Bitcoin Forum
November 02, 2024, 02:12:59 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 [32] 33 34 35 36 37 38 39 40 41 42 43 44 45 46 »
  Print  
Author Topic: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key  (Read 153343 times)
birr
Hero Member
*****
Offline Offline

Activity: 870
Merit: 585


View Profile
May 01, 2014, 01:02:41 AM
 #621

It occurs to me that if one wants to go to the trouble of generating truly random strings, then you don't have to go through bitaddress.org to make your key.
Bitaddress.org uses a hash to generate a 256 bit number from your passphrase.  But if you are going to generate entropy legitimately, you can just cut straight to the chase.  Skip the hash.  Generate a 256 bit random number and use the number itself as the payload.  This 256 bits is your real private key; you just have to encode it in base58check (Wallet Import Format) to make a key you can use.  There's a fairly simple process to do that, involving a couple of hashes to generate the checksum (this is built into Bitaddress.org, but you are skipping the passphrase hashing step so you have to do the encoding yourself).  
Any linux distro ought to be able to do the hashes.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
May 01, 2014, 01:08:21 AM
 #622

It occurs to me that if one wants to go to the trouble of generating truly random strings, then you don't have to go through bitaddress.org to make your key.
Bitaddress.org uses a hash to generate a 256 bit number from your passphrase.  But if you are going to generate entropy legitimately, you can just cut straight to the chase.  Skip the hash.  Generate a 256 bit random number and use the number itself as the payload.  This 256 bits is your real private key; you just have to encode it in base58check (Wallet Import Format) to make a key you can use.  There's a fairly simple process to do that, involving a couple of hashes to generate the checksum (this is built into Bitaddress.org, but you are skipping the passphrase hashing step so you have to do the encoding yourself).  
Any linux distro ought to be able to do the hashes.


did you mean "Skip the passphrase"?
birr
Hero Member
*****
Offline Offline

Activity: 870
Merit: 585


View Profile
May 01, 2014, 01:32:11 AM
 #623

Yes.
By generating a random 256 bit number you are skipping the first step of making a passphrase, and the second step of hashing the passphrase to get a 256 bit number.
I just generated a 256 bit number by going to random.org and telling it to generate a random number in the range of 0 to 65535.  That's 65536 possibilities, which is 16^4 or four hex characters.  So if you do this 16 times, you can get 64 hex characters, which is a private key.  Random.org generates decimal numbers, so you convert 16 numbers from random.org into hex and you get sixteen four-digit hex numbers that you can concatenate for the private key.  Then you can encode it into base58check.  Brainwallet.org will do that for you, but for the paranoid, it can be done at the linux command line.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
May 01, 2014, 01:54:54 AM
 #624

Yes.
By generating a random 256 bit number you are skipping the first step of making a passphrase, and the second step of hashing the passphrase to get a 256 bit number.
I just generated a 256 bit number by going to random.org and telling it to generate a random number in the range of 0 to 65535.  That's 65536 possibilities, which is 16^4 or four hex characters.  So if you do this 16 times, you can get 64 hex characters, which is a private key.  Random.org generates decimal numbers, so you convert 16 numbers from random.org into hex and you get sixteen four-digit hex numbers that you can concatenate for the private key.  Then you can encode it into base58check.  Brainwallet.org will do that for you, but for the paranoid, it can be done at the linux command line.

why isn't the 99 dice roll method better than this?
birr
Hero Member
*****
Offline Offline

Activity: 870
Merit: 585


View Profile
May 01, 2014, 02:07:38 AM
 #625

Yes.
By generating a random 256 bit number you are skipping the first step of making a passphrase, and the second step of hashing the passphrase to get a 256 bit number.
I just generated a 256 bit number by going to random.org and telling it to generate a random number in the range of 0 to 65535.  That's 65536 possibilities, which is 16^4 or four hex characters.  So if you do this 16 times, you can get 64 hex characters, which is a private key.  Random.org generates decimal numbers, so you convert 16 numbers from random.org into hex and you get sixteen four-digit hex numbers that you can concatenate for the private key.  Then you can encode it into base58check.  Brainwallet.org will do that for you, but for the paranoid, it can be done at the linux command line.

