Bitcoin Forum
November 02, 2024, 10:48:36 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 [40] 41 42 43 44 45 46 »
  Print  
Author Topic: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key  (Read 153342 times)
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
January 01, 2017, 08:07:18 PM
 #781

at https://bitaddress.org The url is :-

https://www.bitaddress.org/bitaddress.org-v3.3.0-SHA256-dec17c07685e1870960903d8f58090475b25af946fe95a734f88408cef4aa194.html

I'd expect the Sha256 Hash of the downloaded file to be dec17c07685e1870960903d8f58090475b25af946fe95a734f88408cef4aa194

However, after downloading the file and checking it with a Sha256 CRC it gives a Sha256 Hash of

739DDD62F01F06DDA02E7E69AEA9AF7526AB2349F02372619B92C5A952E02E6B

Where did I make a mistake.



You must save the page as "HTML only" otherwise the browser returns a version with different spacing and HTML tags the browser slightly alters.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
silversurfer1958
Full Member
***
Offline Offline

Activity: 474
Merit: 111



View Profile
January 01, 2017, 11:05:50 PM
 #782

That's it, well spotted, saved the pages as HTML only and the Sha256 Hash is now :-

dec17c07685e1870960903d8f58090475b25af946fe95a734f88408cef4aa194

As it should be.

Thanks for taking the time to look in to this,
Now I know I can trust the page offline.


silversurfer1958
Full Member
***
Offline Offline

Activity: 474
Merit: 111



View Profile
January 02, 2017, 12:07:46 AM
 #783

Devs do not suggest people use Brainwallets because humans can Never come up with something
as cryptographically secure as a truly random number.
One of the problems Bitcoin has is the speed with which a Sha256 Hash can be calculated from a password in put.
Billions of Hashes per second are possible today with a modern PC and decent graphics card.

Here's the basics of passwords.

Let's imagine you had to create a password, but were only allowed to use 1 letter for your password.
That would mean your password is one of only 26 possibilities (assuming our English alphabet)

Mathematically that would be represented as 26 to the power 1 which equals 26.

Now imagine we were allowed two letters in our password, it could be anything from aa, ab,ac...az, ba, bb...zz
The number of possibilities would then be 26 to the power 2.

Now imagine we are allowed to use both upper and lower characters, this would give a possible number of
combinations as 52 to the power 2.

Add in the numerical digits and we have 62 to the power 2 (remember we can only use 2 alphanumeric chars at this point)

Now let us add in say, 10 Special Characters eg, - + { [ ] } * £ $ %

Now we have 72 to the power 2 (72 squared possibilities) where the 2 comes from the number of characters we are alloweed to use.

Now let us be allowed to use 8 characters in our password.

That gives us a number of possible combinations as 72 to the power 8 which is  722,204,136,308,736

722 Trillion possible combinations.

While that sounds a lot of possibilities, remember, computers can calculate Sha 256 Hashes at a rate of Billion per second,
assuming a single PC (IE not including multiple PCs working together as in a Botnet, or a Govt or Private Supercomputer)

a Trillion is only 1000 x a Billion, so this means a PC could theoretically calculate all the possible hashes of an 8 char password in
1000 seconds (roughly)

In order to keep our password out of the clutches of hackers, we need Trillions of Trillions of Possibilities at least.

That means we need at least another 3 characters, at a bare minimum, even that would barely take us out of the reach of
Hackers using Brute force methods.
So we need 8 + another 10 characters at least, let's say twenty characters.

You might want to try input on your calculator what 72 to the power 20 is...
It's a huge number ~ 1.4   X 10^37   way out of the reach of any Hacker using a PC and possibly out of the reach of a Govt agency
using a super computer.

It's tempting to think then that if I have a brainwallet password that's 20 characters long, then it's secure enough and the answer
is that it might not be.
The problem is that Hackers have several character sets they can use, they can use dictionary words like Mike, or Church or Kitten.
While the word 'Kitten' has 6 characters in it, it should really only be calculated as one character because it's a dictionary word.
It's trivial for a modern PC to go through all the words in the dictionary, therefore any words you use in your brainwallet password
should be calculated as 1 character, not 6 as in the case of kitten.

