbiz
Sr. Member
****
Offline Offline

Activity: 426

1ninja


View Profile
December 22, 2013, 03:37:26 PM
 #528

v2.7.1
https://www.bitaddress.org/bitaddress.org-v2.7.1-SHA1-6dfa290d1a133fc444c5580e2a8f1f890d5edf17.html
 - more entropy for the PRNG seed.
 - use ?showseedpool=true to see the contents of the seed pool in hex.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
zemario
Full Member
***
Offline Offline

Activity: 194


View Profile
December 22, 2013, 06:38:25 PM
 #529

Hey, I've been aware of this site for a long time. Yesterday I generated a handful of addresses by manually entering random gebrish as the brainwallet seed.

But now that I see that this started of a little buggy (no offense intended) I'm not sure I want to use those adresses.

Tis thread is quite long, could anyone provide more details (or link to them) about how the first bounty was collected?
Dabs
Staff
Legendary
*
Offline Offline

Activity: 1512


64blocks.com


View Profile WWW
December 23, 2013, 01:24:02 AM
 #530

@zemario,

I prefer the bulk wallet tab, to create compressed addresses. I think the entropy is fine at this point. Go generate like 100, pick 10 in the middle, and you should be fine.

Although your random gibberish should also be fine as long as it is extremely long and sufficiently random.

I don't know about the details, sorry.

64blocks.com Social Multiplayer Dice (Gambling) - Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
pointbiz
Sr. Member
****
Offline Offline

Activity: 426

1ninja


View Profile
December 24, 2013, 03:19:34 AM
 #531

v2.7.2
https://www.bitaddress.org/bitaddress.org-v2.7.2-SHA1-364542f1ccc5777c79aebb1692a6265cf3e42e7e.html
 - keys and addresses in monospace font.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
maxmint
Hero Member
*****
Offline Offline

Activity: 686



View Profile
January 06, 2014, 01:23:31 PM
 #532

Would be great to have the option for BIP38 encryption at the "Wallet Details" tab.
I like to dice roll my addresses and currently have to manually encrypt private keys.

My PGP-Key: 462D02D8
Verify my messages using keybase: https://keybase.io/maxmint
Its About Sharing
Legendary
*
Offline Offline

Activity: 1064


Antifragile


View Profile
January 06, 2014, 01:33:25 PM
 #533

Has anyone come across the concerns raised by Mike Woods here in this thread?
He said bitaddress.org is far from secure. Not a very long thread, would appreciate comments from those of you who really understand this area.

https://bitcointalk.org/index.php?topic=399452.0

A quote from that thread:
Quote

BitAddress.org is a great site, it had a good run, and it helped a lot of people for the last two years. But, it's far from perfect...

BitAddress uses only initial mouse position - which gives you about 20 bits that have fine entropy (and that mouse position is picked even if you don't move your mouse at all [not the case on my site]).

Having just 20 bits is enough to set up the seed, but not even enough for one private key created using true randomness, and you need new bits with good entropy for other addresses.
(Random numbers generated from seed have entropy equal to size of the seed - that's why they are called pseudorandom, and shouldn't be used for any security mechanisms: https://en.wikipedia.org/wiki/Pseudorandomness#Cryptography . Using pseudorandom numbers for storing your money is next to insane.)

Let's say you want to create 1000 addresses - that require around 1000*32*8 or around 500 000 bits of entropy, but instead you're using just 20 bits - so if you guess that 20 bits you'll have access to all 1000 addresses (which makes it worth for someone to brute force)

Other problems with BitAddress.org are:
- You are online while generating addresses - so you can't generate "offline" addresses, and also brings up the question if your browser or operating system is infected...
(- I also think that the site is not elegant enough with too much information that aren't necessary for average Bitcoin user (just my personal opinion)).

BTC = Black Swan.
BTC = Antifragile - "Some things benefit from shocks; they thrive and grow when exposed to volatility, randomness, disorder, and stressors and love adventure, risk, and uncertainty. Robust is not the opposite of fragile.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
January 06, 2014, 05:08:51 PM
 #534

I do wish that BitAddress entropy were improved in a verifiable way by offering to accept a "keyboard mash" string from the user and then incorporating that entropy in an auditable way*, but on the other hand, I do at least believe that it takes more than an initial mouse position as entropy so long as mouse move events are being sent to the page.

