[ANN] bitaddress.org Safe JavaScript Bitcoin address/private key

[nmat]

And secondly, just to make sure I'm current on this -- there is no way for these to be redeemed without first downloading a patch for bitcoind that will allow importing of the key?
 

You can use Pywallet

[1713564120]

1713564120

[nhodges]

Is it still possible that there could be a keylogger performing screenshots even when not even connected to the Internet (but will upload the screenshots once the connection is re-established?)

To use this even more securely would it not make sense to boot to a LiveOS (e.g., LinuxCoin) that is not connected to the internet even and then load the page from the usb flash drive, for instance?
 - http://en.bitcoin.it/wiki/LinuxCoin

And secondly, just to make sure I'm current on this -- there is no way for these to be redeemed without first downloading a patch for bitcoind that will allow importing of the key?
 

* Possible yes, I would agree with you: use a live OS, however there's no reason to use LinuxCoin specifically for opening a browser, any common distro would do.

* With the current official client/daemon, you can't import private keys.

[peak]

Hi pointbiz,

I noticed that there are a lot of people that think about virtual wallet that no data needed to save in local or other server. The best way to do this is to specify a memorizable but not easy to guess string by the end user and the string can be used to generate private/public key pair.  When the user want to know his/her private/public key pair, he/she can generate them again with the same string.

Can you consider about that function in your website?

[pointbiz]

Great!

Just need to add the QR Codes for them all and is perfect!

https://github.com/jeromeetienne/jquery-qrcode#readme

Thanks again for the link. I took a look and the jQuery plugin is just a wrapper for an independent QR code library, therefore I don't need to worry about requiring jQuery! So, I'm adding the QR code functionality to my to do list.
http://d-project.googlecode.com/svn/trunk/misc/qrcode/js/qrcode.js

[pointbiz]

And secondly, just to make sure I'm current on this -- there is no way for these to be redeemed without first downloading a patch for bitcoind that will allow importing of the key?
 

You can use Pywallet

I'm leaving the redeeming problem to others, I figure the sipa private key import patch for bitcoin will probably make it into the official build at some point because there is so much demand.

If you plan to completely clear out an address and never use it again then this tool, by Joric, is useful:
https://bitcointools.appspot.com/
It uploads your private key to the server and returns you a wallet.dat file you can use with the bitcoin client.

EDIT: However, pyWallet is probably the best option since you don't have to trust an online service.

[pointbiz]

Is it still possible that there could be a keylogger performing screenshots even when not even connected to the Internet (but will upload the screenshots once the connection is re-established?)

To use this even more securely would it not make sense to boot to a LiveOS (e.g., LinuxCoin, or Ubuntu even) that is not connected to the internet even and then load the page from the usb flash drive, for instance?
 - http://en.bitcoin.it/wiki/LinuxCoin

The attack vector scenarios are a bit complicated, this makes it difficult for me to provide instructions that are practical, user friendly and good security advice. So, I'll focus on the code first then try and give people reasonable instructions.

Booting from a LiveOS is always safer. I believe a trojan that just logs keys would not be a threat, if you use bitaddress.org as a paper wallet.
If you use bitaddress.org to copy/paste the address into a TrueCrypt drive then you would still be at risk of your TrueCrypt password being logged.

A trojan that takes screenshots, reads directly from memory or one that monitors data sent to a printer would still be a threat.

bitaddress.org reduces your risk of installing a trojan since there is nothing to install. I think that is important to note.

[TTBit]

Great!

Just need to add the QR Codes for them all and is perfect!

https://github.com/jeromeetienne/jquery-qrcode#readme

Thanks again for the link. I took a look and the jQuery plugin is just a wrapper for an independent QR code library, therefore I don't need to worry about requiring jQuery! So, I'm adding the QR code functionality to my to do list.
http://d-project.googlecode.com/svn/trunk/misc/qrcode/js/qrcode.js

request for QR code to give balance from blockexplorer: https://blockexplorer.com/q/addressbalance/

[pointbiz]

Hi pointbiz,

I noticed that there are a lot of people that think about virtual wallet that no data needed to save in local or other server. The best way to do this is to specify a memorizable but not easy to guess string by the end user and the string can be used to generate private/public key pair.  When the user want to know his/her private/public key pair, he/she can generate them again with the same string.

Can you consider about that function in your website?

I'll say maybe. I'm trying to keep the interface simple, maybe an advanced tab or something would work for that.

At the moment I'm not convinced Deterministic Wallets are the way to go. People think alike and therefore the algorithms and patterns used to make Deterministic Wallets can be gamed en mass.

