WBF1
|
|
September 07, 2015, 11:37:28 PM |
|
I've used mycelium a looong time ago, how is it nowadays? Which do you recommend? Schildbach "bitcoin wallet" is nice because it connects directly to the bitcoin network.
|
|
|
|
yuyu123
Newbie
Offline
Activity: 40
Merit: 0
|
|
September 15, 2015, 01:08:21 AM |
|
|
|
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
October 25, 2015, 07:15:39 PM |
|
|
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
October 25, 2015, 08:02:56 PM |
|
While the log does appear to record the address I make using B6 (99 dice), it only starts recording once entropy collection is complete. Any I generate before that are lost. I don't see any way of encrypting the private keys I generate using B6 (99 dice), and don't feel safe storing unencrypted private keys. Could the option of encrypting paper wallets be extended to the 'wallet details' tab as well, for people who don't want to trust the in-browser RNG and prefer to provide their own by rolling dice?
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
October 25, 2015, 09:03:08 PM Last edit: October 25, 2015, 09:19:14 PM by pointbiz |
|
Could you paste your pgp signature here at bitcointalk instead? Copy paste it into the opening message for example. It doesn't make much sense get it from the same website which authenticity I am trying to verify, specially over plain http.
Yes, done. Thank you. sorry I didn't suggest this at first, but in adition to posting the key here (which greatly improves security) you could also upload it to a key server and update the tutorial to retrieve the key from a key server instead of from bitaddress.org. It is fairly simple to do: https://www.gnupg.org/gph/en/manual/x457.htmlAnyway. Great work, been using it even more frequently as of lately. It is my favourite way of generating addresses as I can manually enter randomness, while many other wallets and address generators rely simply on RNGs which have been attacked repeatedly. All has been great using Bitaddress+mycelium. I have another feature request if you're up to it: in the wallet details tab, if the entered private key is bip38 encrypted, you could show the encrypted private key in HEX format too. Either way, big thanks and keep up. I plan to improve the instructions for verifying the signature. Regarding your request "show the encrypted private key in HEX format too". Can you describe the use case? For example a use case for "Base 64" is to hide the private key data in plain sight. There might be circumstances 1) using an insecure channel 2) holding media that can be confiscated where data could be hidden in base 64 noise. An example is putting the private key base64 encoded data into a JPEG. Then you just have to remember the beginning byte and ending byte of the private key data within the JPEG. There is plausible deniability at play here because you are not using the Bitcoin specific base 58 encoding.
|
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
October 25, 2015, 09:18:27 PM |
|
20 btc reward for anyone that can assist me here;
I created an offline BTC wallet using a saved version of bitaddress.org html (version 2.76) on an offline macbook air using google chrome version 32.0.1700.77
I did the randomization it generated a new address I saved the public address and sent some coins to that public address, in the next minute or so I hit "generate new address" by accident and it created a new wallet. I didn't save the private address but already sent the coins to that wallet. Is there any way to retrieve the previous address data? Is it saved in RAM anywhere or perhaps in the java?
Whoever can assist me in this will have 20 btc shipped to them immediately.
Regards
I do not know of anything you can do. To prevent this happening to others in the future versions 3.0.0+ now have a session log icon that can be pressed to view all the keypairs generated during the current session.
|
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
October 25, 2015, 09:48:13 PM |
|
Hi guys.
What is the best method of sweeping the paper wallet?
I don't want to use blockchains android app, what other ways can I withdraw from my bitaddress paper?
I use the Android "Bitcoin Wallet" by "Bitcoin Wallet developers": https://play.google.com/store/apps/details?id=de.schildbach.walletI'm going to try Mycelium Android app because you can spend part of a paper wallet balance without sweeping it. This has the security risk that your private key is exposed temporarily in memory of your Android and then you are leaving a balance connected to that private key. But I think that's an acceptable risk for low amounts.
|
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
October 25, 2015, 09:49:40 PM |
|
While the log does appear to record the address I make using B6 (99 dice), it only starts recording once entropy collection is complete. Any I generate before that are lost. I don't see any way of encrypting the private keys I generate using B6 (99 dice), and don't feel safe storing unencrypted private keys. Could the option of encrypting paper wallets be extended to the 'wallet details' tab as well, for people who don't want to trust the in-browser RNG and prefer to provide their own by rolling dice? I have a fix coming for the issue above regarding when the recording of the session log begins. Thanks for the feedback now and over the past years! I will add BIP38 encryption on the wallet details tabs. It will be a checkbox beside the View Details button. When checked it will make the passphrase visible so you can then encrypt your key.
|
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
October 25, 2015, 11:21:26 PM |
|
|
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
October 25, 2015, 11:28:39 PM |
|
The next two features I'm planning to add are: 1) improve instructions for verifying signature (.sig) vs checking the SHA256 hash. I'm going to look at Canton Becker's bitcoinpaperwallet.com for inspiration. He's got a good tutorial for doing this. 2) wallet details tab bip38 encrypt: https://github.com/pointbiz/bitaddress.org/issues/44
|
|
|
|
minimalB
Donator
Hero Member
Offline
Activity: 674
Merit: 523
|
|
October 25, 2015, 11:30:55 PM |
|
I will add BIP38 encryption on the wallet details tabs. It will be a checkbox beside the View Details button. When checked it will make the passphrase visible so you can then encrypt your key.
Great! I've been waiting for this feature patiently. Thank you for continuously improving bitaddress! I guess it's donation time again : )
|
|
|
|
spazzdla
Legendary
Offline
Activity: 1722
Merit: 1000
|
|
November 04, 2015, 10:28:03 PM |
|
How useless is a wallet when that random numbers warning comes up?
|
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
November 05, 2015, 03:08:50 AM Last edit: November 05, 2015, 03:21:46 AM by pointbiz |
|
How useless is a wallet when that random numbers warning comes up?