Eg, if your brainwallet password is ***Robert-14091963***  A password that might be used by someone called Robert who was born on
14/09/1963

This is 21 characters long, Mathematically it might appear to be highly secure, but remember, there are far fewer 6 letter words
than the random 52^6 possibilities that it replaces.
In other words, we've reduced the strength of our password by 52^6 Ie we're reduced our password strength by 19 Trillion.
Many passwords will also have a birthdate in them, eg, 14091963  the problem with using a birthday in your password is that noone
alive today was born after 1900 (OK, a few exceptions) this means that there are very much fewer possibilities
because no one for example was born in 1658 (although someone might use that date, but the vast majority of birthdates
used in brainwallet passwords is going to be from Jan 1st 1900 onwards.  
a mere 117 years, x 365 days, a mere 42,000 possibilities, which is trivial for a PC to run through.

As a crude calculation, if you have used in your password, a name and a birthdate, the name and the birthdate
should be treated as 1 character each.

This means that cryptographically, our Password above ***Robert-14091963*** should not be regarded as a 21 character
password, but as a 9 character password.

This is well within the reach of Brainwallet hackers.

Personally, I love the concept of Brainwallets, they allow people to effectively store wealth in their head, but it's very important
that people understand their potential weaknesses, if used naively.

There are a number of solutions to this, being more cryptic with your passwords, increasing the length etc.
Another way is to generate your Bitcoin, Sha256 hashes (Public and private keys) using a much slower hashing algorithm.
This is the method chosen by Warpwallet.

https://keybase.io/warp/warp_1.0.8_SHA256_5111a723fe008dbf628237023e6f2de72c7953f8bb4265d5c16fc9fd79384b7a.html

Note the Sha256 hash

Here's a discussion on Warp wallet on reddit

https://www.reddit.com/r/Bitcoin/comments/37s8bj/psa_warp_wallet_is_a_much_better_brain_wallet/

The purpose of this post is not to suggest one method over another but to hopefully illustrate why they must be
used with a Great deal of thought, as does any method in storing cryptocurrencies.

  

Financisto
Hero Member
*****
Offline Offline

Activity: 640
Merit: 771

BTC⇆⚡⇄BTC


View Profile WWW
January 11, 2017, 02:41:37 AM
Last edit: January 11, 2017, 02:54:36 AM by Financisto
 #784

^^ Very interesting analysis you wrote right here but don't forget that Bitaddress' core business is Paper Wallet not Brainwallet.

Your post might be interpreted in many other manners...  Wink

LIST • ESCROW providers • Ranking & ScoresLIST • FOSS BrainwalletsBTC ⇆⚡⇄ BTCBTC aka BTC: 16MBvhaJoRBxW3Vk6apnvz3UYT9HAgraVS ⚡ PGP: 2680207AA9A1B69FE7A033D80DE0F221074384C4 ⚡ If you think freedom matters, please support the development of these privacy projects→DONATE some sats: TailsQubes OSWhonixVeraCryptPicocryptKryptorSimpleX Chat
bussybuddy
Full Member
***
Offline Offline

Activity: 1204
Merit: 105


PredX - AI-Powered Prediction Market


View Profile
January 11, 2017, 08:34:36 AM
 #785

Nice work!
Keep on!

Gyrsur
Legendary
*
Offline Offline

Activity: 2856
Merit: 1520


Bitcoin Legal Tender Countries: 2 of 206


View Profile WWW
January 15, 2017, 09:09:58 PM
Last edit: January 15, 2017, 09:31:24 PM by Gyrsur
 #786

love Bitaddress.org !

but a better implementation of a BrainWallet is WarpWallet because it needs more computing resources to attack it.

https://keybase.io/warp

newIndia
Legendary
*
Offline Offline

Activity: 2226
Merit: 1052


View Profile
January 15, 2017, 11:29:30 PM
 #787

but a better implementation of a BrainWallet is WarpWallet because it needs more computing resources to attack it.

