I've noticed that on the paper wallet page you have the option to choose how many wallets you wish to create. The problem is that the "random" secureRandom object is used for ALL of the wallets which you create on that page. Why is the object not refreshed on each wallet creation?
Why would it be? Entropy is not 'used up'. Recreating the object won't save you if you don't have enough entropy.
In fact in bitaddress.org a small amount entropy is constantly added with every mouse move, mouse click and key press.
<body onclick="SecureRandom.seedTime();" onkeypress="SecureRandom.seedTime();" onmousemove="ninja.seeder.seed(event);">
On further inspection I've found this is not true. Even though seedTime() is invoked, the entropy is not added to the PRNG used to create private keys. There is a TODO in the source about reseeding so the author has this in mind.
Also please could somebody explain this bit of logic for randomising the 256 digits in this bit of code:
while (sr.pptr < sr.poolSize) { // extract some randomness from Math.random()
t = Math.floor(65536 * Math.random());
sr.pool[sr.pptr++] = t >>> 8;
sr.pool[sr.pptr++] = t & 255;
}
What is the reasoning of the bitand and the >>> 8? Couldn't this be a bit shift to a different integer? Why 8? Please explain to me.
Thanks!
It's pretty clear to me that the code is like this to extract two bytes from each call of Math.random()
So the first line in that loop creates a random number in the range [0, 65536) which is the standard 16 bit range.
The next line with the right shift by 8 adds the upper 8 bits to the sr.pool array, the line after that adds the lower 8 bits to the sr.pool array.
I'm not too sure why the author doesn't extract one byte at a time. Although I'm pretty confident it won't steal your bitcoins doing it either way.
while (sr.pptr < sr.poolSize) {
sr.pool[sr.pptr++] = Math.floor(256 * Math.random());
}
Soon enough, all these fears can be rested when
something like this is added. I imagine a nice text entry box where the user can type in anything they like. I'll be extracting randomness from /dev/random on my LiveCD and copypasting the result into the text entry box.
Other paranoid people might be taking a photo with their hand covering the camera, since the fluctuations on the CCDs are a good source of randomness. Others might even download from random.org
edit: needless to say you could do that now by modifying the source. Add this to the code right after sr.seedInt(window.screenY); when sr is initialised.
secret_seed = "372f7e2fd2d01ce2a1d71dc072acbba4c6fd25a1087cd7f153f4ec0ce37e1ede"
for (t = 0; t < secret_seed.length; ++t) {
sr.pool[sr.pptr++] ^= secret_seed.charCodeAt(t) & 255;
if (sr.pptr >= sr.poolSize) sr.pptr -= sr.poolSize;
}
Then put whatever you want into secret_seed and that entropy will be added to the RNG.
I'm not responsible for any loss of bitcoins. Peer review of my code happily accepted.
edit2: for completeness I'd run this on the terminal to obtain 16 bytes (128 bits) of entropy.
cat /dev/random | head -c 16 | sha256sum