Consider these two possible wallet decisions:
1) using a 5-character password to create a Deterministic Wallet using some tool.
2) create a truly random private key and copy/paste it into a text file in an encrypted true crypt drive, that is protected with a 5-character password, that you back up in several locations online and offline.

In scenario #1 someone can turn their GPU farm to silently create a bunch of Deterministic Wallets and check them against the blockchain. Only 1 person has to have an easy password for this attack to work and it's more likely to be a profitable attack.

In scenario #2 someone has to personally hack you then make childs play of your password. Much less likely to happen and more expensive for an attacker. Your 5-character password is much safer on your computer or on dropbox then in the blockchain for anyone to brute force. Maybe I could enforce a minimum password size and minimum complexity.

All that being said thank you for the suggestion, I see there will probably be demand for this type of feature. It's definitely a complimentary feature that would make sense on bitaddress so I'll consider it in the future.

[casascius]

I'll say maybe. I'm trying to keep the interface simple, maybe an advanced tab or something would work for that.

At the moment I'm not convinced Deterministic Wallets are the way to go. People think alike and therefore the algorithms and patterns used to make Deterministic Wallets can be gamed en mass.

Consider these two possible wallet decisions:
1) using a 5-character password to create a Deterministic Wallet using some tool.
2) create a truly random private key and copy/paste it into a text file in an encrypted true crypt drive, that is protected with a 5-character password, that you back up in several locations online and offline.

I wrote a deterministic wallet generator for Casascius Bitcoin Utility.  Here are my thoughts.

My utility pre-fills the passphrase field with randomized alphabetic characters as a default.  If the user doesn't care, the alphabetic characters suffice.  The Microsoft .NET framework offers a RNG specifically suited for cryptographic functions, and this is the source of the entropy for this random passphrase.  Chances are decent that it's a good one.

If the user chooses a short passphrase, I warn him persistently about why that's a problem.  I recommend to him that he simply mash keys into the text box if he must not accept the default.  I don't remember the precise rules, but I require either 30+ characters of any type, or 20+ characters with at least two of each of three classes (uppercase, lowercase, numbers, and symbols).

A deterministic generation function does one more very valuable thing from an auditability perspective that has nothing to do with recreating wallets.  Supporting deterministic generation from a passphrase allows the average user to control for the possibility that the RNG in your generator isn't rigged or flawed in a non-obvious manner.  If your RNG turns out to be flawed at any time down the road, it would turn into a huge liability for anyone who has ever used your generator.  (Google "Debian OpenSSL key flaw" for an example of a past occurrence of this mess). On the other hand, if it produces the same deterministic wallet as any other program made for the same purpose, it can be conclusively deemed to operate as advertised.

[peak]

Hi pointbiz,

I noticed that there are a lot of people that think about virtual wallet that no data needed to save in local or other server. The best way to do this is to specify a memorizable but not easy to guess string by the end user and the string can be used to generate private/public key pair.  When the user want to know his/her private/public key pair, he/she can generate them again with the same string.

Can you consider about that function in your website?

I'll say maybe. I'm trying to keep the interface simple, maybe an advanced tab or something would work for that.

At the moment I'm not convinced Deterministic Wallets are the way to go. People think alike and therefore the algorithms and patterns used to make Deterministic Wallets can be gamed en mass.

Consider these two possible wallet decisions:
1) using a 5-character password to create a Deterministic Wallet using some tool.
2) create a truly random private key and copy/paste it into a text file in an encrypted true crypt drive, that is protected with a 5-character password, that you back up in several locations online and offline.

In scenario #1 someone can turn their GPU farm to silently create a bunch of Deterministic Wallets and check them against the blockchain. Only 1 person has to have an easy password for this attack to work and it's more likely to be a profitable attack.

In scenario #2 someone has to personally hack you then make childs play of your password. Much less likely to happen and more expensive for an attacker. Your 5-character password is much safer on your computer or on dropbox then in the blockchain for anyone to brute force. Maybe I could enforce a minimum password size and minimum complexity.

All that being said thank you for the suggestion, I see there will probably be demand for this type of feature. It's definitely a complimentary feature that would make sense on bitaddress so I'll consider it in the future.

Hi pointbiz,

Thanks for reply.
It's true that deterministic wallet is not as secure as truly random private key. But for most common people who do not take care their bitcoin every day, I would say that current wallet is not a good idea. I have convinced 3 of my friends to get some bitcoins, only the one  who meet me everyday have his coins now, the other two both lost their wallets. I think the lost of wallet is a very common issue for not deepin users.