That means, it is still insecure.

itsybitsyperson
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
March 03, 2017, 02:53:14 AM
 #788

Hi. I think a brain wallet made from BitAddress.org got hacked.
The brain term was 15 characters long. Is that sufficient?

I'm new to much of this - but here is the PUBLIC address of the wallet:
12ZcsaB7DhDvWjkDAA59E3gfd8SXdDfRKV

I'm trying to read this on blockchain.info
I'm trying to find the address that the final .5 bitcoin was xferred to on 11/13/2016
I think i'm reading something wrong because the address I think it goes to has a larger balance but shows only (1) transaction. I can't see how that could be. Could someone help me understand this?
What is the address that the last transaction goes to?

Thanks so much...
Lasergun
Legendary
*
Offline Offline

Activity: 1154
Merit: 1174


https://t.me/laser9un


View Profile
March 03, 2017, 10:21:40 AM
 #789

Hi. I think a brain wallet made from BitAddress.org got hacked.
The brain term was 15 characters long. Is that sufficient?

I'm new to much of this - but here is the PUBLIC address of the wallet:
12ZcsaB7DhDvWjkDAA59E3gfd8SXdDfRKV

I'm trying to read this on blockchain.info
I'm trying to find the address that the final .5 bitcoin was xferred to on 11/13/2016
I think i'm reading something wrong because the address I think it goes to has a larger balance but shows only (1) transaction. I can't see how that could be. Could someone help me understand this?
What is the address that the last transaction goes to?

Thanks so much...


Your coins were sent to 1A8hjfvXMeiss9fEtpS5qGSFAa28MdXqDQ.
Semvak
Newbie
*
Offline Offline

Activity: 48
Merit: 0


View Profile
March 04, 2017, 04:10:38 AM
 #790

Anyone can guarantee for using these service? I mean, how if site got hacked Huh
Lasergun
Legendary
*
Offline Offline

Activity: 1154
Merit: 1174


https://t.me/laser9un


View Profile
March 04, 2017, 09:00:45 AM
 #791

Anyone can guarantee for using these service? I mean, how if site got hacked Huh

To be safe It is highly recommend using this software on a computer that is offline, and stays offline.
shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1540


No I dont escrow anymore.


View Profile
March 04, 2017, 01:04:53 PM
 #792

Anyone can guarantee for using these service? I mean, how if site got hacked Huh

To be safe It is highly recommend using this software on a computer that is offline, and stays offline.

That wouldnt help against all attacks. E.g. the code could be altered in a way to use only a specific section of all possible keys. Thus they would appear random, while they not actually are. If you want to make sure you are not fucked, read the code or trust in others that have done so.

Im not really here, its just your imagination.
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
March 04, 2017, 02:13:06 PM
 #793

Anyone can guarantee for using these service? I mean, how if site got hacked Huh

To be safe It is highly recommend using this software on a computer that is offline, and stays offline.

That wouldnt help against all attacks. E.g. the code could be altered in a way to use only a specific section of all possible keys. Thus they would appear random, while they not actually are. If you want to make sure you are not fucked, read the code or trust in others that have done so.

Download from github for the most security. Random number generator is fine it's been peer reviewed.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
Morthawt
Newbie
*
Offline Offline

Activity: 32
Merit: 0



View Profile WWW
March 23, 2017, 12:32:26 AM
 #794

Very blummin nice! It has been quite some years since I even looked into, let alone involved with (since the Mt Gox debacle) since I am clueless of where to buy or sell bitcoins in an easy and legit bank-like manner (not some ebay bidding trading kind of site, so if you know of any good ones in the UK please let me know. I would like to dip my toe back into BTC as a user not a miner)

I would like to request you add an option to the paper wallet section to make some kind of cover to prevent someone seeing through an envelope. Kind of like how pin numbers for credit cards have random wavy lines and things right up against the pin to make it way hard or maybe even impossible to detect the info. It would be nice if there were some kind of thing like that, which you can sandwich face to face with the actual page to protect the QR codes through an envelope?