TL;DR The uniqueness gathered from your browser and the mouse movements should be enough "randomness" for a secure wallet. If you take the about 60 bits from browser uniqueness + current date/time and 1 bit for every mouse point (each point is worth more than one bit) and the site collects at least 200 mouse points then you have more than 256 bits (the length of a Bitcoin Private Key). This is the seed for the PRNG. If the PRNG has a flaw you are at risk. This is why the site warns people to use a browser that supports getRandomValues (OS level entropy) because if you have that then the site XORs the PRNG output with the getRandomValues output to protect you from flaws in either of those random generators.
|
|
|
|
spazzdla
Legendary
Offline
Activity: 1722
Merit: 1000
|
|
November 05, 2015, 03:36:16 AM |
|
How useless is a wallet when that random numbers warning comes up?
TL;DR The uniqueness gathered from your browser and the mouse movements should be enough "randomness" for a secure wallet. If you take the about 60 bits from browser uniqueness + current date/time and 1 bit for every mouse point (each point is worth more than one bit) and the site collects at least 200 mouse points then you have more than 256 bits (the length of a Bitcoin Private Key). This is the seed for the PRNG. If the PRNG has a flaw you are at risk. This is why the site warns people to use a browser that supports getRandomValues (OS level entropy) because if you have that then the site XORs the PRNG output with the getRandomValues output to protect you from flaws in either of those random generators. Sweet thanks for the explanation.
|
|
|
|
birr
|
|
November 05, 2015, 09:37:17 AM |
|
Looking for which browsers support getRandomValues, I found http://caniuse.com/#feat=getrandomvaluesDoes anyone here know whether dolphin browser supports getRandomValues? Didn't find any information on it.
|
|
|
|
calkob
|
|
November 19, 2015, 04:03:15 PM Last edit: November 19, 2015, 05:24:16 PM by calkob |
|
Great resource PointBiz, thanks very much. Small donantion left. Quick question, does anyone know if Blockchain.info store the private key from a watch only address once you use on their site to authorize a payment? i used the private key created on Bitaddress the other day to do such a thing. again, many thanks
|
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
November 21, 2015, 01:47:39 AM |
|
Great resource PointBiz, thanks very much. Small donantion left. Quick question, does anyone know if Blockchain.info store the private key from a watch only address once you use on their site to authorize a payment? i used the private key created on Bitaddress the other day to do such a thing. again, many thanks Thanks!
|
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
November 21, 2015, 02:16:57 AM Last edit: November 21, 2015, 02:29:54 AM by pointbiz |
|
I published a branch with bip38 encryption on the wallet details tab. It addresses the requests on this thread and the issue posted on github: https://github.com/pointbiz/bitaddress.org/issues/44Here is the branch: https://github.com/pointbiz/bitaddress.org/tree/bip38walletdetailsHere is the raw html: https://raw.githubusercontent.com/pointbiz/bitaddress.org/bip38walletdetails/bitaddress.org.htmlPlease take a look and give me feedback. I'm wondering if this is what people are looking for. Also, wondering if the usability is good. Each Private Key could have a few different BIP38 keys. This is because there is more than one way to generate a BIP38 key. Here is an example. The Paper Wallet tab would generate an "EC Multiply" BIP38 key like #1 below. It's uncompressed and uses an intermediate point derived from the passphrase then mixed with random data to make the encrypted key. Passphrase: TestingOneTwoThree 1) EC Multiply, no compression, 6PfQu77ygVyJLZjfvMLyhLMQbYnu5uguoJJ4kMCLqWwPEdfpwANVS76gTX 5K4caxezwjGCGfnoPTZ8tMcJBLB7Jvyjv4xxeacadhq8nLisLR2 If I take the WIF key above ('5xxx') then I use it on the Wallet Details tab using the passphrase above I get this BIP38 key that does NOT use "EC Multiply". 2) no EC Multiply, no compression, 6PRNpUxL88gG5GeAGqQnEpTzLfzCNaq91m8TmMwMsAqWrfG9SA4CiMsCBJ 5K4caxezwjGCGfnoPTZ8tMcJBLB7Jvyjv4xxeacadhq8nLisLR2 If you take the compressed WIF key and use it on the Wallet Details tab using the passphrase above you'll get yet another BIP38 key because this key will keep track of the compression flag so you can generate the Bitcoin Address for the compressed public key. 3) no EC Multiply, compression, 6PYMHFJQL84b73nEHQcfQYzGbvnPGufT4VkxC9aHr2gWJBkvpnQZtJrrMk L2ix4teikZY4kAD9k8Cqofxnpbdcr9FSREVzcsN3T1DTLkDhHDkk To keep things simple for users I just show one key. When decrypting a BIP38 key then I just show that key. When encrypting you get the uncompressed no EC multiply BIP38 key. Unless you use the compressed WIF key then you get the compressed no EC multiply BIP38 key. I considered that these details are not important for end users. Hence, why I just show one of these versions at any given time because you can always get the same private key out anyways.
|
|
|
|
minimalB
Donator
Hero Member
Offline
Activity: 674
Merit: 523
|
|
November 21, 2015, 11:50:57 AM |
|
Thanks pointbiz, it works perfectly!
Just a sugesiton: For intermediate user everything is clear. If you are a beginner or just started playing around with key generation and bip38 stuff, I guess you would get lost in "Details tab". Maybe separate tab with a little bit of explanation would help a lot.
|
|
|
|
|