[ANN] bitaddress.org Safe JavaScript Bitcoin address/private key

[dooglus]

One or two of the operators stated that depositing more than one time to the public address of a printed bitaddress "wallet"/keypair will create too many signatures which the hackers will use to decode the private address.

You're probably talking about this issue:
  https://bitcointalk.org/index.php?topic=271486

Spending multiple times from the same address will allow hackers to deduce your private key if the random number generator in the client you're using to do the spending is no good.  There's no danger in sending multiple times to the same address (except that when you come to spend the coins you deposited, you are effectively spending multiple times from that address).

It's only when you come to spend from the address that the risk exists.

[EdgarT]

I translated bitaddress.org (v2.6.2; I'll take care of the latest changes asap) into German. How should I go about submitting it?

[pointbiz]

I translated bitaddress.org (v2.6.2; I'll take care of the latest changes asap) into German. How should I go about submitting it?

I answered you in PM but incase other people are wondering for other languages the best way to submit translations is to fork the code at github:
https://github.com/pointbiz/bitaddress.org

And submit a pull request.

You just need to modify the file:
src/ninja.translator.js

[pointbiz]

v2.6.6
https://www.bitaddress.org/bitaddress.org-v2.6.6-SHA1-0d68accca48df174b6b4f48544498f333dc6e33a.html
 - German translations thanks to gerEDH.

[mrkent]

Just used it for first time today to pass out Christmas gifts at the office. It was well received but a pain in the ass to load up each wallet individually. Is it possible to provide a URI that'll automatically send 1 transaction of fixed size to each of the wallet generated?

[pointbiz]

v2.7.1
https://www.bitaddress.org/bitaddress.org-v2.7.1-SHA1-6dfa290d1a133fc444c5580e2a8f1f890d5edf17.html
 - more entropy for the PRNG seed.
 - use ?showseedpool=true to see the contents of the seed pool in hex.

[zemario]

Hey, I've been aware of this site for a long time. Yesterday I generated a handful of addresses by manually entering random gebrish as the brainwallet seed.

But now that I see that this started of a little buggy (no offense intended) I'm not sure I want to use those adresses.

Tis thread is quite long, could anyone provide more details (or link to them) about how the first bounty was collected?

[Dabs]

@zemario,

I prefer the bulk wallet tab, to create compressed addresses. I think the entropy is fine at this point. Go generate like 100, pick 10 in the middle, and you should be fine.

Although your random gibberish should also be fine as long as it is extremely long and sufficiently random.

I don't know about the details, sorry.

[pointbiz]

v2.7.2
https://www.bitaddress.org/bitaddress.org-v2.7.2-SHA1-364542f1ccc5777c79aebb1692a6265cf3e42e7e.html
 - keys and addresses in monospace font.

[maxmint]

Would be great to have the option for BIP38 encryption at the "Wallet Details" tab.
I like to dice roll my addresses and currently have to manually encrypt private keys.

[Its About Sharing]

Has anyone come across the concerns raised by Mike Woods here in this thread?
He said bitaddress.org is far from secure. Not a very long thread, would appreciate comments from those of you who really understand this area.

https://bitcointalk.org/index.php?topic=399452.0

A quote from that thread:

BitAddress.org is a great site, it had a good run, and it helped a lot of people for the last two years. But, it's far from perfect...

BitAddress uses only initial mouse position - which gives you about 20 bits that have fine entropy (and that mouse position is picked even if you don't move your mouse at all [not the case on my site]).

Having just 20 bits is enough to set up the seed, but not even enough for one private key created using true randomness, and you need new bits with good entropy for other addresses.
(Random numbers generated from seed have entropy equal to size of the seed - that's why they are called pseudorandom, and shouldn't be used for any security mechanisms: https://en.wikipedia.org/wiki/Pseudorandomness#Cryptography . Using pseudorandom numbers for storing your money is next to insane.)

Let's say you want to create 1000 addresses - that require around 1000*32*8 or around 500 000 bits of entropy, but instead you're using just 20 bits - so if you guess that 20 bits you'll have access to all 1000 addresses (which makes it worth for someone to brute force)

Other problems with BitAddress.org are:
- You are online while generating addresses - so you can't generate "offline" addresses, and also brings up the question if your browser or operating system is infected...
(- I also think that the site is not elegant enough with too much information that aren't necessary for average Bitcoin user (just my personal opinion)).