Just an idea.

Amazing system you have made. I was at first annoyed thinking it was a system making me dependent on going to a website but now I know it is offline and I have it saved I am very very happy indeed :-)
minimalB
Donator
Hero Member
*
Offline Offline

Activity: 674
Merit: 523


View Profile
March 30, 2017, 08:57:29 AM
 #795

Feature Request:
I wish there was an option to hide Passphrase whenever i am making paperwallet for someone else.
Mbidox
Full Member
***
Offline Offline

Activity: 212
Merit: 108


View Profile
April 17, 2017, 11:22:29 AM
 #796

According to
https://en.bitcoin.it/wiki/Private_key#Range_of_valid_private_keys
all numbers from 0x1 to 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4140 are valid private keys.

When I go to "Wallet Details" and type in the field "Enter Private Key" the following numer: 1

Why is there a message "It is not a valide private key." (?)
Millionero
Sr. Member
****
Offline Offline

Activity: 807
Merit: 423


View Profile
April 17, 2017, 04:21:38 PM
 #797

According to
https://en.bitcoin.it/wiki/Private_key#Range_of_valid_private_keys
all numbers from 0x1 to 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4140 are valid private keys.

When I go to "Wallet Details" and type in the field "Enter Private Key" the following numer: 1

Why is there a message "It is not a valide private key." (?)
Assuming you are using hex, then that "1" that you typed in is the number 1 out of a space of only 16 possibilities.
The (unextended) private key has a space of 2^256 possibilities (actually a bit less, as you posted), which is why the private key range you posted has 64 hex characters.
To use the number 1 as a private key, it has to be expressed as 1 out of 2^256 possibilities.
In hexadecimal, that would be 63 zeros followed by the numeral 1.
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0001

P.S.  um, don't use that as the private key

P.P.S.  Sometimes the words "private key" are understood in context to mean the private key in Wallet Import Format (WIF), which is a different animal, not expressed in hex at all, but in base58 check encoding.
Mbidox
Full Member
***
Offline Offline

Activity: 212
Merit: 108


View Profile
April 23, 2017, 03:53:38 PM
Last edit: April 24, 2017, 05:51:50 AM by Mbidox
 #798

I found in post #1 and on your homepage (https://www.bitaddress.org/pointbiz_bitaddress.org.asc) the following PGP SIGNATURE:

Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.13 (MingW32)