5-character password is too easy to guess out. May be you can add  some suggestions on you website, like 8+ characters, do not use alphabet only string...  A support of utf-8 character would also be a good idea, it is easy to make a exhaustive key search of 5 characters combination from 128 ASCIIs but it is impossible to look through 5 characters combination of utf-8 set.

[pointbiz]

casascius and peak, very good points you've convinced me.

I like the idea of pregenerating something the user could then alter.
Thanks for the enlightenment on the Debian issue.

I might look into adding more entropy by calling the seedTime in more elaborate ways.

[ctoon6]

the reason you need large passwords is because, if you don't, getting bitcoins is a simple lookup once you calculated 6 or 7 characters worth of rainbow tables. so in reality, you are best off taking some pictures of a dynamic object and hashing each one and slapping the hashes together.

or a simpler solution, get some 16 blank dice, and write out the hex char set, roll 64 times and write that down. then do the required things to turn that into a public key. you could use a utility to do it for you, but then it becomes pointless to use dice to begin with, so you better learn to hash things on paper if that's even possible lol?

[nmat]

Honestly, for the time being, I would be happy just with a QR code. It would be the easiest way to get a paper wallet.

[ctoon6]

Honestly, for the time being, I would be happy just with a QR code. It would be the easiest way to get a paper wallet.

http://sourceforge.net/projects/zint/

it will make pretty much every barcode in the world today.

[nmat]

http://sourceforge.net/projects/zint/

it will make pretty much every barcode in the world today.

Of course there are other ways. I could just copy the private key, paste it at wolfram alpha and print the QR Code. But having a complete wallet just by opening an html file is a much more clean and attractive solution.

[ctoon6]

http://sourceforge.net/projects/zint/

it will make pretty much every barcode in the world today.

Of course there are other ways. I could just copy the private key, paste it at wolfram alpha and print the QR Code. But having a complete wallet just by opening an html file is a much more clean and attractive solution.

i thought that you did not want to use them because they are transferring data over the internet, and the last thing you want is to transfer keys. so client side offline would have been fine in that case. i see what you mean though. and i think it would be nice to have.

[pointbiz]

V0.4

2011-09-18:
bitaddress.org-v0.4-SHA1-9d3afda22f8cf526330c0387a77e4016fd050323.html
 -Known bug: Bitcoin.Base58.encode is not working in IE7
 -Removed Private Key Hex
 -Added QRCode for Bitcoin Address
 -Added QRCode for Private Key Wallet Import Format
 -Added extra entrophy with mouse movement technique
 -Footer now hides when printing
 -QRCode shows with canvas, if canvas is not supported (IE8) then it shows
  with a table. Printing of the table is not supported by most browsers.

[ctoon6]

V0.4
http://www.bitaddress.org/bitaddress.org-v0.4-SHA1-9d3afda22f8cf526330c0387a77e4016fd050323.html

2011-09-18:
bitaddress.org-v0.4-SHA1-9d3afda22f8cf526330c0387a77e4016fd050323.html
 -Known bug: Bitcoin.Base58.encode is not working in IE7
 -Removed Private Key Hex
 -Added QRCode for Bitcoin Address
 -Added QRCode for Private Key Wallet Import Format
 -Added extra entrophy with mouse movement technique
 -Footer now hides when printing
 -QRCode shows with canvas, if canvas is not supported (IE8) then it shows
  with a table. Printing of the table is not supported by most browsers.

nice

[nmat]

Hum... It doesn't work on my iPhone. Maybe because I can't move my mouse around? It hangs on "Generating Bitcoin Address...".

Anyway, a cellphone probably isn't the best place to use this.

[TTBit]

Am I doing this right?

according to bitaddress.org, the address is:12DM8vG8pytcE8Q9CBj2LQnctiRRdoZ5aZ
with private key of: 5Je7CkWTzgdo1RpwjYhwnVKxQXt8EPRq17WZFtWcq5umQdsDtTP

However, pywallet doesn't agree:

Code:

C:\Python27>pywallet.py --info --importprivkey=5Je7CkWTzgdo1RpwjYhwnVKxQXt8EPRq1
7WZFtWcq5umQdsDtTP
'ecdsa' package is not installed, pywallet won't be able to sign/verify messages

Address (Bitcoin): 1M6dsMZUjFxjdwsyVk8nJytWcfr9tfUa9E
Privkey (Bitcoin): 5Je7CkWTzgdo1RpwjYhwnVKxQXt8EPRq17WZFtWcq5umQdsDtTP
Hexprivkey: 6c9565b3eef4ef9e01c216e1910763a5f94cf3654c059e8c67a348d10ae39c28

edit: seems to work for further addresses. I printed the one above out, so I'm not crazy, looking at it now.