[casascius]

I do wish that BitAddress entropy were improved in a verifiable way by offering to accept a "keyboard mash" string from the user and then incorporating that entropy in an auditable way*, but on the other hand, I do at least believe that it takes more than an initial mouse position as entropy so long as mouse move events are being sent to the page.

It is something I'd like to know was studied more, especially since people could be not moving their mouse, or be on a touch screen and not be able to really provide the sort of input the program was written to expect.

* example of auditable way: collect a string (minimum 80 characters, ask user to type gibberish) from the user, and then use something like SHA256(rng_generated_random_string + user_entered_random_string + n + constant salt) to generate private keys

[pointbiz]

Has anyone come across the concerns raised by Mike Woods here in this thread?
He said bitaddress.org is far from secure. Not a very long thread, would appreciate comments from those of you who really understand this area.

https://bitcointalk.org/index.php?topic=399452.0

A quote from that thread:

BitAddress.org is a great site, it had a good run, and it helped a lot of people for the last two years. But, it's far from perfect...

BitAddress uses only initial mouse position - which gives you about 20 bits that have fine entropy (and that mouse position is picked even if you don't move your mouse at all [not the case on my site]).

Having just 20 bits is enough to set up the seed, but not even enough for one private key created using true randomness, and you need new bits with good entropy for other addresses.
(Random numbers generated from seed have entropy equal to size of the seed - that's why they are called pseudorandom, and shouldn't be used for any security mechanisms: https://en.wikipedia.org/wiki/Pseudorandomness#Cryptography . Using pseudorandom numbers for storing your money is next to insane.)

Let's say you want to create 1000 addresses - that require around 1000*32*8 or around 500 000 bits of entropy, but instead you're using just 20 bits - so if you guess that 20 bits you'll have access to all 1000 addresses (which makes it worth for someone to brute force)

Other problems with BitAddress.org are:
- You are online while generating addresses - so you can't generate "offline" addresses, and also brings up the question if your browser or operating system is infected...
(- I also think that the site is not elegant enough with too much information that aren't necessary for average Bitcoin user (just my personal opinion)).

I replied here:
https://bitcointalk.org/index.php?topic=399452.msg4358491#msg4358491

[ajk]

hi

noticed an update on github and was wondering if there will be announcement made here to make it official

thanks for continuing your efforts on this project,

[minimalB]

Everytime new version is ready, pointbiz posts an announcement here.

This upcoming version is really what we were looking for! Thanks in advance, pointbiz!

[adrian33]

In the latest Chrome on Windows the page is corrupted. It's fine in Firefox and IE.

[phelix]

I do wish that BitAddress entropy were improved in a verifiable way by offering to accept a "keyboard mash" string from the user and then incorporating that entropy in an auditable way*, but on the other hand, I do at least believe that it takes more than an initial mouse position as entropy so long as mouse move events are being sent to the page.

It is something I'd like to know was studied more, especially since people could be not moving their mouse, or be on a touch screen and not be able to really provide the sort of input the program was written to expect.

* example of auditable way: collect a string (minimum 80 characters, ask user to type gibberish) from the user, and then use something like SHA256(rng_generated_random_string + user_entered_random_string + n + constant salt) to generate private keys

+1

[zemario]

What is wrong with typing in random stuff in the brainwallet input? Honest question? Just write stupid stuff and it should be pretty unique. Methods of collecting entropy automagically can be dangerous in the way that sometimes they are not so random as people would expect.
Wasn't this the problem with android's wallet app?

[CryptoMine]

How would I modify this script for another coin? e.g. CatCoin, EarthCoin etc..

[bruter]

pointbiz,
would you add wallet creation using coin.

To create a Bitcoin private key you only need one coin which you roll 256 times. Stopping each time to record the value of the coin. When recording the values follow these rules: head (of a coin) = 0, tail (of a coin) = 1. By doing this you are recording the big random number, your private key, in B2 or base 2 format.