mQENBE5lizQBCADhDeJALMhaXOW6U5Lj1wyNyYwf5bh4kcP4m5pDrQCk3GzduMBh
NKsa21zgejhST74l7PRVNWJc7cLsdpQ7fCGUgbEBaApQ7+J1pSAClEdBCZ6wycgI
gAln86LmsmtsGnr77jPJEeeYI2FH6o5JEEYdc6Kji8Mkj1fNMqa8qrOFydazbvTm
EcuwtWsf+EFM1DwnaS2D0CU8Y4rB7wzaQkS/m+9yXqmhLgFI1B5mYyEhWz/YGcKs
ln93a/rLemHty54UWtpi1bn5F7alB/HnvNt65wHvXKnvi+/Teqft2jk4i0Uqd7QR
uFUBc/wTC9tJXwf83qOMOv8zqU8uJCryp4cjABEBAAG0HG5pbmphIDxuaW5qYUBi
aXRhZGRyZXNzLm9yZz6JAT4EEwECACgCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
AheABQJV9gLjBQkQ9njvAAoJEIdJe5Fjl09a6eMH/j0TIX/fQzvWhVOFNdS3rKeG
7xJ90QvlgzSwXig/lCtf2/wO216bgDwY0yZCIcvsjusneXbjSIqJ1eXIZE06B3yP
6Xmlc6GU8vu5XJvqf27axAGoghy0Y7Wag2FlgPbKJPSapqIj3O4JV/fwKH/Wmua/
J36XVW3+0G3Hx4vB15v1w4WX56ttDXo5vCMcCPn8zh5+MA2+HK1ts/SMvhG9pWuk
TCTPka3hawIQOOawoAty/zQIDma3XHjAUM4oErTLlgux7LwNl+H772GIfvy4ltj3
/LhZBDIe6NB0JArb4NqvICIZ5pDUr4Zp6QccZO6jL3KXomo6c9DPkeXMz1gpx1u0
InBvaW50Yml6IDxwb2ludGJpekBiaXRhZGRyZXNzLm9yZz6JAT4EEwECACgFAlX2
Bc0CGwMFCRD2eO8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEIdJe5Fjl09a
2CMH/iUwNXr9NP9brt93+E2YpH1zGqgnOoYVGz72WTUD+v0WP5/LN2qVMec8nqXb
dzwQI6ERQlEkgahynzaxZw44U5AKfpvxI8AFD4mOuB4aAMJxt5k5a9O1AgegJAX6
Ev04mIXGhNisq3oLIVkbhCR8IS43B6mWUYyBcICWec/gkxh/EJh3BuavlmDZBkp8
/5K/oBg6Un80jCWP1h87Fxv8dWClcF8wROaSnoFDKPsbpPNEudgxUkAycbcByy0o
v62d1X5GNFrr432EMZpTO5Up6vCA/B8K7cCS7qYsLbvo5WglYpscoDWozUld5ga1
qeZdjDI8u5qDnGKgI3ZkT5sV/WC5AQ0ETmWLNAEIAN1eqRI6ltxWZhR3EaWIca1/
p3PrV/BqY0CpWufjr/ZWjufN+QSVgICrVF/CjYxxZeo0tZ48m3qzIfr3MYIMW2+Y
Rno1p/uMbf43oqOiQy7o30u8rhLgWc3nmKFyE8I1iRToqcGM2+YxQ80zp8TvjFQW
zvMClFHS+JAa+n7Z5RwerTQPf3j4spo4oZGrxxu8UWT4qxR8BRzs6q4BSkuehzxT
TgYhxSOrKqZLKVQ/kVfUZaCy29WqV9LxnQXLFrqZeHccocp+Hd01xyCybGgynJfg
O2Oz52RXRHDEPv0hjR+b419O7QOiqGI7TQ7fcaIBUByIn84fodOnddak9XYwd1MA
EQEAAYkBHwQYAQIACQIbDAUCVfYGGwAKCRCHSXuRY5dPWsk6B/0XNmalHNn175fJ
DeFTTmZ0BAEj3izjYb4NWExutcF4AcJjqEU+oSaY7QrZoV6YBpeJ8YXVigK9EOf8
4eaQONk/ZT5yjYYn6IrFmL0SL+O2HKOxFNogv2yyLYJJXFvUcSSBZGQrNK2pbhbc
Y/r6XXpgKl/JqazvVGGl3j38t7KzTMDkmhtkL+EzX9GiaXx0tF7ZPI2JfcizotuF
ONiWDc5ferDBJaFPMYb9ElcxC5knnfkM0ti5SH3vUw1qCT6+vKB4PG7W4V1MpoMx
ZHAcHt6uj5cE2IfHO4aPRU1BnqB6lRK2ob0c8/o7d0dWwvciQhH+NrRQThqlGf8E
sjLBqm5u
=9YLe
-----END PGP PUBLIC KEY BLOCK-----

