Bitcoin Forum
November 14, 2024, 05:32:20 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 [36] 37 38 39 40 41 42 43 44 45 46 »
  Print  
Author Topic: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key  (Read 153364 times)
WBF1
Sr. Member
****
Offline Offline

Activity: 419
Merit: 250


View Profile
September 07, 2015, 11:37:28 PM
 #701

Hi guys.

What is the best method of sweeping the paper wallet?

I don't want to use blockchains android app, what other ways can I withdraw from my bitaddress paper?

https://play.google.com/store/apps/details?id=com.mycelium.wallet&hl=en
https://play.google.com/store/apps/details?id=de.schildbach.wallet

I've used mycelium a looong time ago, how is it nowadays? Which do you recommend?

Schildbach "bitcoin wallet" is nice because it connects directly to the bitcoin network.
yuyu123
Newbie
*
Offline Offline

Activity: 40
Merit: 0


View Profile
September 15, 2015, 01:08:21 AM
 #702

The sha-256 of ZIP file downloaded from here https://www.bitaddress.org/bitaddress.org-v2.9.11-SHA256-40376eddc790a63d9afcfb72c0a45002827da965f3bfe6ba8c330e697bf188b2.html is not equal to what indicated for this version here https://github.com/pointbiz/bitaddress.org/blob/master/CHANGELOG.txt
why?
aes1
Member
**
Offline Offline

Activity: 66
Merit: 10



View Profile
September 15, 2015, 07:12:26 AM
 #703

The shasum is not calculated from the zip, but the file bitaddress.org.html contained inside.

I wondered the same thing and found the answer here: http://bitcoin.stackexchange.com/questions/9112/how-can-i-verify-the-the-pgp-signature-of-bitaddress-org
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
October 25, 2015, 07:15:39 PM
 #704

v3.0.0
https://www.bitaddress.org/bitaddress.org-v3.0.0-SHA256-4781574ca09c07f65d1966619f37a762aac6decd8732cacc85b2f2f972f82751.html
 - add session log icon that shows all the key pairs generated during the current session.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1333



View Profile
October 25, 2015, 08:02:56 PM
 #705

v3.0.0
https://www.bitaddress.org/bitaddress.org-v3.0.0-SHA256-4781574ca09c07f65d1966619f37a762aac6decd8732cacc85b2f2f972f82751.html
 - add session log icon that shows all the key pairs generated during the current session.

While the log does appear to record the address I make using B6 (99 dice), it only starts recording once entropy collection is complete. Any I generate before that are lost.

I don't see any way of encrypting the private keys I generate using B6 (99 dice), and don't feel safe storing unencrypted private keys. Could the option of encrypting paper wallets be extended to the 'wallet details' tab as well, for people who don't want to trust the in-browser RNG and prefer to provide their own by rolling dice?

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
October 25, 2015, 09:03:08 PM
Last edit: October 25, 2015, 09:19:14 PM by pointbiz
 #706

Could you paste your pgp signature here at bitcointalk instead? Copy paste it into the opening message for example. It doesn't make much sense get it from the same website which authenticity I am trying to verify, specially over plain http.

Yes, done.

Thank you. sorry I didn't suggest this at first, but in adition to posting the key here (which greatly improves security) you could also upload it to a key server and update the tutorial to retrieve the key from a key server instead of from bitaddress.org.

It is fairly simple to do:
https://www.gnupg.org/gph/en/manual/x457.html

Anyway. Great work, been using it even more frequently as of lately. It is my favourite way of generating addresses as I can manually enter randomness, while many other wallets and address generators rely simply on RNGs which have been attacked repeatedly. All has been great using Bitaddress+mycelium.

I have another feature request if you're up to it:
in the wallet details tab, if the entered private key is bip38 encrypted, you could show the encrypted private key in HEX format too.

Either way, big thanks and keep up.

I plan to improve the instructions for verifying the signature.

Regarding your request "show the encrypted private key in HEX format too". Can you describe the use case?

For example a use case for "Base 64" is to hide the private key data in plain sight. There might be circumstances
1) using an insecure channel
2) holding media that can be confiscated
where data could be hidden in base 64 noise. An example is putting the private key base64 encoded data into a JPEG. Then you just have to remember the beginning byte and ending byte of the private key data within the JPEG. There is plausible deniability at play here because you are not using the Bitcoin specific base 58 encoding.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
October 25, 2015, 09:18:27 PM
 #707

20 btc reward for anyone that can assist me here;

I created an offline BTC wallet using a saved version of bitaddress.org html (version 2.76) on an offline macbook air using google chrome version 32.0.1700.77

I did the randomization it generated a new address I saved the public address and sent some coins to that public address, in the  next minute or so I hit "generate new address" by accident and it created a new wallet. I didn't save the private address but already sent the coins to that wallet. Is there any way to retrieve the previous address data? Is it saved in RAM anywhere or perhaps in the java?