why isn't the 99 dice roll method better than this?
I had to go look at the bitaddress.org website to see what you're talking about.
I didn't know bitaddress.org had a place where you could input a raw number as a key, and have it do the WIF conversion for you.
Whether you use random.org, dice or cards, it's the same thing.  You generate a 256 bit number (randomly).  That's your key.
Actually, 6^99 = 2^255.9112876 so it's not ezackly 256 bits.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
May 01, 2014, 02:12:07 AM
 #626

Yes.
By generating a random 256 bit number you are skipping the first step of making a passphrase, and the second step of hashing the passphrase to get a 256 bit number.
I just generated a 256 bit number by going to random.org and telling it to generate a random number in the range of 0 to 65535.  That's 65536 possibilities, which is 16^4 or four hex characters.  So if you do this 16 times, you can get 64 hex characters, which is a private key.  Random.org generates decimal numbers, so you convert 16 numbers from random.org into hex and you get sixteen four-digit hex numbers that you can concatenate for the private key.  Then you can encode it into base58check.  Brainwallet.org will do that for you, but for the paranoid, it can be done at the linux command line.

why isn't the 99 dice roll method better than this?
I had to go look at the bitaddress.org website to see what you're talking about.
I didn't know bitaddress.org had a place where you could input a raw number as a key, and have it do the WIF conversion for you.
Whether you use random.org, dice or cards, it's the same thing.  You generate a 256 bit number (randomly).  That's your key.
Actually, 6^99 = 2^255.9112876 so it's not ezackly 256 bits.

Yep, not ezackly Wink

But I think it's better because it's a physical method not susceptible to a website compromise.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
May 01, 2014, 02:34:18 AM
 #627

For instance, why do these 2 urls go to the same apparent website?

https://www.random.org/
http://www.random.org/
birr
Hero Member
*****
Offline Offline

Activity: 870
Merit: 585


View Profile
May 03, 2014, 05:57:45 PM
 #628

For instance, why do these 2 urls go to the same apparent website?

https://www.random.org/
http://www.random.org/
Touche'
Looks like both url's go to www.random.org, the difference is whether you use SSL, am I right about that? 

Depending on what you want to use it for, you might want to make sure you get the one that uses SSL.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
May 03, 2014, 06:05:24 PM
 #629

For instance, why do these 2 urls go to the same apparent website?

https://www.random.org/
http://www.random.org/
Touche'
Looks like both url's go to www.random.org, the difference is whether you use SSL, am I right about that?  

Depending on what you want to use it for, you might want to make sure you get the one that uses SSL.

yes, https is an encrypted tunnel that should be your default whenever possible.

you don't want the NSA accusing you of generating Bitcoin keys now do you?  Wink

plus, i wonder if http://www.random.org/ a monitored site?
birr
Hero Member
*****
Offline Offline

Activity: 870
Merit: 585


View Profile
May 03, 2014, 06:19:36 PM
 #630


you don't want the NSA accusing you of generating Bitcoin keys now do you?  Wink

plus, i wonder if http://www.random.org/ a monitored site?
You are so harshing my mellow!
Time to get a VPN?  Or use a live USB with tails, which goes through tor.  But the tor exit node might just be run by the NSA. Shocked
bruter
Newbie
*
Offline Offline

Activity: 18
Merit: 0


View Profile
May 16, 2014, 08:07:15 AM
 #631

pointbiz

SHA1 is compromised and it is possible to make file with the same SHA1 hash like published here in the first page.

Can you change verification algorithm with some more secure, please?
Newar
Legendary
*
Offline Offline

Activity: 1358
Merit: 1001


https://gliph.me/hUF


View Profile
June 02, 2014, 11:03:56 AM
 #632

Would it be possible (make sense) to let us use our own generated private keys for the split wallet? I.e. a box on that tab to paste a private key?

OTC rating | GPG keyid 1DC91318EE785FDE | Gliph: lightning bicycle tree music | Mycelium, a swift & secure Bitcoin client for Android | LocalBitcoins
silversurfer1958
Full Member
***
Offline Offline

Activity: 474
Merit: 111



View Profile
June 13, 2014, 12:46:58 PM
 #633

I understand that Devs don't like Brainwallets because they know people are going to resort to the same sort of easy to remember  passwords that they already use.
What's needed is a way of hardening private keys generated by Brainwallets from attack from Rainbow table generation.

