[ANN] bitaddress.org Safe JavaScript Bitcoin address/private key

[dillpicklechips]

v2.6.2 support input of a private key in base6 format which shall be defined as:
99 characters (1,2,3,4,5,0) where 1=1 and 6=0

This allows you to create a private key with physical randomness with 99 rolls of a die. Use 3 dice and do 33 rolls.
Then enter the 99 character string into the wallet details tab of bitaddress.org and you've got yourself a truly randomly generated bitcoin wallet.

Cool! Promoted

http://www.reddit.com/r/Bitcoin/comments/1qobdl/get_out_your_dice_bitaddressorg_now_allows/

[1713580624]

1713580624

[1713580624]

1713580624

[1713580624]

1713580624

[1713580624]

1713580624

[jerfelix]

My wish list for bitaddress.org:

1)  The QR codes are non-standard.  This is a recent change, as they used to be good.
The QR Code standard says that there's supposed to be a "Quiet Zone" (whitespace) around the QR code, of 4 blocks, I believe.  But in Firefox (at least), bitaddress.org writes text adjacent to the QR code.

2)  When generating addresses, it'd be nice to also generate a signed message confirming that the private key is ok.  For example, a simple signed message saying "This message is signed by the private key calculated for the bitcoin address 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a" could be used online to verify that the private key actually works (without copying the private key).


I love this site!

[dillpicklechips]

v2.6.2 support input of a private key in base6 format which shall be defined as:
99 characters (1,2,3,4,5,0) where 1=1 and 6=0

This allows you to create a private key with physical randomness with 99 rolls of a die. Use 3 dice and do 33 rolls.
Then enter the 99 character string into the wallet details tab of bitaddress.org and you've got yourself a truly randomly generated bitcoin wallet.

Unless someone reads the changelog the average user will not know what B6 means at the details tab. Perhaps a little explanation would be useful to explain the procedure for creating a B6 key.

On second thought, I think having a "dice wallet" tab would be more clear and match the rest of the website functionality.

[hieroglyph]

Seems pretty technical but many seem to like the site so I will do some reading and hopefully become a user myself once I have an understanding of the general process to acquire an address kudos on the work you done on the site.

[nightengale]

Thank-you for your patience and responses to my questions, your work on this project is appreciated.

A small donation sent your way (TXID: cadca399d65a67496a77529482598f27f12b906fa6b072afdb370a54898be0c7-000).

I hope everyone who takes advantage of your code will send a little something your way.

[Dabs]

I don't see the dice tab yet. Maybe it's not yet uploaded?

[minimalB]

Just a thought.

As far as i understand, we add extra randomness with mouse movements and add that to the secret_seed.

If there would be an extra tab for "Secret seed", we could have many options, for example:
- mouse movements
- random keyboard input
- B6 (33x3 dice roll)
- etc...

So, user could enter whatever he/she wishes and then click "Create Secret Seed".

[dillpicklechips]

I don't see the dice tab yet. Maybe it's not yet uploaded?

You just enter 99 digits 0-5 in the details tab to get the private key and address.

[phelix]

I am pretty sure that printing on windows is not secure as the print spooler saves temporary files which don't get (properly) deleted. Is printing safe on linux?


It would be cool to have a random suggestion for a pass phrase (maybe diceware words).

[dillpicklechips]

Is printing safe on linux?

If you use a live cd it is and your printer doesn't store print jobs in memory.

[phelix]

Is printing safe on linux?

If you use a live cd it is and your printer doesn't store print jobs in memory.

As long as it only uses the ramdisk for temporary files and not a hard drive....   can you recommend one?

So printing from a normal linux machine will potentially leave traces/keys on the system just as printing from a windows machine does? Maybe bitaddress.org should warn about that.

It would be cool to have a Bitcoin Live CD with a hardened system, bitaddress and some nice tools ready to go.

[Martijnvdc]

How do we know the website isn't storing our private keys?

[TheButterZone]

How do we know the website isn't storing our private keys?

You download it to an airgapped computer, using the website live is only proof of concept.

[Patel]

Here is a feature request that I think would help assuage people's fears about random number generation, which have become more valid the more we hear about NSA-rigged RNG.

Right now, the script collects entropy by way of mouse movements.

I propose that the script also collect some additional entropy by way of the keyboard.

When the script generates new private keys, the private key should be SHA256(user-entered-string | prng-generated-string) (where | is concatenation).  

I agree and consider this a high priority item on the TODO.

Hi, wondering if this was implemented in 2.6.1?

