[ANN] bitaddress.org Safe JavaScript Bitcoin address/private key

[programmer-frank]

Well thank you very much for implementing new paper wallet designs! I still won't use your repo/website/app as for now since I am not that good of a programmer myself to confirm that it is completely safe. If there are more reputable members that can confirm the safeness in the future then I will try it out!

I did a diff of the original repository and the new repository. Would have been better to just fork the original repository and send it as a PR, but boomdev is right, the only differences I can see (at this moment, version e7ab666c7e754a134e92494c2849eee1909e3ded ) are the new templates, an unnecessary yarn.lock file, no .gitignore file, removed bitaddress copyright in the website (but the original repository is still mentioned), and changed logo. All the security related functions in the JavaScript files are untouched. Should be safe, unless boomdev found a new png image decoder backdoor

[1715143013]

1715143013

[1715143013]

1715143013

[1715143013]

1715143013

[1715143013]

1715143013

[boomdev]

I did a diff of the original repository and the new repository.

Thanks for looking into it!

Would have been better to just fork the original repository and send it as a PR

Agreed, don't know why I didn't... maybe I will.

Should be safe, unless boomdev found a new png image decoder backdoor

I wish I was that smart 

[abhilodha]

i have btc in wallet created in 2018 by bitaddress.org site and i havent touched them till now.
back then i didnt knew what gpg signature is so i didnt verified.

But i worry too much are my funds safe.  
Should i send them in new address generated via better methods(like linux electrum{python better randomness} offline gpg verified).

[programmer-frank]

i have btc in wallet created in 2018 by bitaddress.org site and i havent touched them till now.
back then i didnt knew what gpg signature is so i didnt verified.

But i worry too much are my funds safe.  
Should i send them in new address generated via better methods(like linux electrum{python better randomness} offline gpg verified).

It is as safe as your password. If it is multiple words, that are nowhere written in the internet or your computer, or at least 8 random characters with uppercase, lowercase and numbers, then it is safe:

https://en.wikipedia.org/wiki/Password_strength#Guidelines_for_strong_passwords

The problem with moving it is that if you have a malware installed, then it can get stolen when you try to move it.

And nowadays 30% of all computers in the US are malware infected:

https://dataprot.net/statistics/malware-statistics/

And there are new and more sophisticated malware every day. So a hardware wallet is the only safe solution for the average user. Or a computer which is not connected to the internet, and then create and sign the transactions offline. But the average user can't do this.

I think Trezor is a good hardware wallet. It is like a strong brainwallet, but you can still use your coins regularly without the fear that malware steals it. And if you write down the passphrase for it (only on paper, never on any computer or password manager app), the hardware can even get lost or destroyed, and you can just enter it in a new Trezor device to get it back.

It has also a nice feature to create an addtional hidden wallet. In case of a $5 wrench event, you can just tell them the first decoy wallet with less value, and your main value is in the hidden wallet.

[BitCheques]

I am using this tool to create BitCheques (a physical bitcoin currency). I need to guarantee to holders that the private key is not recorded or memorized before the BitCheques are folded and sealed. What is the simplest, most user-friendly, and most straightforward way to do this without significantly altering the program? Ballet uses bip38 and generates a passphrase - and generates the key over multiple locations. But I would like to omit the need for passwords altogether and keep everything self-contained. Is there a way to split or further encrypt the private key - or somehow tie it to the serial number? I'm not sure if this has been covered already in this thread. I read through much of it, but it is rather lengthy. I'm open to all options.

[LoyceV]

I am using this tool to create BitCheques (a physical bitcoin currency). I need to guarantee to holders that the private key is not recorded or memorized before the BitCheques are folded and sealed. What is the simplest, most user-friendly, and most straightforward way to do this without significantly altering the program?

Are you talking about proving the software isn't compromised, or do you mean you want to prove you didn't record the private keys? The former is probably possible (Bitaddress has been around for many years), the latter isn't. Having some else create private keys for you means you can't ever be 100% sure you're the only one who can access it.

Ballet uses bip38 and generates a passphrase - and generates the key over multiple locations. But I would like to omit the need for passwords altogether and keep everything self-contained.

If the buyer creates a BIP38 password, and you only store the encrypted private key, the buyer can be sure you can't access the funds (assuming the password is strong enough). That's the only way to be absolutely sure.

Is there a way to split or further encrypt the private key - or somehow tie it to the serial number? I'm not sure if this has been covered already in this thread.