But I found on http://www.bitaddress.org/ninja_bitaddress.org.txt (Link from post #1) the following PGP SIGNATURE which is different:
Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.17 (MingW32)

mQENBE5lizQBCADhDeJALMhaXOW6U5Lj1wyNyYwf5bh4kcP4m5pDrQCk3GzduMBh
NKsa21zgejhST74l7PRVNWJc7cLsdpQ7fCGUgbEBaApQ7+J1pSAClEdBCZ6wycgI
gAln86LmsmtsGnr77jPJEeeYI2FH6o5JEEYdc6Kji8Mkj1fNMqa8qrOFydazbvTm
EcuwtWsf+EFM1DwnaS2D0CU8Y4rB7wzaQkS/m+9yXqmhLgFI1B5mYyEhWz/YGcKs
ln93a/rLemHty54UWtpi1bn5F7alB/HnvNt65wHvXKnvi+/Teqft2jk4i0Uqd7QR
uFUBc/wTC9tJXwf83qOMOv8zqU8uJCryp4cjABEBAAG0HG5pbmphIDxuaW5qYUBi
aXRhZGRyZXNzLm9yZz6JAT4EEwECACgCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
AheABQJSLPElBQkHiczxAAoJEIdJe5Fjl09aoPMH/2p6b2HjgUM0OWuStfRtVXiS
t8y8bCAeGzN+3Z/fLPncbTck2hT2S4TYd/37qghJWirrlSmzEVRW6aCVeD/tt7xA
nBkGSTWr17JRsXY0ro+zXaSPmwJyuIDnNR2Jo/ha65QlLT/yEI5cO2cIMzMI82X/
3QYFRcJBYYDSSvXbR7ctqCRns6+Eh4B+HQlRz+mBR5aXTwkr/hEsDUs2I3/bSucF
kadeH4FlM5broQ2Ccl8sESusOwhmvPFJFxTV7JpB547VlXbNOF0OEl/aztKtMEo1
+SaYU232Icdvuuxx3XT8+QUdwBndABY43HmUgbVE2ht4GyUHwKkIsbvgT5CBr/u5
AQ0ETmWLNAEIAN1eqRI6ltxWZhR3EaWIca1/p3PrV/BqY0CpWufjr/ZWjufN+QSV
gICrVF/CjYxxZeo0tZ48m3qzIfr3MYIMW2+YRno1p/uMbf43oqOiQy7o30u8rhLg
Wc3nmKFyE8I1iRToqcGM2+YxQ80zp8TvjFQWzvMClFHS+JAa+n7Z5RwerTQPf3j4
spo4oZGrxxu8UWT4qxR8BRzs6q4BSkuehzxTTgYhxSOrKqZLKVQ/kVfUZaCy29Wq
V9LxnQXLFrqZeHccocp+Hd01xyCybGgynJfgO2Oz52RXRHDEPv0hjR+b419O7QOi
qGI7TQ7fcaIBUByIn84fodOnddak9XYwd1MAEQEAAYkBJQQYAQIADwIbDAUCUizx
RwUJB4nNEwAKCRCHSXuRY5dPWsGgB/9JszPV07ZrL1OOMz7rxkBHYhwPB3Wk8fOM
PueNLQLJsE4w+WI3Pn5gtDKkR0oRgjoWCqSmTcZOukg2QQ0Zh5ChQ+f61+Z7SYgC
7PFSWmzM7+tTw73aRqUcRcpm/C5Y9EpYiCDat3gAKZ4Np3+LNLWzt8ni4EBbBGdY
Gw3z4Nc12ZAg30RY+M+jMSCr5U7xfHiKLMN9bkQJpl/H6tHiEJRnBoN3fa8o9ahh
3eA64z/kXtH74JbuUomtNr104wfA4Iw3mYM34GL4T1C8VrhKAOnCzSw8otWBuyM2
rdxVjJs1qvgp9Q10CyV0uelzZKSDWcyanBmlOm6+yO5hZI9+l2Rn
=pDI6
-----END PGP PUBLIC KEY BLOCK-----

Question 1: So which of them is guilty? I think it is the second (v2.0.17) and not v1.4.13, because v2. is newer than v1. (?)

