Bitcoin Forum
November 02, 2024, 10:26:01 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 [27] 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 »
  Print  
Author Topic: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key  (Read 153342 times)
dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1333



View Profile
December 04, 2013, 05:18:04 PM
 #521

One or two of the operators stated that depositing more than one time to the public address of a printed bitaddress "wallet"/keypair will create too many signatures which the hackers will use to decode the private address.

You're probably talking about this issue:
  https://bitcointalk.org/index.php?topic=271486

Spending multiple times from the same address will allow hackers to deduce your private key if the random number generator in the client you're using to do the spending is no good.  There's no danger in sending multiple times to the same address (except that when you come to spend the coins you deposited, you are effectively spending multiple times from that address).

It's only when you come to spend from the address that the risk exists.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
EdgarT
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
December 04, 2013, 06:19:29 PM
 #522

I translated bitaddress.org (v2.6.2; I'll take care of the latest changes asap) into German. How should I go about submitting it?
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
December 05, 2013, 03:43:32 AM
 #523

I translated bitaddress.org (v2.6.2; I'll take care of the latest changes asap) into German. How should I go about submitting it?

I answered you in PM but incase other people are wondering for other languages the best way to submit translations is to fork the code at github:
https://github.com/pointbiz/bitaddress.org

And submit a pull request.

You just need to modify the file:
src/ninja.translator.js

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
December 10, 2013, 03:45:51 AM
 #524

v2.6.6
https://www.bitaddress.org/bitaddress.org-v2.6.6-SHA1-0d68accca48df174b6b4f48544498f333dc6e33a.html
 - German translations thanks to gerEDH.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
mrkent
Sr. Member
****
Offline Offline

Activity: 249
Merit: 256


Try Purse Instant! https://purse.io/instant


View Profile WWW
December 11, 2013, 07:48:25 PM
 #525

Just used it for first time today to pass out Christmas gifts at the office. It was well received but a pain in the ass to load up each wallet individually. Is it possible to provide a URI that'll automatically send 1 transaction of fixed size to each of the wallet generated?

  Spend BTCBTCBTCBTCBTCBTC @ amazon
Save 10-25% with Ƀ worldwide - PurseIO
Anonymously▃▃▃▃▃▃ ⌚Fast ⚖Safe ⓑOn Credit
Buy BTC w. Card
  Worldwide - Purse.IO
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
December 22, 2013, 03:37:26 PM
 #526

v2.7.1
https://www.bitaddress.org/bitaddress.org-v2.7.1-SHA1-6dfa290d1a133fc444c5580e2a8f1f890d5edf17.html
 - more entropy for the PRNG seed.
 - use ?showseedpool=true to see the contents of the seed pool in hex.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
zemario
Full Member
***
Offline Offline

Activity: 194
Merit: 100


View Profile
December 22, 2013, 06:38:25 PM
 #527

Hey, I've been aware of this site for a long time. Yesterday I generated a handful of addresses by manually entering random gebrish as the brainwallet seed.

But now that I see that this started of a little buggy (no offense intended) I'm not sure I want to use those adresses.

Tis thread is quite long, could anyone provide more details (or link to them) about how the first bounty was collected?
Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
December 23, 2013, 01:24:02 AM
 #528

@zemario,

I prefer the bulk wallet tab, to create compressed addresses. I think the entropy is fine at this point. Go generate like 100, pick 10 in the middle, and you should be fine.

Although your random gibberish should also be fine as long as it is extremely long and sufficiently random.

I don't know about the details, sorry.

pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
December 24, 2013, 03:19:34 AM
 #529

v2.7.2
https://www.bitaddress.org/bitaddress.org-v2.7.2-SHA1-364542f1ccc5777c79aebb1692a6265cf3e42e7e.html
 - keys and addresses in monospace font.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
maxmint
Hero Member
*****
Offline Offline

Activity: 700
Merit: 500



View Profile
January 06, 2014, 01:23:31 PM
 #530

Would be great to have the option for BIP38 encryption at the "Wallet Details" tab.
I like to dice roll my addresses and currently have to manually encrypt private keys.

My PGP-Key: 462D02D8
Verify my messages using keybase: https://keybase.io/maxmint
Its About Sharing
Legendary
*
Offline Offline

Activity: 1442
Merit: 1000


Antifragile


View Profile
January 06, 2014, 01:33:25 PM
 #531

Has anyone come across the concerns raised by Mike Woods here in this thread?
He said bitaddress.org is far from secure. Not a very long thread, would appreciate comments from those of you who really understand this area.

https://bitcointalk.org/index.php?topic=399452.0

A quote from that thread:
Quote

BitAddress.org is a great site, it had a good run, and it helped a lot of people for the last two years. But, it's far from perfect...

BitAddress uses only initial mouse position - which gives you about 20 bits that have fine entropy (and that mouse position is picked even if you don't move your mouse at all [not the case on my site]).

Having just 20 bits is enough to set up the seed, but not even enough for one private key created using true randomness, and you need new bits with good entropy for other addresses.
(Random numbers generated from seed have entropy equal to size of the seed - that's why they are called pseudorandom, and shouldn't be used for any security mechanisms: https://en.wikipedia.org/wiki/Pseudorandomness#Cryptography . Using pseudorandom numbers for storing your money is next to insane.)