Encrypting the private key works, see BIP38. I can't think of another way to do this without trusting you. Using a serial number won't help, as long as both you and the buyer know it, you can both recreate the private key.

[BitCheques]

I've considered printing the private key portion in invisible ink, which requires a special reader, and doesn't allow the printing party to view the QR code, but even this involves an element of trust in the minting process, and would also require that the private key and QR code is not visible as the paper wallets are generated. Perhaps the only way for someone without Internet access to securely purchase bitcoin is at a BTM that prints a paper wallet as he deposits the cash. But one still has to trust the BTM and those who operate it - or have some type of escrow or reputation trademark.

By way of comparison, many industries - including banking - are overly trusted. It's a double standard. But I will continue my quest for trustless money.

[LoyceV]

I've considered printing the private key portion in invisible ink, which requires a special reader, and doesn't allow the printing party to view the QR code, but even this involves an element of trust in the minting process, and would also require that the private key and QR code is not visible as the paper wallets are generated.

Who's "the printing party"? If you're outsourcing the printing, you're increasing the risk of someone gaining access. Invisible ink doesn't make that impossible.

Perhaps the only way for someone without Internet access to securely purchase bitcoin is at a BTM that prints a paper wallet as he deposits the cash. But one still has to trust the BTM and those who operate it - or have some type of escrow or reputation trademark.

I wouldn't trust the private key from a Bitcoin ATM for long-term storage. Sweeping it to your own wallet is the best thing to do. Why would anyone want to "use" Bitcoin without internet?

By way of comparison, many industries - including banking - are overly trusted. It's a double standard. But I will continue my quest for trustless money.

I don't trust banks at all, but I'm still forced to use them.
No need to look further: trustless money (Bitcoin) exists already. But if you're looking for trustless offline money, maybe gold works? There's no way to make "BitCheques" trustless. Even if you use BIP38, if you give it to someone else they'd still have to trust the parties who printed the paper and the password.

[BitCheques]

Why would anyone want to "use" Bitcoin without internet?

The majority in El Salvador and 90% of people in the Central African Republic do not have access to the Internet. In both of these countries, bitcoin is now legal tender. But bitcoin can not be a practical currency if people can't use it.

[LoyceV]

The majority in El Salvador and 90% of people in the Central African Republic do not have access to the Internet. In both of these countries, bitcoin is now legal tender. But bitcoin can not be a practical currency if people can't use it.

I assume the legal tender is definded as Bitcoin the way we know it, and not as Bitcoin in the form of some printed piece of paper that can be traded. That would make it a private form of money instead of legal tender.

It could work:

~ the Bitcoin Standard: let's take El Salvador as an example, and let's assume they implement a Bitcoin Standard. Instead of holding 10 tonnes of gold, they hold 19,348 Bitcoin (worth about the same as 10 tonnes of gold). The can now issue banknotes, let's call them ElSalvos, worth 19,348 Bitcoin. If they issue 1 billion ElSalvos, each Elsalvo is worth 0.0193mBTC. At the El Salvador Central Bank, you can exchange your ElSalvos for Bitcoin if you want.

But this assumes a trusted party (and a government is trusted by force), and there's no need to print private keys on banknotes.

[BitCheques]

I assume the legal tender is definded as Bitcoin the way we know it, and not as Bitcoin in the form of some printed piece of paper that can be traded. That would make it a private form of money instead of legal tender.

Bitcoin is bitcoin. A paper wallet can be traded as bitcoin, and hold its value as bitcoin until redeemed.

~ the Bitcoin Standard: let's take El Salvador as an example, and let's assume they implement a Bitcoin Standard. Instead of holding 10 tonnes of gold, they hold 19,348 Bitcoin (worth about the same as 10 tonnes of gold). The can now issue banknotes, let's call them ElSalvos, worth 19,348 Bitcoin. If they issue 1 billion ElSalvos, each Elsalvo is worth 0.0193mBTC. At the El Salvador Central Bank, you can exchange your ElSalvos for Bitcoin if you want.

But this assumes a trusted party (and a government is trusted by force), and there's no need to print private keys on banknotes.

That's the point. A custodial account requires trust in a third party. The objective is tradable BitCheques with the private key accessible only to the holder. Unlike fiat, the only role of the State is to refrain from preventing the trade.

Requiring 2 of 3 signatures to redeem them (the holder, the issuer, the arbitrator selected by both) is another possibility.

Or the issuer could escrow the BitCheques up to the maximum amount on the BitCheque for a limited time - governed by an escrowed smart contract - at which point another BitCheque could be issued if any doubt remains.

