[ANN] bitaddress.org Safe JavaScript Bitcoin address/private key

[pointbiz]

pointbiz

SHA1 is compromised and it is possible to make file with the same SHA1 hash like published here in the first page.

Can you change verification algorithm with some more secure, please?

I can consider switching to SHA256 however can you provide a link that proves SHA1 collision resistance is compromised?

[1714057351]

1714057351

[1714057351]

1714057351

[1714057351]

1714057351

[1714057351]

1714057351

[EcuaMobi]

Could you possibly make a wallet using a deck of cards? There are an insane amount of combinations possible, and you could at least just make a brainwallet by putting in the cards in order. Then you can just keep the deck in that order to save it.

Yes. Just shuffle a deck well and deal a few cards then enter them, using a code for each card, as the password in a brain wallet generator. Something like 1H for ace of hearts and KS for king of spades.

You need to pick the entropy you want, which will give you how many cards are needed in the deal. The whole deck gives you 52! combinations or 226 bits of entropy. You probably don't need much more than 100 bits though - so, fewer cards.

Number   Bits of
of cards   Entropy
15               82
16               87
17               93
18               98
19               103
20               108
21               113
22               118
23               123
24               128
25               132

I found this idea very interested and just finished creating and Android app to do that: Deck Wallet.

https://bitcointalk.org/?topic=811397

Any feedback is appreciated.

[jodyrb]

In addition to the "Print" buttons, would it be possible to also add a "Save" button so that the wallet information could be saved on removable storage (for example, SD Card running Raspberry PI)?

[Newar]

In addition to the "Print" buttons, would it be possible to also add a "Save" button so that the wallet information could be saved on removable storage (for example, SD Card running Raspberry PI)?

Which OS are you using? You don't have the "Print as .pdf" option in your printer dialog?

Edit: Ok, RPi   No option like that?

[Meuh6879]

French Translation about the notice.

Official Notice ... displayed on the French menu



A Bitcoin wallet is as simple as a single pairing of a Bitcoin address with it's corresponding Bitcoin private key. Such a wallet has been generated for you in your web browser and is displayed above.

To safeguard this wallet you must print or otherwise record the Bitcoin address and private key. It is important to make a backup copy of the private key and store it in a safe location. This site does not have knowledge of your private key. If you are familiar with PGP you can download this all-in-one HTML page and check that you have an authentic version from the author of this site by matching the SHA1 hash of this HTML with the SHA1 hash available in the signed version history document linked on the footer of this site. If you leave/refresh the site or press the Generate New Address button then a new private key will be generated and the previously displayed private key will not be retrievable. Your Bitcoin private key should be kept a secret. Whomever you share the private key with has access to spend all the bitcoins associated with that address. If you print your wallet then store it in a zip lock bag to keep it safe from water. Treat a paper wallet like cash.

Add funds to this wallet by instructing others to send bitcoins to your Bitcoin address.

Check your balance by going to blockchain.info or blockexplorer.com and entering your Bitcoin address.

Spend your bitcoins by going to blockchain.info and sweep the full balance of your private key into your account at their website. You can also spend your funds by downloading one of the popular bitcoin p2p clients and importing your private key to the p2p client wallet. Keep in mind when you import your single key to a bitcoin p2p client and spend funds your key will be bundled with other private keys in the p2p client wallet. When you perform a transaction your change will be sent to another bitcoin address within the p2p client wallet. You must then backup the p2p client wallet and keep it safe as your remaining bitcoins will be stored there. Satoshi advised that one should never delete a wallet.

French translation



Un porte-monnaie Bitcoin est aussi simple qu'une paire d'adresses Bitcoin dont une correspond à l'adresse privée Bitcoin.
Ce porte-monnaie affiché a été généré pour vous dans votre propre navigateur internet et est donc affiché ci-dessus.