Let's say you want to create 1000 addresses - that require around 1000*32*8 or around 500 000 bits of entropy, but instead you're using just 20 bits - so if you guess that 20 bits you'll have access to all 1000 addresses (which makes it worth for someone to brute force)

Other problems with BitAddress.org are:
- You are online while generating addresses - so you can't generate "offline" addresses, and also brings up the question if your browser or operating system is infected...
(- I also think that the site is not elegant enough with too much information that aren't necessary for average Bitcoin user (just my personal opinion)).

BTC = Black Swan.
BTC = Antifragile - "Some things benefit from shocks; they thrive and grow when exposed to volatility, randomness, disorder, and stressors and love adventure, risk, and uncertainty. Robust is not the opposite of fragile.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
January 06, 2014, 05:08:51 PM
 #532

I do wish that BitAddress entropy were improved in a verifiable way by offering to accept a "keyboard mash" string from the user and then incorporating that entropy in an auditable way*, but on the other hand, I do at least believe that it takes more than an initial mouse position as entropy so long as mouse move events are being sent to the page.

It is something I'd like to know was studied more, especially since people could be not moving their mouse, or be on a touch screen and not be able to really provide the sort of input the program was written to expect.

* example of auditable way: collect a string (minimum 80 characters, ask user to type gibberish) from the user, and then use something like SHA256(rng_generated_random_string + user_entered_random_string + n + constant salt) to generate private keys

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
January 07, 2014, 04:18:33 AM
 #533

Has anyone come across the concerns raised by Mike Woods here in this thread?
He said bitaddress.org is far from secure. Not a very long thread, would appreciate comments from those of you who really understand this area.

https://bitcointalk.org/index.php?topic=399452.0

A quote from that thread:
Quote

BitAddress.org is a great site, it had a good run, and it helped a lot of people for the last two years. But, it's far from perfect...

BitAddress uses only initial mouse position - which gives you about 20 bits that have fine entropy (and that mouse position is picked even if you don't move your mouse at all [not the case on my site]).

Having just 20 bits is enough to set up the seed, but not even enough for one private key created using true randomness, and you need new bits with good entropy for other addresses.
(Random numbers generated from seed have entropy equal to size of the seed - that's why they are called pseudorandom, and shouldn't be used for any security mechanisms: https://en.wikipedia.org/wiki/Pseudorandomness#Cryptography . Using pseudorandom numbers for storing your money is next to insane.)

Let's say you want to create 1000 addresses - that require around 1000*32*8 or around 500 000 bits of entropy, but instead you're using just 20 bits - so if you guess that 20 bits you'll have access to all 1000 addresses (which makes it worth for someone to brute force)

Other problems with BitAddress.org are:
- You are online while generating addresses - so you can't generate "offline" addresses, and also brings up the question if your browser or operating system is infected...
(- I also think that the site is not elegant enough with too much information that aren't necessary for average Bitcoin user (just my personal opinion)).


I replied here:
https://bitcointalk.org/index.php?topic=399452.msg4358491#msg4358491

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
ajk
Donator
Sr. Member
*
Offline Offline

Activity: 447
Merit: 250


View Profile
January 12, 2014, 11:27:18 PM
 #534

hi

noticed an update on github and was wondering if there will be announcement made here to make it official

thanks for continuing your efforts on this project,
minimalB
Donator
Hero Member
*
Offline Offline

Activity: 674
Merit: 523


View Profile
January 13, 2014, 11:20:53 AM
 #535

Everytime new version is ready, pointbiz posts an announcement here.

This upcoming version is really what we were looking for! Thanks in advance, pointbiz!
adrian33
Member
**
Offline Offline

Activity: 118
Merit: 10


View Profile
January 13, 2014, 05:17:42 PM
 #536

In the latest Chrome on Windows the page is corrupted. It's fine in Firefox and IE.




phelix
Legendary
*
Offline Offline

Activity: 1708
Merit: 1020



View Profile
January 13, 2014, 07:04:16 PM
 #537

I do wish that BitAddress entropy were improved in a verifiable way by offering to accept a "keyboard mash" string from the user and then incorporating that entropy in an auditable way*, but on the other hand, I do at least believe that it takes more than an initial mouse position as entropy so long as mouse move events are being sent to the page.

It is something I'd like to know was studied more, especially since people could be not moving their mouse, or be on a touch screen and not be able to really provide the sort of input the program was written to expect.

* example of auditable way: collect a string (minimum 80 characters, ask user to type gibberish) from the user, and then use something like SHA256(rng_generated_random_string + user_entered_random_string + n + constant salt) to generate private keys
+1
zemario
Full Member
***
Offline Offline

Activity: 194
Merit: 100


View Profile
January 13, 2014, 08:23:36 PM
 #538

What is wrong with typing in random stuff in the brainwallet input? Honest question? Just write stupid stuff and it should be pretty unique. Methods of collecting entropy automagically can be dangerous in the way that sometimes they are not so random as people would expect.
Wasn't this the problem with android's wallet app?
CryptoMine
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
January 13, 2014, 09:07:19 PM
 #539

How would I modify this script for another coin? e.g. CatCoin, EarthCoin etc..
bruter
Newbie
*
Offline Offline

Activity: 18
Merit: 0


View Profile
January 14, 2014, 06:51:56 PM
Last edit: January 14, 2014, 07:32:06 PM by bruter
 #540

pointbiz,
would you add wallet creation using coin.

To create a Bitcoin private key you only need one coin which you roll 256 times. Stopping each time to record the value of the coin. When recording the values follow these rules: head (of a coin) = 0, tail (of a coin) = 1. By doing this you are recording the big random number, your private key, in B2 or base 2 format.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 [27] 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!