Bitcoin Forum
November 02, 2024, 06:44:16 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [24] 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 »
  Print  
Author Topic: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key  (Read 153342 times)
canton
Sr. Member
****
Offline Offline

Activity: 261
Merit: 285



View Profile WWW
November 01, 2013, 02:22:35 PM
 #461

This is the first I've heard. Thank you for mentioning it. I will add it soon. And thanks for the donation! Also, great site. Your paper wallet design looks great.

You're welcome and thanks for the nice words.

Regarding window.crypto.getRandomValues support: A top priority in my generator is that I'm going to add a note so that users are informed on the first screen whether or not their browser supports this function -- and if they don't, they'll be recommended to switch to a more modern browser if not.)  Ever since that insufficiency was found in the Android OS random number generator, I've been concerned about making sure the JS RNG is as strong as possible.

Question: in cases where window.crypto.getRandomValues is supported, can we safely turn off collecting mouse movement entropy? To me this seems like it would be a great motivator to get users to switch to a more modern browser --  non-getRandomValues browsers would require them to wiggle their mouse for a while (maybe even longer if we increase the entropy) while the getRandomValues browsers give instant satisfaction.

Its About Sharing
Legendary
*
Offline Offline

Activity: 1442
Merit: 1000


Antifragile


View Profile
November 02, 2013, 09:46:15 AM
 #462

https://www.bitaddress.org

I have provided a signed version of the SHA1 hash of the file:
http://www.bitaddress.org/ninja_bitaddress.org.txt - PGP Public Key
http://www.bitaddress.org/pgpsignedmsg.txt - Signed Message
Key fingerprint = 527B 5C82 B1F6 B2DB 72A0 ECBF 8749 7B91 6397 4F5A


For those of us Noobs, and for the purposes of education and security, how can we check the the Signed Message? I have GPG on my computer and only know how to check a .sig file as Canton showed on his site.

I was able to verify the Key Fingerprint (File Checksum) here http://onlinemd5.com/ by selecting Sha1 and checking a File Checksum on the File (right?) And I got  - B7BDA19C2327CC44A81B68A44926A9F8057ED681.

Any other suggestions, links, etc are appreciated.

Much Thanks,
Its about sharing

BTC = Black Swan.
BTC = Antifragile - "Some things benefit from shocks; they thrive and grow when exposed to volatility, randomness, disorder, and stressors and love adventure, risk, and uncertainty. Robust is not the opposite of fragile.
Newar
Legendary
*
Offline Offline

Activity: 1358
Merit: 1001


https://gliph.me/hUF


View Profile
November 02, 2013, 10:36:02 AM
 #463

https://www.bitaddress.org

I have provided a signed version of the SHA1 hash of the file:
http://www.bitaddress.org/ninja_bitaddress.org.txt - PGP Public Key
http://www.bitaddress.org/pgpsignedmsg.txt - Signed Message
Key fingerprint = 527B 5C82 B1F6 B2DB 72A0 ECBF 8749 7B91 6397 4F5A


For those of us Noobs, and for the purposes of education and security, how can we check the the Signed Message? I have GPG on my computer and only know how to check a .sig file as Canton showed on his site.

[...]

Easiest for me (using KGpg): Import the public key, copy the whole message text to the clipboard, select "Sign/Verify Clipboard":
Code:
Good signature from:
ninja <ninja@bitaddress.org>
Key ID: 527B5C82B1F6B2DB72A0ECBF87497B9163974F5A
The signature was created at Friday, October 25, 2013 05:57:16 AM
The signature is valid, but the key is untrusted

OTC rating | GPG keyid 1DC91318EE785FDE | Gliph: lightning bicycle tree music | Mycelium, a swift & secure Bitcoin client for Android | LocalBitcoins
TheButterZone
Legendary
*
Offline Offline

Activity: 3052
Merit: 1032


RIP Mommy


View Profile WWW
November 02, 2013, 10:36:16 AM
 #464

Dirty way to check it is command prompt
curl http://www.bitaddress.org/pgpsignedmsg.txt | gpg -d

gpg will say when the signature was made and with what RSA key ID. I got
"gpg: Signature made Thu Oct 24 20:57:16 2013 PDT using RSA key ID 63974F5A" (last 8 characters of the key fingerprint above).