It is something I'd like to know was studied more, especially since people could be not moving their mouse, or be on a touch screen and not be able to really provide the sort of input the program was written to expect.

* example of auditable way: collect a string (minimum 80 characters, ask user to type gibberish) from the user, and then use something like SHA256(rng_generated_random_string + user_entered_random_string + n + constant salt) to generate private keys

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
pointbiz
Sr. Member
****
Offline Offline

Activity: 426

1ninja


View Profile
January 07, 2014, 04:18:33 AM
 #535

Has anyone come across the concerns raised by Mike Woods here in this thread?
He said bitaddress.org is far from secure. Not a very long thread, would appreciate comments from those of you who really understand this area.

https://bitcointalk.org/index.php?topic=399452.0

A quote from that thread:
Quote

BitAddress.org is a great site, it had a good run, and it helped a lot of people for the last two years. But, it's far from perfect...

BitAddress uses only initial mouse position - which gives you about 20 bits that have fine entropy (and that mouse position is picked even if you don't move your mouse at all [not the case on my site]).

Having just 20 bits is enough to set up the seed, but not even enough for one private key created using true randomness, and you need new bits with good entropy for other addresses.
(Random numbers generated from seed have entropy equal to size of the seed - that's why they are called pseudorandom, and shouldn't be used for any security mechanisms: https://en.wikipedia.org/wiki/Pseudorandomness#Cryptography . Using pseudorandom numbers for storing your money is next to insane.)

Let's say you want to create 1000 addresses - that require around 1000*32*8 or around 500 000 bits of entropy, but instead you're using just 20 bits - so if you guess that 20 bits you'll have access to all 1000 addresses (which makes it worth for someone to brute force)

Other problems with BitAddress.org are:
- You are online while generating addresses - so you can't generate "offline" addresses, and also brings up the question if your browser or operating system is infected...
(- I also think that the site is not elegant enough with too much information that aren't necessary for average Bitcoin user (just my personal opinion)).


I replied here:
https://bitcointalk.org/index.php?topic=399452.msg4358491#msg4358491

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
ajk
Donator
Sr. Member
*
Offline Offline

Activity: 443


View Profile
January 12, 2014, 11:27:18 PM
 #536

hi

noticed an update on github and was wondering if there will be announcement made here to make it official

thanks for continuing your efforts on this project,
minimalB
Donator
Hero Member
*
Offline Offline

Activity: 627


View Profile
January 13, 2014, 11:20:53 AM
 #537

Everytime new version is ready, pointbiz posts an announcement here.

This upcoming version is really what we were looking for! Thanks in advance, pointbiz!
adrian33
Member
**
Offline Offline

Activity: 119


View Profile
January 13, 2014, 05:17:42 PM
 #538

In the latest Chrome on Windows the page is corrupted. It's fine in Firefox and IE.




phelix
Legendary
*
Offline Offline

Activity: 1680


nmc:id/phelix


View Profile
January 13, 2014, 07:04:16 PM
 #539

I do wish that BitAddress entropy were improved in a verifiable way by offering to accept a "keyboard mash" string from the user and then incorporating that entropy in an auditable way*, but on the other hand, I do at least believe that it takes more than an initial mouse position as entropy so long as mouse move events are being sent to the page.

It is something I'd like to know was studied more, especially since people could be not moving their mouse, or be on a touch screen and not be able to really provide the sort of input the program was written to expect.

* example of auditable way: collect a string (minimum 80 characters, ask user to type gibberish) from the user, and then use something like SHA256(rng_generated_random_string + user_entered_random_string + n + constant salt) to generate private keys
+1

blockchained.com ■ bitcointalk top posts
zemario
Full Member
***
Offline Offline

Activity: 194


View Profile
January 13, 2014, 08:23:36 PM
 #540

What is wrong with typing in random stuff in the brainwallet input? Honest question? Just write stupid stuff and it should be pretty unique. Methods of collecting entropy automagically can be dangerous in the way that sometimes they are not so random as people would expect.
Wasn't this the problem with android's wallet app?
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 [27] 28 29 30 31 32 33 34 35 36 37 38 39 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!