I have used 2.6.1 to generate my bulk addresses, can anyone confirm that the generated keys are safe? Sorry kind of noob questions but better safe than sorry

[thatbluedude]

bitaddress is great as is but I still have a small feature request.
Would you consider to add the option to show an extra textbox with only the public keys? this would make saving them digitaly easier.

thanks

[Dabs]

I have used 2.6.1 to generate my bulk addresses, can anyone confirm that the generated keys are safe? Sorry kind of noob questions but better safe than sorry

If you generated it on an offline computer, it is safe. You can also attempt to import the private keys into your client to see if it accepts them, using an offline computer.

bitaddress is great as is but I still have a small feature request.
Would you consider to add the option to show an extra textbox with only the public keys? this would make saving them digitaly easier.

I used to grab the whole bulk text, save it as a file, and import the whole thing into a spreadsheet. Then you can save a version with only the public keys after you delete the private keys.

I now use vanitygen to generate bulk addresses since it works faster and I can even use a short prefix if I wanted.

[agent13]

v2.6.2 support input of a private key in base6 format which shall be defined as:
99 characters (1,2,3,4,5,0) where 1=1 and 6=0

This allows you to create a private key with physical randomness with 99 rolls of a die. Use 3 dice and do 33 rolls.
Then enter the 99 character string into the wallet details tab of bitaddress.org and you've got yourself a truly randomly generated bitcoin wallet.

If throwing 3 dice... would need to ensure you don't introduce any bias such as reading from lowest to highest. Would be best to read dice from left to right as they fell.

This is nice. The hex format can be confirmed with this I think -

echo 'obase=16; ibase=6; 0123450123450123450123450123450123450123450123450123450123450123450123450123450 12345012345012345012' | bc

Nice to not have to rely on computer rng.

[emp3000]

To Pointbiz, et al...

Guys I was reading up in bitcoin's freenode irc room about some people arguing against paper wallets like yours versus Armory's paper wallet.

One or two of the operators stated that depositing more than one time to the public address of a printed bitaddress "wallet"/keypair will create too many signatures which the hackers will use to decode the private address.

But doesn't bitaddress not create signatures to begin with??? Can you guys explain this a little bit to a beginner like myself?

I already know that the random mouse movement and printing everything offline, in a livecd linux, will create a very secure unique set of addresses, but then when bitcoin veterans would advise against using bitaddress puts me in a dilemma on what to use.


Thank you so much and more power to all of you.

[maxmint]

v2.6.2 support input of a private key in base6 format which shall be defined as:
99 characters (1,2,3,4,5,0) where 1=1 and 6=0

This allows you to create a private key with physical randomness with 99 rolls of a die. Use 3 dice and do 33 rolls.
Then enter the 99 character string into the wallet details tab of bitaddress.org and you've got yourself a truly randomly generated bitcoin wallet.

When using 99 rolls, the highest base6 number one could come up would be this:

Code:

555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555

This results in this hex private key:

Code:

F0BB8A1BBDE9163B9E053E8F918BF8E4D34034D7FFFFFFFFFFFFFFFFFFFFFFFF

I'm quoting from the Bitcoin wiki:

Nearly every 256-bit number is a valid private key. Specifically, any 256-bit number between 0x1 and 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141 is a valid private key.

Now there's quite a large amount of numbers between
the highest dice generated number at F0BB8A1BBDE9163B9E053E8F918BF8E4D34034D7FFFFFFFFFFFFFFFFFFFFFFFF
and
the upper limit at FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141

It seems the 99-rolls dice method is not using the full range of possible private keys, leaving the upper 5.96% of possible keys untouched.

I don't think that's a real problem because the pool of dice generated possible private keys is still huge. But I would prefer a dice method that covers the full range of possible private keys. 100 rolls should be enough, but that could produce number that are too large.
Is there any easy solution to this?

In any case, I love the principle of rolling my own private keys and not being dependent on software RNGs.

[casascius]

I don't think that's a real problem because the pool of dice generated possible private keys is still huge. But I would prefer a dice method that covers the full range of possible private keys. 100 rolls should be enough, but that could produce number that are too large.
Is there any easy solution to this?

not really...

You are getting 255.91 bits of entropy with 99 dice rolls.  The idea that you're losing almost 6% of "something" makes it sound much scarier than it is.

I will bet that a private key that has only 224 random bits is still for all intents and purposes secure, even though 99.999999999%+ of the key space is being left on the table.

And then, keep in mind that a bitcoin address only has 160 bits of entropy in the first place.