Bitcoin Forum
November 09, 2024, 10:18:00 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [23] 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 »
  Print  
Author Topic: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key  (Read 153356 times)
minimalB
Donator
Hero Member
*
Offline Offline

Activity: 674
Merit: 523


View Profile
October 21, 2013, 10:52:10 PM
 #441

Interesting, i have exactly the same question as you kwukduck : )

v2.4 is online but master download on github is v2.5. Can anyone elaborate why is it this way?
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
October 23, 2013, 04:29:05 AM
 #442

I noticed the current version on the website (v2.4) is quite old (2013-02-17) compared to the one at github (v2.5)(2013-08-29) a lot of changes seem to have been made.

Why isn't the code on the website updated? Has the code on github been reviewed anywhere? is it usable and secure to begin with? Should i use the 'old' one or the new one?

v2.4 is a solid release use that until v2.5 is on the website, however there are no known issue with v2.5. I'm thinking about changing the versioning to X.Y.Z and incrementing with each checkin to github.

v2.5 is a major release with BIP38 encrypted private keys on the Paper Wallets tab, it's almost done. I've been checking in along the way to make forking/merging with other developers easier. It also gives people time to audit the code as there are updated versions of the CryptoJS libraries.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
October 23, 2013, 07:32:22 AM
 #443

hi pointbiz! Don't forget to use compressed keys by default for everything. Smiley

minimalB
Donator
Hero Member
*
Offline Offline

Activity: 674
Merit: 523


View Profile
October 23, 2013, 08:36:30 AM
 #444

@pointbiz: is it possible to download v2.4 master from github? Can't seem to find it. Only v2.5. Thanks.
dillpicklechips
Hero Member
*****
Offline Offline

Activity: 994
Merit: 507


View Profile
October 24, 2013, 09:13:14 PM
 #445

v2.5 is a major release with BIP38 encrypted private keys on the Paper Wallets tab, it's almost done. I've been checking in along the way to make forking/merging with other developers easier. It also gives people time to audit the code as there are updated versions of the CryptoJS libraries.
Will you allow crazy high values for BIP38 encrypted keys? If I'm only making one key I don't mind having the browser calculate all night long if that means brute forcing will be extremely hard. Or is that something that can't change according to BIP38?
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
October 24, 2013, 11:01:22 PM
 #446

Here is a feature request that I think would help assuage people's fears about random number generation, which have become more valid the more we hear about NSA-rigged RNG.

Right now, the script collects entropy by way of mouse movements.

I propose that the script also collect some additional entropy by way of the keyboard.

When the script generates new private keys, the private key should be SHA256(user-entered-string | prng-generated-string) (where | is concatenation).  
I agree and consider this a high priority item on the TODO.

Further, the string provided to SHA256 should be optionally printed somewhere on the note as an "audit code" (it could be invisible unless the user decides to click something to make it visible).

The purpose of the audit code is to allow anybody to reproduce the private key by hashing the string.  If it can be proven that the user-entered-string is part of the entropy that went into the private keys, then any user sophisticated enough to actually provide enough entropy via the keyboard can be reasonably assured that even if the prng is defective (whether by design or accident), that his keys are secure.
What is the formula to take the audit code and reproduce the private key after you have the printed paper wallet?

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
October 25, 2013, 03:27:13 AM
 #447

Will you allow crazy high values for BIP38 encrypted keys? If I'm only making one key I don't mind having the browser calculate all night long if that means brute forcing will be extremely hard. Or is that something that can't change according to BIP38?

BIP38 sort of hard codes some fairly expensive parameters where on today's computers, a native implementation does one in under a second, and a typical javascript implementation on a desktop might take ten seconds.  Allowing crazy high values in BIP38 is not really feasible because if they can be set too high, then it discourages developers from supporting it, because their services can be subjected to denial of service attacks by any user who sends a BIP38 code that asks for hours of CPU time just to decrypt.

I agree and consider this a high priority item on the TODO.

Sweet, the paranoid side of me is very happy.