Pour garder en sécurité ce porte-monnaie, vous devez l'imprimer ou, alternativement, enregistrer l'adresse de réception Bitcoin et la clé privée. Il est important de créer une copie de sauvegarde de la clé privée et de la stocker à un endroit sûr. Ce site n'a aucune base prédéterminée ou de sauvegarde de votre clé privée. Si vous êtes initiés à PGP, vous pouvez télécharger la version toute-en-1 de la page HTML et ainsi vérifier que vous avez une version authentique issue de l'auteur du site en comparant l'encryptage SHA1 de votre page HTML sauvegardée avec l'encryptage SHA1 disponible sur l'historique certifiée indiquée en bas de ce site. Si vous quittez ou rafraichissez ce site ou que vous appuyez sur "générer une nouvelle adresse" ... alors une nouvelle clé privée sera générée et la précédente clé privée affichée ne pourra plus être retrouvée. Votre clé privée Bitcoin doit être gardée secrète. Celui qui connaît la clé privée aura la possibilité de vider tous les bitcoins accumulés et associés à l'adresse de réception. Si vous imprimez le porte-monnaie, pensez à le mettre à l'abri de l'eau dans un sac étanche. Traitez le porte-monnaie papier comme de l'argent en espèces et billets.

Pour ajouter des fonds à votre porte-monnaie, indiquez d'envoyer les Bitcoins à votre adresse de réception.

Vérifier le contenu de votre porte-monnaie en consultant blockchain.info ou blockexplorer.com et en y tapant votre adresse de réception Bitcoin.

Pour dépenser vos bitcoins, allez sur blockchain.info et transférez l'ensemble des fonds de votre adresse privée vers le compte de ce site. Vous pouvez, aussi, dépenser vos fonds en téléchargeant un des programmes P2P bitcoin populaires et en y important votre clé privée dans un porte-monnaie P2P. Gardez à l'esprit que quand vous importez votre clé privée dans le programme P2P bitcoin et que vous dépensez vos fonds, votre clé privée sera intégrée avec d'autres clés privées dans le porte-monnaie P2P. Quand vous effectuez une transaction, le changement sera envoyé sur une autre adresse bitcoin privée à l'intérieur du porte-monnaie P2P. Vous DEVEZ, alors, faire une sauvegarde du porte-monnaie P2P et le garder en sécurité car l'ensemble des bitcoins restant y sera stocké. Satoshi a averti qu'il ne faudrait jamais supprimer un porte-monnaie.

[fran2k]

Great site and repo, lot of thanks. Great you implemented BIP38 encryption also!

[coinflow]

I've checked out the GitHub-repo, in order to fork it for a Mooncoin-paper-wallet-solution.
Can anyone here give me hint on how to adapt the relevant places in the code, in order to make it work with Mooncoin?

Thank you in advance. To the MOON!  

[coinflow]

I understand that Devs don't like Brainwallets because they know people are going to resort to the same sort of easy to remember  passwords that they already use.
What's needed is a way of hardening private keys generated by Brainwallets from attack from Rainbow table generation.

I understand that the way brainwallets are created now is   Sha256(Pswd)

Wouldn't a simple way to slow down the creation of rainbow tables be to use Sha256(Bcrypt(Pswd))

It would never protect a truly bad password like 'password123' but would help harden moderately good passwords. from attack.

Sounds good.

[hashman]

Has anybody noticed CVE-2014-6342?  
http://www.symantec.com/security_response/vulnerability.jsp?bid=70341

Many hosts are now actively blocking bitaddress.org.html. 

It seems that our method of stuffing a png file in a webpage is no longer compliant.  Is there a branch out there that uses a different style?  

[QuantumQrack]

SHA1 hash does not match.  I get:  49713367a1fa3f9ed189702064fd7cc5c3584699

[Newar]

SHA1 hash does not match.  I get:  49713367a1fa3f9ed189702064fd7cc5c3584699

\\


Looks fine to me:

Code:

user@box:~/Desktop$ wget www.bitaddress.org
--2014-12-23 10:41:14--  http://www.bitaddress.org/
Resolving www.bitaddress.org (www.bitaddress.org)... 78.47.86.61
Connecting to www.bitaddress.org (www.bitaddress.org)|78.47.86.61|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://www.bitaddress.org/bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html [following]
--2014-12-23 10:41:15--  https://www.bitaddress.org/bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html
Connecting to www.bitaddress.org (www.bitaddress.org)|78.47.86.61|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 827484 (808K) [text/html]
Saving to: ‘index.html’