"public key not found" because I didn't import the key.

Saying that you don't trust someone because of their behavior is completely valid.
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
November 03, 2013, 05:38:43 PM
 #465

https://www.bitaddress.org

I have provided a signed version of the SHA1 hash of the file:
http://www.bitaddress.org/ninja_bitaddress.org.txt - PGP Public Key
http://www.bitaddress.org/pgpsignedmsg.txt - Signed Message
Key fingerprint = 527B 5C82 B1F6 B2DB 72A0 ECBF 8749 7B91 6397 4F5A


For those of us Noobs, and for the purposes of education and security, how can we check the the Signed Message? I have GPG on my computer and only know how to check a .sig file as Canton showed on his site.

I was able to verify the Key Fingerprint (File Checksum) here http://onlinemd5.com/ by selecting Sha1 and checking a File Checksum on the File (right?) And I got  - B7BDA19C2327CC44A81B68A44926A9F8057ED681.

Any other suggestions, links, etc are appreciated.

Much Thanks,
Its about sharing

Verifying the release:
1) get public key of author
2) import public key of author
3) get HTML from bitaddress.org
4) sha1 checksum of HTML
5) verify signed message from author
6) confirm sha1 in step 4 & 5 matches

Code:
wget http://www.bitaddress.org/ninja_bitaddress.org.txt
gpg --import ninja_bitaddress.org.txt
wget http://www.bitaddress.org/bitaddress.org-v2.5.1-SHA1-b7bda19c2327cc44a81b68a44926a9f8057ed681.html
sha1sum bitaddress.org-v2.5.1-SHA1-b7bda19c2327cc44a81b68a44926a9f8057ed681.html
wget -qO- http://www.bitaddress.org/pgpsignedmsg.txt | gpg -d

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
dillpicklechips
Hero Member
*****
Offline Offline

Activity: 994
Merit: 507


View Profile
November 03, 2013, 07:25:04 PM
 #466

Verifying the release:
1) get public key of author
2) import public key of author
3) get HTML from bitaddress.org
4) sha1 checksum of HTML
5) verify signed message from author
6) confirm sha1 in step 4 & 5 matches

Code:
wget http://www.bitaddress.org/ninja_bitaddress.org.txt
gpg --import ninja_bitaddress.org.txt
wget http://www.bitaddress.org/bitaddress.org-v2.5.1-SHA1-b7bda19c2327cc44a81b68a44926a9f8057ed681.html
sha1sum bitaddress.org-v2.5.1-SHA1-b7bda19c2327cc44a81b68a44926a9f8057ed681.html
wget -qO- http://www.bitaddress.org/pgpsignedmsg.txt | gpg -d

You should put that on your OP!! Also make note that if the page is saved as "whole webpage" as appossed to "just html" the checksum will not match.
Its About Sharing
Legendary
*
Offline Offline

Activity: 1442
Merit: 1000


Antifragile


View Profile
November 03, 2013, 07:37:12 PM
 #467

Great replies guys! Thanks so much for taking the time.

I have been playing around for around 30 minutes now and can't get it going on my mac (fully). I am just not proficient on it like Linux.
Anyone know the mac commands for what pointbiz wrote?

Thanks again, much appreciated,
IAS

BTC = Black Swan.
BTC = Antifragile - "Some things benefit from shocks; they thrive and grow when exposed to volatility, randomness, disorder, and stressors and love adventure, risk, and uncertainty. Robust is not the opposite of fragile.
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
November 03, 2013, 09:27:37 PM
 #468

v2.6.0

https://www.bitaddress.org/bitaddress.org-v2.6.0-SHA1-4f1fea4620287f863473193b8d93a8f3877ba972.html
 - Usability improvements to Single Wallet, Paper Wallet and Brain Wallet.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
November 03, 2013, 09:30:02 PM
 #469

Great replies guys! Thanks so much for taking the time.