Whoever can assist me in this will have 20 btc shipped to them immediately.

Regards



I do not know of anything you can do.

To prevent this happening to others in the future versions 3.0.0+ now have a session log icon that can be pressed to view all the keypairs generated during the current session.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
October 25, 2015, 09:48:13 PM
 #708

Hi guys.

What is the best method of sweeping the paper wallet?

I don't want to use blockchains android app, what other ways can I withdraw from my bitaddress paper?

I use the  Android "Bitcoin Wallet" by "Bitcoin Wallet developers":
https://play.google.com/store/apps/details?id=de.schildbach.wallet

I'm going to try Mycelium Android app because you can spend part of a paper wallet balance without sweeping it. This has the security risk that your private key is exposed temporarily in memory of your Android and then you are leaving a balance connected to that private key. But I think that's an acceptable risk for low amounts.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
October 25, 2015, 09:49:40 PM
 #709

v3.0.0
https://www.bitaddress.org/bitaddress.org-v3.0.0-SHA256-4781574ca09c07f65d1966619f37a762aac6decd8732cacc85b2f2f972f82751.html
 - add session log icon that shows all the key pairs generated during the current session.

While the log does appear to record the address I make using B6 (99 dice), it only starts recording once entropy collection is complete. Any I generate before that are lost.

I don't see any way of encrypting the private keys I generate using B6 (99 dice), and don't feel safe storing unencrypted private keys. Could the option of encrypting paper wallets be extended to the 'wallet details' tab as well, for people who don't want to trust the in-browser RNG and prefer to provide their own by rolling dice?

I have a fix coming for the issue above regarding when the recording of the session log begins. Thanks for the feedback now and over the past years!

I will add BIP38 encryption on the wallet details tabs. It will be a checkbox beside the View Details button. When checked it will make the passphrase visible so you can then encrypt your key.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
October 25, 2015, 11:21:26 PM
 #710

v3.0.1
https://www.bitaddress.org/bitaddress.org-v3.0.1-SHA256-24d2d7f047a9aa217bf69f3ef344c972c151b1e3f6a8aa86ceb9a3be62884bc0.html
- fix for session log not keeping track of keys from "Wallet Details" tab before entropy is collected.
Thanks dooglus.


Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
October 25, 2015, 11:28:39 PM
 #711

The next two features I'm planning to add are:
1) improve instructions for verifying signature (.sig) vs checking the SHA256 hash.
I'm going to look at Canton Becker's bitcoinpaperwallet.com for inspiration. He's got a good tutorial for doing this.

2) wallet details tab bip38 encrypt:
https://github.com/pointbiz/bitaddress.org/issues/44

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
minimalB
Donator
Hero Member
*
Offline Offline

Activity: 674
Merit: 523


View Profile
October 25, 2015, 11:30:55 PM
 #712

I will add BIP38 encryption on the wallet details tabs. It will be a checkbox beside the View Details button. When checked it will make the passphrase visible so you can then encrypt your key.

Great! I've been waiting for this feature patiently. Thank you for continuously improving bitaddress! I guess it's donation time again : )
spazzdla
Legendary
*
Offline Offline

Activity: 1722
Merit: 1000


View Profile
November 04, 2015, 10:28:03 PM
 #713

How useless is a wallet when that random numbers warning comes up?
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
November 05, 2015, 03:08:50 AM
Last edit: November 05, 2015, 03:21:46 AM by pointbiz
 #714

How useless is a wallet when that random numbers warning comes up?

TL;DR The uniqueness gathered from your browser and the mouse movements should be enough "randomness"  for a secure wallet.

If you take the about 60 bits from browser uniqueness + current date/time and 1 bit for every mouse point (each point is worth more than one bit) and the site collects at least 200 mouse points then you have more than 256 bits (the length of a Bitcoin Private Key). This is the seed for the PRNG. If the PRNG has a flaw you are at risk. This is why the site warns people to use a browser that supports getRandomValues (OS level entropy) because if you have that then the site XORs the PRNG output with the getRandomValues output to protect you from flaws in either of those random generators.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
spazzdla
Legendary
*
Offline Offline

Activity: 1722
Merit: 1000


View Profile
November 05, 2015, 03:36:16 AM
 #715

How useless is a wallet when that random numbers warning comes up?

TL;DR The uniqueness gathered from your browser and the mouse movements should be enough "randomness"  for a secure wallet.