100%[======================================>] 827,484     32.3KB/s   in 22s    

2014-12-23 10:41:39 (37.1 KB/s) - ‘index.html’ saved [827484/827484]

user@box:~/Desktop$ sha1sum index.html
7d47ab312789b7b3c1792e4abdb8f2d95b726d64  index.html

[QuantumQrack]

Do you have a windows machine?  I am not using linux, but using fciv.exe to compute the hash.

http://support.microsoft.com/kb/841290

I don't understand why they are different, I am using it against the file downloaded: bitaddress.org.html

C:\Users\QuantumQrack\Desktop\Verifier>fciv -sha1 H:\bitaddress.org-master\bitad
dress.org.html
//
// File Checksum Integrity Verifier version 2.05.
//
49713367a1fa3f9ed189702064fd7cc5c3584699 h:\bitaddress.org-master\bitaddress.org
.html

[Newar]

No I don't have access to a Windows machine. However I don't think the hash tool is the problem. I have tried downloading the file with different browsers before and each returned a different hash. So, the browsers add *something* to the file.

You could try a Linux off a USB stick to make sure you get the right file and then copy that to your Windows disk.

Or if you use Firefox get the Downthemall add-on, it has an inbuilt hash check function. Also works for me.

[QuantumQrack]

Ok, I will try that, thanks.

[QuantumQrack]

No I don't have access to a Windows machine. However I don't think the hash tool is the problem. I have tried downloading the file with different browsers before and each returned a different hash. So, the browsers add *something* to the file.

You could try a Linux off a USB stick to make sure you get the right file and then copy that to your Windows disk.

Or if you use Firefox get the Downthemall add-on, it has an inbuilt hash check function. Also works for me.

Downloaded and installed wget for windows.  Opened up command prompt under admin and retrieved the file.  Then downloaded sha1sum for windows, and ran that on the file.  Worked.  What an ordeal. 

[pointbiz]

No I don't have access to a Windows machine. However I don't think the hash tool is the problem. I have tried downloading the file with different browsers before and each returned a different hash. So, the browsers add *something* to the file.

You could try a Linux off a USB stick to make sure you get the right file and then copy that to your Windows disk.

Or if you use Firefox get the Downthemall add-on, it has an inbuilt hash check function. Also works for me.

Downloaded and installed wget for windows.  Opened up command prompt under admin and retrieved the file.  Then downloaded sha1sum for windows, and ran that on the file.  Worked.  What an ordeal. 

Save as HTML only... IE/FF/Chrome have an option like that. That should work and would be simpler.

Or download latest zip release from github:
https://github.com/pointbiz/bitaddress.org/releases/tag/v2.9.6

package.json has the SHA1 and SHA256 hashes. Also provided is a detached sig of the html.

[minimalB]

Is there any chance/plan to add something like "Generate & Encrypt Private Key" available at https://bit2factor.org where you can enter existing private key and create encrypted BIP38 version out of it.

Maybe for version v3?

[pointbiz]

Is there any chance/plan to add something like "Generate & Encrypt Private Key" available at https://bit2factor.org where you can enter existing private key and create encrypted BIP38 version out of it.

Maybe for version v3?

I can consider it. I had some plans for v3 and got busy and forgot most of my plans. For now I'm just getting the latest translations merged and released.

[pointbiz]

v2.9.7
https://www.bitaddress.org/bitaddress.org-v2.9.7-SHA256-1b0f71dfc2e064426328c15c4dbd1f467cb26afe0e84841347ad11d8ca668f70.html
- Japanese translations for Split Wallet. Thanks dabura667.
- remove promise to show MINI key on details tab. MINI key will only be shown when it is provided since it cannot be derived from other key formats.
- fix README
- Russian translations. Thanks e5faf2.
- Simplified Chinese translations. Thanks kwl01skz.
- add direct link to zip on github
- add this CHANGELOG to repository and add detached sigs in repository. add link to sig of HTML.
- hash with SHA256 instead of SHA1. SHA1 hash still provided in package.json.


This release offers more options for verifying the authenticity. There is a link from the HTML website to the same version on github. SHA256 is now used for the hash. The SHA1 hash is still available in the package.json. There is a detached signature hosted on the website and available in the github zip. For those who use PGP it's easier to verify things with the detached signature.

[TheButterZone]

Gah, 3 new (to me) versions I've downloaded in 3 days now.