What is the formula to take the audit code and reproduce the private key after you have the printed paper wallet?

Simply use the audit code as though it were a SHA256 brain wallet and it should yield the same private key and address.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
October 25, 2013, 04:00:46 AM
 #448

v2.5.1

https://www.bitaddress.org/bitaddress.org-v2.5.1-SHA1-b7bda19c2327cc44a81b68a44926a9f8057ed681.html
 - BIP38 passphrase protected paper wallets. Thanks to casascius, scintill, Zeilap.
   Paper Wallet tab and Wallet Details tab support BIP38.
 - Compressed address support on Bulk Wallet tab.
 - Greek translations thanks to ifaist0s

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
October 25, 2013, 04:05:20 AM
 #449

Android complains about non-trusted CA for bitaddress. Pointbiz, would you please state here who issued the certificate, and provide the serial number and the fingerprint? Thanks!

Serial Number: ‎14 b3 cb e0 a1 af 8c d6 5b 87 e2 13 a9 38 6b ec
Fingerprint: ‎4c 99 b0 fb c5 42 5d d7 1c 53 81 ec 49 0c 5e cc 76 e2 4a f9
Issuer: PositiveSSL CA 2

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
dillpicklechips
Hero Member
*****
Offline Offline

Activity: 994
Merit: 507


View Profile
October 25, 2013, 04:38:29 AM
 #450

v2.5.1

https://www.bitaddress.org/bitaddress.org-v2.5.1-SHA1-b7bda19c2327cc44a81b68a44926a9f8057ed681.html
 - BIP38 passphrase protected paper wallets. Thanks to casascius, scintill, Zeilap.
   Paper Wallet tab and Wallet Details tab support BIP38.
 - Compressed address support on Bulk Wallet tab.
 - Greek translations thanks to ifaist0s

Cool. Will BIP38 be added to bulk?  Does wallet details section decrypt encrypted keys?
slothbag
Sr. Member
****
Offline Offline

Activity: 369
Merit: 250



View Profile
October 25, 2013, 09:40:16 AM
Last edit: October 25, 2013, 10:05:35 AM by slothbag
 #451

Awesome, thanks pointbiz.

Quick question, how do you decrypt a BIP38 encrypted key?  The "Wallet details" tab doesn't recognize it.

Edit: Sorry, yes the Wallet details tab does support it, user error Smiley
canton
Sr. Member
****
Offline Offline

Activity: 261
Merit: 285



View Profile WWW
October 29, 2013, 03:25:17 PM
 #452

Pointbiz, I forgot whether or not I've mentioned to you that Gavin sent me a patch for my own fork of bitaddress to take advantage of crypto.getRandomValues (if supported by the browser) to generate better random numbers.

I've had this in place at https://bitcoinpaperwallet.com for a couple months now, and I meant to issue a github pull request but I just haven't gotten around to it. See the link below to see where Gavin suggested adding it. I don't think you've added this support, but since crypto.getRandomValues is fairly well supported at this point, I think it's worth adding to bitaddress.org. MOAR random please! Smiley

https://github.com/cantonbecker/bitcoinpaperwallet/commit/b4c2cf68e79f9f469cd180238d9377086058aaa9

PS: As always, thanks for your continued work on this excellent engine. Happily donated another .25BTC just now
https://blockchain.info/tx/4fddde7eea3a9af15c6a120fe93b6da9fe6a1da287c1c448c47615407a7f87f9

May I remind everyone on this thread that Pointbiz's project is essential to ongoing easy and safe security of offline bitcoin? His donation address is 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN

- Canton
minimalB
Donator
Hero Member
*
Offline Offline

Activity: 674
Merit: 523


View Profile
October 29, 2013, 10:14:23 PM
 #453

BIP38 integration is just, well, wow. Thanks so much!
wuchengjian
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
October 30, 2013, 11:01:01 AM
 #454

great tool!
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
October 31, 2013, 01:04:20 AM
 #455

Pointbiz, I forgot whether or not I've mentioned to you that Gavin sent me a patch for my own fork of bitaddress to take advantage of crypto.getRandomValues (if supported by the browser) to generate better random numbers.