I have been playing around for around 30 minutes now and can't get it going on my mac (fully). I am just not proficient on it like Linux.
Anyone know the mac commands for what pointbiz wrote?

Thanks again, much appreciated,
IAS

I uploaded a .sig for you for v2.5.1 and v2.6.0
https://www.bitaddress.org/bitaddress.org-v2.5.1-SHA1-b7bda19c2327cc44a81b68a44926a9f8057ed681.html.sig
https://www.bitaddress.org/bitaddress.org-v2.6.0-SHA1-4f1fea4620287f863473193b8d93a8f3877ba972.html.sig

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
Gaff
Hero Member
*****
Offline Offline

Activity: 924
Merit: 502


View Profile
November 04, 2013, 10:05:46 AM
 #470

I absolutely love what you've done with this project!

One minor request though: Could you change the bulk paper wallet generation so that the public key and private key are in different columns. The reason is that I want to give (bulk) encrypted wallets to people to look after for me, but I don't want them to know the public addresses (and thus how many coins I have).

If they were arranged in neat columns I could simply print them out and cut off the public key column. The artwork version is perfect like this, but I want the wallets-per-page density of the non-art version.

What do you think?


koin
Legendary
*
Offline Offline

Activity: 873
Merit: 1000


View Profile
November 04, 2013, 11:07:52 PM
 #471

v2.5.1

 - BIP38 passphrase protected paper wallets.

how do you spend the funds that are stored to a bip38 encrypted password wallet?
coblee
Donator
Legendary
*
Offline Offline

Activity: 1654
Merit: 1351


Creator of Litecoin. Cryptocurrency enthusiast.


View Profile
November 05, 2013, 10:11:44 AM
 #472

Thanks for this great update, pointbiz!
https://liteaddress.org/ updated: https://forum.litecoin.net/index.php/topic,6762.0.html

minimalB
Donator
Hero Member
*
Offline Offline

Activity: 674
Merit: 523


View Profile
November 06, 2013, 12:28:36 PM
 #473

Is it possible to BIP38 passphrase protect already generated private keys?
I'd love to print again some of my existing paperwallets and passphrase protect them.
TheButterZone
Legendary
*
Offline Offline

Activity: 3052
Merit: 1032


RIP Mommy


View Profile WWW
November 06, 2013, 11:07:58 PM
 #474

Is it possible to BIP38 passphrase protect already generated private keys?
I'd love to print again some of my existing paperwallets and passphrase protect them.


+1

Saying that you don't trust someone because of their behavior is completely valid.
VTC
Member
**
Offline Offline

Activity: 84
Merit: 14



View Profile
November 07, 2013, 06:05:05 AM
 #475

Is it possible to BIP38 passphrase protect already generated private keys?
I'd love to print again some of my existing paperwallets and passphrase protect them.


It is possible with https://github.com/casascius/Bitcoin-Address-Utility
There's a complied win32 on his website.
BitFanatic
Newbie
*
Offline Offline

Activity: 17
Merit: 0


View Profile
November 09, 2013, 11:13:46 PM
Last edit: November 09, 2013, 11:25:24 PM by BitFanatic
 #476

Disclaimer: I am no expert especially with Javascript.

I have been digging through the bitaddress.org code and I have a couple of concerns in generating the paper wallet addresses.

I've noticed that on the paper wallet page you have the option to choose how many wallets you wish to create. The problem is that the "random" secureRandom object is used for ALL of the wallets which you create on that page. Why is the object not refreshed on each wallet creation?

Let me show this with screenshot.

https://i.imgur.com/96ppaNM.jpg

So this random object value is used for ALL of the wallets when creating them in bulk. Surely the secureRandom should be recreated for each wallet?

Also please could somebody explain this bit of logic for randomising the 256 digits in this bit of code:

      while (sr.pptr < sr.poolSize) {  // extract some randomness from Math.random()
         t = Math.floor(65536 * Math.random());
         sr.pool[sr.pptr++] = t >>> 8;
         sr.pool[sr.pptr++] = t & 255;
      }

What is the reasoning of the bitand and the >>> 8? Couldn't this be a bit shift to a different integer? Why 8? Please explain to me.