I understand that the way brainwallets are created now is   Sha256(Pswd)

Wouldn't a simple way to slow down the creation of rainbow tables be to use Sha256(Bcrypt(Pswd))

It would never protect a truly bad password like 'password123' but would help harden moderately good passwords. from attack.


spiccioli
Legendary
*
Offline Offline

Activity: 1379
Merit: 1003

nec sine labore


View Profile
July 03, 2014, 06:49:47 AM
 #634

Hi,

I'm trying to create a BIP38 password protected paper wallet on windows XP 32bit using firefox 30 but it never completes the task, opening the web console I see an out of memory exception a few seconds after it starts making them.

See attached image.

http://imgur.com/BNjhW2r

Normal paper wallets are created without problems.

Best regards.

spiccioli
gadman2
Legendary
*
Offline Offline

Activity: 978
Merit: 1001



View Profile
July 21, 2014, 11:05:10 AM
 #635

Is there a way to take this website offline and put it on a thumb drive or a external hard drive. Maybe even a smart phone?

maxmint
Hero Member
*****
Offline Offline

Activity: 700
Merit: 500



View Profile
July 21, 2014, 11:06:04 AM
 #636

Is there a way to take this website offline and put it on a thumb drive or a external hard drive. Maybe even a smart phone?

You can just download it from GitHub:
https://github.com/pointbiz/bitaddress.org

My PGP-Key: 462D02D8
Verify my messages using keybase: https://keybase.io/maxmint
ljpravnik
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
July 26, 2014, 10:19:23 PM
 #637

Would it be possible (make sense) to let us use our own generated private keys for the split wallet? I.e. a box on that tab to paste a private key?

Of course it makes sense. I was so annoyed because of this feature missing that I decided to start learning javascript. Because I am not a programmer it took me one whole day to figure it out.

Under "splitKey: function" replace the line:
var key = new Bitcoin.ECKey(false)

with this line:
var mykey = document.getElementById("combineinput").value.replace(/^\s+|\s+$/g, "").toString();
if ("combineinput" == "") {var key = new Bitcoin.ECKey(false)} else {var key = new Bitcoin.ECKey(mykey)};


Now you can enter your private key into the box under "Enter Available Shares (whitespace separated)" and press the generate button. If you leave the box empty it will generate (and split) new private key.

Newar
Legendary
*
Offline Offline

Activity: 1358
Merit: 1001


https://gliph.me/hUF


View Profile
July 28, 2014, 02:36:18 AM
 #638

Would it be possible (make sense) to let us use our own generated private keys for the split wallet? I.e. a box on that tab to paste a private key?

Of course it makes sense. I was so annoyed because of this feature missing that I decided to start learning javascript. Because I am not a programmer it took me one whole day to figure it out.

Under "splitKey: function" replace the line:
var key = new Bitcoin.ECKey(false)

with this line:
var mykey = document.getElementById("combineinput").value.replace(/^\s+|\s+$/g, "").toString();
if ("combineinput" == "") {var key = new Bitcoin.ECKey(false)} else {var key = new Bitcoin.ECKey(mykey)};


Now you can enter your private key into the box under "Enter Available Shares (whitespace separated)" and press the generate button. If you leave the box empty it will generate (and split) new private key.



Excellent effort! I will give it a go.

Did you submit a pull request?

OTC rating | GPG keyid 1DC91318EE785FDE | Gliph: lightning bicycle tree music | Mycelium, a swift & secure Bitcoin client for Android | LocalBitcoins
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
August 10, 2014, 02:21:57 PM
 #639

new SSL fingerprint for cert expiring sept 2019
44:29:59:A4:66:44:C7:EC:43:DF:22:AE:1A:B3:9E:E3:64:44:10:F8

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
pointbiz (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
August 10, 2014, 02:42:56 PM
 #640

Hi,

I'm trying to create a BIP38 password protected paper wallet on windows XP 32bit using firefox 30 but it never completes the task, opening the web console I see an out of memory exception a few seconds after it starts making them.

See attached image.

http://imgur.com/BNjhW2r

Normal paper wallets are created without problems.

Best regards.

spiccioli


There are minimum hardware requirements for BIP38 so there won't be any way to fix this.

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 [32] 33 34 35 36 37 38 39 40 41 42 43 44 45 46 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!