Question2: My expectation was that the "PGP SIGNATURE" in the actual message on https://www.bitaddress.org/CHANGELOG.txt.asc is the same like the PGP Signature in the blocks above. But this "PGP SIGNATURE" is again different:

Code:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJYXsrGAAoJEIdJe5Fjl09aoeMH/jtuyhZTOsVcvR5AWlFDxCqe
gEMXlBoss+ICZb+d394xkjqfczQwc8g3zg6CLmp13ftuqdC5BZSMEfZFb3Hj8fPo
dGyRpNBpai19P6dt8g5BjQ/ZEejZrmQvNK8kCmmCf8fdBr95h09g0ZjQyLfLXUu2
vzQBSNy1G9WL1xJmNhcRf6cn/wDQPDIKNUNDySuDPDNHWWUX4nswbggb4ae9Xmyg
o9VhhCmkqgZ5Wd6f+AEXQVWe1uEaPmysRhaOHiw6DB6DpAZoeOG14LUQ/qTOtVFj
nPrswwbrX3D2X0C+X0ZnZkFSkidj2MuPE53qnMa2NNMtzhvFS9cXP9i9xyiH6/w=
=wZb6
-----END PGP SIGNATURE-----

Can you help me please.


Edit:
Nevertheless I tried the following:

1. As in https://www.bitaddress.org/CHANGELOG.txt.asc at the top you write "Hash: SHA1" I asume, that you did generate a SHA1 Hash of this message.
2. So I went http://hash.online-convert.com/sha1-generator.
3. Into the filed "Or enter URL of the file where you want to create a SHA1 hash:" I entered "http://hash.online-convert.com/sha1-generator" (this is the message)
4. I clicked the button "convert file"

My expectation was, that I now will get some of the PGP SIGNATURE in the code windows above. But what I got is the following:

Code:
hex: 15f511b73d9a9aa54a76ae107585dc6075c70fd0
HEX: 15F511B73D9A9AA54A76AE107585DC6075C70FD0
h:e:x: 15:f5:11:b7:3d:9a:9a:a5:4a:76:ae:10:75:85:dc:60:75:c7:0f:d0
base64: FfURtz2amqVKdq4QdYXcYHXHD9A=

None of this output is the same, as one of the above PGP Signatures.

Question 3: What do I make wrong?
bitterbug
Member
**
Offline Offline

Activity: 78
Merit: 10


View Profile
June 15, 2017, 09:10:01 AM
 #799

Hi,

I'm fairly new to PKI, so bear with me please.

I have a couple of questions about verifying the signed message.


...

Verifying the release:
1) get public key of author
2) import public key of author
3) get HTML from bitaddress.org
4) sha1 checksum of HTML
5) verify signed message from author
6) confirm sha1 in step 4 & 5 matches
NOTE: If the web page is saved as "web page complete" as opposed to "web page html only" the checksum will not match.

Code:
wget http://www.bitaddress.org/ninja_bitaddress.org.txt
gpg --import ninja_bitaddress.org.txt
wget http://www.bitaddress.org/bitaddress.org-v2.9.1-SHA1-67b1facd70890aa9544597e97122c7a1d4fdc821.html
sha1sum bitaddress.org-v2.9.1-SHA1-67b1facd70890aa9544597e97122c7a1d4fdc821.html
wget -qO- http://www.bitaddress.org/pgpsignedmsg.txt | gpg -d

...


It appears to me that 'gpg -d' is an instruction to gpg to decrypt the file argument.

1) Why is it necessary to decrypt the message when I can read it perfectly as it is?
2) Why is there no mention of 'verify' in this step's command (step 5)? I was expecting to use one or other variation of '--verify'. Please clarify.

Thanks for any feedback.
jofus
Full Member
***
Offline Offline

Activity: 127
Merit: 100


View Profile
June 16, 2017, 05:12:07 AM
 #800

This address generator is great.  I used it to print off Bitcoin wallets.  I am wondering if anyone can tell me how to print of Litecoin wallets though?

I have no problem using lite address.org, but when I download the zip file, it just gives me Bitaddress that is used for Bitcoin, not Litecoin.

Is there a link somewhere I can download the litecoin address generator so that I can generate offline?

Thanks
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 [40] 41 42 43 44 45 46 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!