Verify Dice Rolls on Windows Offline PC?

[zappylappy]

I roll the dice and generate a Private key with the bitaddress.org script on an airgapped Windows PC.

To be sure that the bitaddress.org works as expected I want to double check the conversion of the dice rolls to the Private Key.

However I found no script that runs in the browser (like bitaddress does) and takes the base6 dice rolls as input.

Any hints or ideas?

[1714645849]

1714645849

[1714645849]

1714645849

[1714645849]

1714645849

[1714645849]

1714645849

[NotATether]

If you install Python 3, will this script suffice if you run it from Command Prompt?

I don't have an HTML version of this, sorry.

Code:

import math
import hashlib
import codecs
import sys

def main():
    s = input("Enter the dice numbers: ")
    # Ensure that we have a 256-bit number
    digit2 = math.floor(math.log(6*len(s))/math.log(2) + 1)
    if digit2 > 256:
        raise ValueError("Number greater than 256 bits")
    s0 = sixtozero(s)
    i = to_int(s0)
    h1 = hex(i)
    h2 = hex_no0x(i)
    p = construct_privkey(h2)
    b = base58(p)
    print("Private key hex: {}".format(h1))
    print("Private key WIF: {}".format(b))

def hex_no0x(a):
    b = hex(a)[2:]
    return b

# https://gist.github.com/Jun-Wang-2018/3105e29e0d61ecf88530c092199371a7
def construct_privkey(PK0):
    PK0 = '{:0>64}'.format(PK0)
    PK1 = '80'+ PK0
    PK2 = hashlib.sha256(codecs.decode(PK1, 'hex'))
    PK3 = hashlib.sha256(PK2.digest())
    checksum = codecs.encode(PK3.digest(), 'hex')[0:8]
    PK4 = PK1 + str(checksum)[2:10] 
    return PK4

# Define base58
def base58(address_hex):
    alphabet = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
    b58_string = ''
    # Get the number of leading zeros
    leading_zeros = len(address_hex) - len(address_hex.lstrip('0'))
    # Convert hex to decimal
    address_int = int(address_hex, 16)
    # Append digits to the start of string
    while address_int > 0:
        digit = address_int % 58
        digit_char = alphabet[digit]
        b58_string = digit_char + b58_string
        address_int //= 58
    # Add ‘1’ for each 2 leading zeros
    ones = leading_zeros // 2
    for one in range(ones):
        b58_string = '1' + b58_string
    return b58_string


def sixtozero(s):
    l = list(s)
    for i in range(0,len(s)):
        if s[i] == "6":
            l[i] = "0"
    return "".join(l)

def to_int(s):
    si = int(s, 6)
    return si

if __name__ == "__main__":
    main()

Code:

Enter the dice numbers: 123456
Private key hex: 0x2bb6
Private key WIF: 5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEss1w8VWDR3

Note that this code assumes that 6 represents 0 in base6, which can only represent the numbers 0,1,2,3,4,5.

[HCP]

Did you not try the suggestions from your previous thread? https://bitcointalk.org/index.php?topic=5320649.0

You should be able to install Cygwin on the offline machine which will give you the ability to use "bash" scripts... instructions for an offline install are here: https://wincrunch.com/cygwin-offline-installer-download-windows-7-8-10-xp-vista/

[zappylappy]

Did you not try the suggestions from your previous thread? https://bitcointalk.org/index.php?topic=5320649.0

You should be able to install Cygwin on the offline machine which will give you the ability to use "bash" scripts... instructions for an offline install are here: https://wincrunch.com/cygwin-offline-installer-download-windows-7-8-10-xp-vista/

I read the suggestions, but - as I was asking - I am looking for a script that runs in a browser: I want to keep the codebase as small as possible. Bigger codebase means more complexity and means less security.

I solved the problem and wrote a JavaScript:


<sup><script>
function parser(str) {
    let num = 0n;
    base = BigInt(6);
    for (const digit of str) {
        num *= base;
        num += BigInt(parseInt(digit, 6));
    }
    return num;
}

const big = "012345... <put your 99 dice rolls here>";
const num = parser(big);
const base16 = num.toString(16);
document.write (base16);
</script></sup>

[bob123]

I read the suggestions, but - as I was asking - I am looking for a script that runs in a browser: I want to keep the codebase as small as possible. Bigger codebase means more complexity and means less security.

I solved the problem and wrote a JavaScript:

More complexity does not automatically mean less security.
But i tell you what.. using javascript instead of a proper coding language actually means less security.

You should never do crypto in your browser. This includes using javascript for that.

A 20-30 line python code does not add too much complexity that it would decrease the security. Especially not compared to anything which is related to javascript.

[NotATether]

~

That's great if it solves your problem, but I noticed that yours just makes a huge integer private key out of the dice rolls and not a base58 WIF

You should never do crypto in your browser. This includes using javascript for that.

It just hit me that there is a way to extract private keys from the browser even if you are offline.

Scripts have a local storage in the browser that stores keys and values, and if some site is foolhardy enough to save private keys or other secrets there, all someone has to do is exploit a browser CVE that let's you see any site's local storage and then steal the private key at a later date.

[HCP]

I read the suggestions, but - as I was asking - I am looking for a script that runs in a browser: I want to keep the codebase as small as possible. Bigger codebase means more complexity and means less security.

And how big do you think the codebase for a browser is?

By using a browser you are exposing yourself to a huge attack surface that you have even less chance of being able to personally validate... unless you're going to audit the codebase for the browser and ensure that it isn't doing anything stupid (like NotATether mentioned above)...

A simple bash script or 20-30 line Python script will be objectively a lot more secure than trusting browser code and javascript.