If you take the about 60 bits from browser uniqueness + current date/time and 1 bit for every mouse point (each point is worth more than one bit) and the site collects at least 200 mouse points then you have more than 256 bits (the length of a Bitcoin Private Key). This is the seed for the PRNG. If the PRNG has a flaw you are at risk. This is why the site warns people to use a browser that supports getRandomValues (OS level entropy) because if you have that then the site XORs the PRNG output with the getRandomValues output to protect you from flaws in either of those random generators.

Sweet thanks for the explanation.
birr
Hero Member
*****
Offline Offline

Activity: 870
Merit: 585


View Profile
November 05, 2015, 09:37:17 AM
 #716

Looking for which browsers support getRandomValues, I found
http://caniuse.com/#feat=getrandomvalues
Does anyone here know whether dolphin browser supports getRandomValues?  Didn't find any information on it.
calkob
Hero Member
*****
Offline Offline

Activity: 1106
Merit: 521


View Profile
November 19, 2015, 04:03:15 PM
Last edit: November 19, 2015, 05:24:16 PM by calkob
 #717

Great resource PointBiz, thanks very much.  Small donantion left.  Grin

Quick question, does anyone know if Blockchain.info store the private key from a watch only address once you use on their site to authorize a payment?  i used the private key created on Bitaddress the other day to do such a thing.

again, many thanks
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
November 21, 2015, 01:47:39 AM
 #718

Great resource PointBiz, thanks very much.  Small donantion left.  Grin

Quick question, does anyone know if Blockchain.info store the private key from a watch only address once you use on their site to authorize a payment?  i used the private key created on Bitaddress the other day to do such a thing.

again, many thanks

Thanks!

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
November 21, 2015, 02:16:57 AM
Last edit: November 21, 2015, 02:29:54 AM by pointbiz
 #719

I published a branch with bip38 encryption on the wallet details tab. It addresses the requests on this thread and the issue posted on github:
https://github.com/pointbiz/bitaddress.org/issues/44

Here is the branch:
https://github.com/pointbiz/bitaddress.org/tree/bip38walletdetails

Here is the raw html:
https://raw.githubusercontent.com/pointbiz/bitaddress.org/bip38walletdetails/bitaddress.org.html

Please take a look and give me feedback. I'm wondering if this is what people are looking for. Also, wondering if the usability is good.

Each Private Key could have a few different BIP38 keys. This is because there is more than one way to generate a BIP38 key.

Here is an example. The Paper Wallet tab would generate an "EC Multiply" BIP38 key like #1 below. It's uncompressed and uses an intermediate point derived from the passphrase then mixed with random data to make the encrypted key.
Passphrase: TestingOneTwoThree
1) EC Multiply, no compression, 6PfQu77ygVyJLZjfvMLyhLMQbYnu5uguoJJ4kMCLqWwPEdfpwANVS76gTX   5K4caxezwjGCGfnoPTZ8tMcJBLB7Jvyjv4xxeacadhq8nLisLR2

If I take the WIF key above ('5xxx') then I use it on the Wallet Details tab using the passphrase above I get this BIP38 key that does NOT use "EC Multiply".
2) no EC Multiply, no compression, 6PRNpUxL88gG5GeAGqQnEpTzLfzCNaq91m8TmMwMsAqWrfG9SA4CiMsCBJ   5K4caxezwjGCGfnoPTZ8tMcJBLB7Jvyjv4xxeacadhq8nLisLR2

If you take the compressed WIF key and use it on the Wallet Details tab using the passphrase above you'll get yet another BIP38 key because this key will keep track of the compression flag so you can generate the Bitcoin Address for the compressed public key.
3) no EC Multiply, compression, 6PYMHFJQL84b73nEHQcfQYzGbvnPGufT4VkxC9aHr2gWJBkvpnQZtJrrMk   L2ix4teikZY4kAD9k8Cqofxnpbdcr9FSREVzcsN3T1DTLkDhHDkk

To keep things simple for users I just show one key. When decrypting a BIP38 key then I just show that key. When encrypting you get the uncompressed no EC multiply BIP38 key. Unless you use the compressed WIF key then you get the compressed no EC multiply BIP38 key. I considered that these details are not important for end users. Hence, why I just show one of these versions at any given time because you can always get the same private key out anyways.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
minimalB
Donator
Hero Member
*
Offline Offline

Activity: 674
Merit: 523


View Profile
November 21, 2015, 11:50:57 AM
 #720

Thanks pointbiz, it works perfectly!

Just a sugesiton: For intermediate user everything is clear. If you are a beginner or just started playing around with key generation and bip38 stuff,  I guess you would get lost in "Details tab".  Maybe separate tab with a little bit of explanation would help a lot.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 [36] 37 38 39 40 41 42 43 44 45 46 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!