Thanks!
koin
Legendary
*
Offline Offline

Activity: 873
Merit: 1000


View Profile
November 10, 2013, 01:48:42 PM
Last edit: November 10, 2013, 07:11:33 PM by koin
 #477

how do you spend the funds that are stored to a bip38 encrypted password wallet?

found an answer: http://www.bit2factor.org and click "decrypt private key".   then import that private key into a client, or sweep it using something like the cold storage spend feature in mycelium for android.  to do that, you can generate a qr code of the private key using the "wallet details" tab from bitaddress.org and then scan that from mycelium.

update:
pointbiz responded below ... use the "wallet details" tab, paste the encrypted private key and it will prompt for the bip38 passphrase.  then it will show the qr code of the private key that can be spent using cold storage spending from mycelium for android.
yakov
Newbie
*
Offline Offline

Activity: 40
Merit: 0


View Profile
November 10, 2013, 03:42:06 PM
Last edit: November 10, 2013, 11:15:38 PM by yakov
 #478

I've noticed that on the paper wallet page you have the option to choose how many wallets you wish to create. The problem is that the "random" secureRandom object is used for ALL of the wallets which you create on that page. Why is the object not refreshed on each wallet creation?

Why would it be? Entropy is not 'used up'. Recreating the object won't save you if you don't have enough entropy.


In fact in bitaddress.org a small amount entropy is constantly added with every mouse move, mouse click and key press.

Code:
<body onclick="SecureRandom.seedTime();" onkeypress="SecureRandom.seedTime();" onmousemove="ninja.seeder.seed(event);">

edit3: On further inspection I've found this is not true. Even though seedTime() is invoked, the entropy is not added to the PRNG used to create private keys. There is a TODO in the source about reseeding so the author has this in mind.



Also please could somebody explain this bit of logic for randomising the 256 digits in this bit of code:

      while (sr.pptr < sr.poolSize) {  // extract some randomness from Math.random()
         t = Math.floor(65536 * Math.random());
         sr.pool[sr.pptr++] = t >>> 8;
         sr.pool[sr.pptr++] = t & 255;
      }

What is the reasoning of the bitand and the >>> 8? Couldn't this be a bit shift to a different integer? Why 8? Please explain to me.

Thanks!

It's pretty clear to me that the code is like this to extract two bytes from each call of Math.random()

So the first line in that loop creates a random number in the range [0, 65536) which is the standard 16 bit range.
The next line with the right shift by 8 adds the upper 8 bits to the sr.pool array, the line after that adds the lower 8 bits to the sr.pool array.

I'm not too sure why the author doesn't extract one byte at a time. Although I'm pretty confident it won't steal your bitcoins doing it either way.
Code:
		while (sr.pptr < sr.poolSize) {
sr.pool[sr.pptr++] = Math.floor(256 * Math.random());
}


Soon enough, all these fears can be rested when something like this is added. I imagine a nice text entry box where the user can type in anything they like. I'll be extracting randomness from /dev/random on my LiveCD and copypasting the result into the text entry box.
Other paranoid people might be taking a photo with their hand covering the camera, since the fluctuations on the CCDs are a good source of randomness. Others might even download from random.org

edit: needless to say you could do that now by modifying the source. Add this to the code right after sr.seedInt(window.screenY); when sr is initialised.
Code:
		secret_seed = "372f7e2fd2d01ce2a1d71dc072acbba4c6fd25a1087cd7f153f4ec0ce37e1ede"
for (t = 0; t < secret_seed.length; ++t) {
sr.pool[sr.pptr++] ^= secret_seed.charCodeAt(t) & 255;
if (sr.pptr >= sr.poolSize) sr.pptr -= sr.poolSize;
}

Then put whatever you want into secret_seed and that entropy will be added to the RNG.
I'm not responsible for any loss of bitcoins. Peer review of my code happily accepted.

edit2: for completeness I'd run this on the terminal to obtain 16 bytes (128 bits) of entropy.
Code:
cat /dev/random | head -c 16 | sha256sum
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
November 10, 2013, 03:57:00 PM
 #479

how do you spend the funds that are stored to a bip38 encrypted password wallet?

found an answer: http://www.bit2factor.org and click "decrypt private key".   then import that private key into a client, or sweep it using something like the cold storage spend feature in mycelium for android.  to do that, you can generate a qr code of the private key using the "wallet details" tab from bitaddress.org and then scan that from mycelium.