I've had this in place at https://bitcoinpaperwallet.com for a couple months now, and I meant to issue a github pull request but I just haven't gotten around to it. See the link below to see where Gavin suggested adding it. I don't think you've added this support, but since crypto.getRandomValues is fairly well supported at this point, I think it's worth adding to bitaddress.org. MOAR random please! Smiley

https://github.com/cantonbecker/bitcoinpaperwallet/commit/b4c2cf68e79f9f469cd180238d9377086058aaa9

PS: As always, thanks for your continued work on this excellent engine. Happily donated another .25BTC just now
https://blockchain.info/tx/4fddde7eea3a9af15c6a120fe93b6da9fe6a1da287c1c448c47615407a7f87f9

May I remind everyone on this thread that Pointbiz's project is essential to ongoing easy and safe security of offline bitcoin? His donation address is 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN

- Canton

This is the first I've heard. Thank you for mentioning it. I will add it soon.
And thanks for the donation! Also, great site. Your paper wallet design looks great.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
dillpicklechips
Hero Member
*****
Offline Offline

Activity: 994
Merit: 507


View Profile
October 31, 2013, 02:41:36 AM
 #456

I tried putting the encrypted key in the wallet details tab but it didn't work. Am I missing something?
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
October 31, 2013, 03:58:38 AM
 #457

I tried putting the encrypted key in the wallet details tab but it didn't work. Am I missing something?

When you enter your encrypted key and click View Details it should display an input box for the passphrase.

Does the passphrase box appear?

This is the regex I use:
/^6P[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]{56}$/


Can you generate an encrypted key that does not work that you are willing to share with a passphrase to help diagnose?


Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
dillpicklechips
Hero Member
*****
Offline Offline

Activity: 994
Merit: 507


View Profile
October 31, 2013, 04:30:30 AM
 #458

I tried putting the encrypted key in the wallet details tab but it didn't work. Am I missing something?

When you enter your encrypted key and click View Details it should display an input box for the passphrase.

Does the passphrase box appear?

This is the regex I use:
/^6P[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]{56}$/


Can you generate an encrypted key that does not work that you are willing to share with a passphrase to help diagnose?


I'm using Chrome and an example key 6PfMEYvZfwTv7SccHBx6B7mfFBEoV AdAdyUUYpufneihL9a62d35xA4Sbw and no password box appears. When I click details it just says it's not a valid key and if it should be a sha256 hash instead...
minimalB
Donator
Hero Member
*
Offline Offline

Activity: 674
Merit: 523


View Profile
October 31, 2013, 09:57:16 AM
 #459

I'm using Chrome and an example key 6PfMEYvZfwTv7SccHBx6B7mfFBEoV AdAdyUUYpufneihL9a62d35xA4Sbw and no password box appears. When I click details it just says it's not a valid key and if it should be a sha256 hash instead...

It works fine in Firefox v24.0

I entered encrypted private key "6PfMEYvZfwTv7SccHBx6B7mfFBEoVAdAdyUUYpufneihL9a62d35xA4Sbw" and when i pressed "View Details" the "Enter BIP38 Passphrase" field appeared.
dillpicklechips
Hero Member
*****
Offline Offline

Activity: 994
Merit: 507


View Profile
October 31, 2013, 04:16:20 PM
 #460

I'm using Chrome and an example key 6PfMEYvZfwTv7SccHBx6B7mfFBEoV AdAdyUUYpufneihL9a62d35xA4Sbw and no password box appears. When I click details it just says it's not a valid key and if it should be a sha256 hash instead...

It works fine in Firefox v24.0

I entered encrypted private key "6PfMEYvZfwTv7SccHBx6B7mfFBEoVAdAdyUUYpufneihL9a62d35xA4Sbw" and when i pressed "View Details" the "Enter BIP38 Passphrase" field appeared.

Not sure if anything changed but it worked for me today. Weird.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [23] 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!