[LoyceV]

A paper wallet can be traded as bitcoin, and hold its value as bitcoin until redeemed.

I've done that, but it only works with people you trust. It's the classic: "not your keys, not your coins" problem where you can't ever be sure you're the only owner.

The objective is tradable BitCheques with the private key accessible only to the holder.

My point is: the holder can't possibly be sure he's the only one with access.

Requiring 2 of 3 signatures to redeem them (the holder, the issuer, the arbitrator selected by both) is another possibility.

Nope, it doesn't solve it. You want the paper wallet to be tradable, but now know for sure the issuer and the arbitrator (selected by someone else!) can take your funds.

Or the issuer could escrow the BitCheques up to the maximum amount on the BitCheque for a limited time - governed by an escrowed smart contract - at which point another BitCheque could be issued if any doubt remains.

"Smart contracts" usually mean nobody understands the details.

On the Collectibles board, Casascius physical Bitcoins are often sold. The creator was (and is) highly trusted, but fake coins are used to scam people. Once it's something physical, counterfeiting becomes a problem again.

[BitCheques]

Actually, there are some very good methods of selecting an arbitrator. For example, each party submits 3 arbitrators, from which one is chosen by the other party. The two arbitrators select a third. The panel of three decides (2 of 3) from between solutions submitted by each party without alteration as to what funds are released to what party. This prevents a "splitting the baby" compromise.

When a BitCheque is purchased from the issuer (me), guarantee funds are locked up for a specific time period and/or until it is redeemed. If an unopened BitCheque is emptied of funds, this would indicate fraud or carelessness on the part of the issuer, and trigger arbitration - if the issuer does not promptly compensate the holder.

This type of contract can be written in Solidity or possibly a taproot layer.

Anyone interested?

[LoyceV]

Anyone interested?

I'd like to continue this discussion, but you should create another topic for it. If you do, feel free to mention me (@LoyceV)

[BitCheques]

Anyone interested?

I'd like to continue this discussion, but you should create another topic for it. If you do, feel free to mention me (@LoyceV)

To continue the discussion regarding the safe use of paper wallets as currency: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key

The discussion is continued under the topic: "Physical Bitcoin for the 3rd World" https://bitcointalk.org/index.php?topic=5399679.0

[pateyway]

Hello, I made an encrypted bitcoin wallet on bitaddress.org. I have the password but I have no clue how to decrypt it. Any clue anyone?

[LoyceV]

Hello, I made an encrypted bitcoin wallet on bitaddress.org. I have the password but I have no clue how to decrypt it. Any clue anyone?

Bitaddress.org uses (optional) BIP38 encryption. You can use the same website (offline and air-gapped of course) to decrypted your private key (which should start with 6P), or some wallets can do it for you.

[bckingock]

Could someone please explain why JavaScript isn't an optimal choice for generating entropy?

Merci!

[micro23]

Hey Boomdev.

Hey how did you add designs to the bitcoin paper wallet? I wanted to add some designs. THANKS!

[BadAss.Sx]

thebigboss@Alexs-Mac-Pro Downloads % wget http://www.bitaddress.org/bitaddress.org-v2.9.1-SHA1-67b1facd70890aa9544597e97122c7a1d4fdc821.html
--2023-05-21 20:17:44--  http://www.bitaddress.org/bitaddress.org-v2.9.1-SHA1-67b1facd70890aa9544597e97122c7a1d4fdc821.html
Resolving www.bitaddress.org (www.bitaddress.org)... 185.199.110.153, 185.199.108.153, 185.199.111.153, ...
Connecting to www.bitaddress.org (www.bitaddress.org)|185.199.110.153|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.bitaddress.org/bitaddress.org-v2.9.1-SHA1-67b1facd70890aa9544597e97122c7a1d4fdc821.html [following]
--2023-05-21 20:17:44--  https://www.bitaddress.org/bitaddress.org-v2.9.1-SHA1-67b1facd70890aa9544597e97122c7a1d4fdc821.html
Connecting to www.bitaddress.org (www.bitaddress.org)|185.199.110.153|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2023-05-21 20:17:44 ERROR 404: Not Found.

Cannot get the html file. Sill relevant?

I also did checksum, but it is not the same as original post?

thebigboss@Alexs-Mac-Pro Downloads % shasum -a 256 bitaddress.org-3.3.0.zip
d44bf989f7e9ddd8b9e7553503f6a2772e99f28e81ac72c7f44eaa7377e29a6f  bitaddress.org-3.3.0.zip