It is not clear but you can decrypt the BIP38 on the "wallet details" tab. You just enter the BIP38 key and click View Details and it will show the passphrase input and a button to decrypt.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
BitFanatic
Newbie
*
Offline Offline

Activity: 17
Merit: 0


View Profile
November 11, 2013, 01:01:34 PM
 #480

I've noticed that on the paper wallet page you have the option to choose how many wallets you wish to create. The problem is that the "random" secureRandom object is used for ALL of the wallets which you create on that page. Why is the object not refreshed on each wallet creation?

Why would it be? Entropy is not 'used up'. Recreating the object won't save you if you don't have enough entropy.


In fact in bitaddress.org a small amount entropy is constantly added with every mouse move, mouse click and key press.

Code:
<body onclick="SecureRandom.seedTime();" onkeypress="SecureRandom.seedTime();" onmousemove="ninja.seeder.seed(event);">

edit3: On further inspection I've found this is not true. Even though seedTime() is invoked, the entropy is not added to the PRNG used to create private keys. There is a TODO in the source about reseeding so the author has this in mind.



Also please could somebody explain this bit of logic for randomising the 256 digits in this bit of code:

      while (sr.pptr < sr.poolSize) {  // extract some randomness from Math.random()
         t = Math.floor(65536 * Math.random());
         sr.pool[sr.pptr++] = t >>> 8;
         sr.pool[sr.pptr++] = t & 255;
      }

What is the reasoning of the bitand and the >>> 8? Couldn't this be a bit shift to a different integer? Why 8? Please explain to me.

Thanks!

It's pretty clear to me that the code is like this to extract two bytes from each call of Math.random()

So the first line in that loop creates a random number in the range [0, 65536) which is the standard 16 bit range.
The next line with the right shift by 8 adds the upper 8 bits to the sr.pool array, the line after that adds the lower 8 bits to the sr.pool array.

I'm not too sure why the author doesn't extract one byte at a time. Although I'm pretty confident it won't steal your bitcoins doing it either way.
Code:
		while (sr.pptr < sr.poolSize) {
sr.pool[sr.pptr++] = Math.floor(256 * Math.random());
}


Soon enough, all these fears can be rested when something like this is added. I imagine a nice text entry box where the user can type in anything they like. I'll be extracting randomness from /dev/random on my LiveCD and copypasting the result into the text entry box.
Other paranoid people might be taking a photo with their hand covering the camera, since the fluctuations on the CCDs are a good source of randomness. Others might even download from random.org

edit: needless to say you could do that now by modifying the source. Add this to the code right after sr.seedInt(window.screenY); when sr is initialised.
Code:
		secret_seed = "372f7e2fd2d01ce2a1d71dc072acbba4c6fd25a1087cd7f153f4ec0ce37e1ede"
for (t = 0; t < secret_seed.length; ++t) {
sr.pool[sr.pptr++] ^= secret_seed.charCodeAt(t) & 255;
if (sr.pptr >= sr.poolSize) sr.pptr -= sr.poolSize;
}

Then put whatever you want into secret_seed and that entropy will be added to the RNG.
I'm not responsible for any loss of bitcoins. Peer review of my code happily accepted.

edit2: for completeness I'd run this on the terminal to obtain 16 bytes (128 bits) of entropy.
Code:
cat /dev/random | head -c 16 | sha256sum

This is extremely helpful. Thanks for clearing this up yakov, I have sent you a little donation Smiley
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [24] 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!