Minimal Python address generator

[weex]

For a project I'm working on I wanted a tool that would create a new address and print it out with a private key. The goals are:

* Minimal so it's as easy (as such a thing can be) to read and audit
* Runs on any machine with minimal setup
* Runs locally, not web-based.

Obviously bitaddress.org does much more but as I intend to recommend this for the most secure storage scenarios, I prefer a simpler script rather than a full interface.

Joric in #bitcoin-dev was kind enough to throw something together and I've made a couple minor tweaks to simplify it.

It is hosted at my github at https://github.com/weex/addrgen

My hope is that for simple generation of random/non-vanity addresses in secure scenarios that this can be used and recommended.

Please recommend ways that this script or any process that used it can reduce the chance of the private key being stolen.

Thanks,

weex

[1714118386]

1714118386

[grondilu]

It is not python but have you considered using my bitcoin bash tools?

Code:

$ . bitcoin.sh
$ newBitcoinKey
---
WIF: 5KFtidLNEgFicv1QWGjMUECprKEQdLEqDGA7V5F8PJDZxaazRG7
bitcoin address: 1NZunrMgUVoe7H46GZW3x1NUxGPSyJUCSL
public key: 048EB823CBA7A29B9E8DE312E1F7516333D2754C2A7C480218C4E16E0CAB0E782EFFA715E5AB89426C948827A384CF32ECE0E8DE8625F2B124F40630CCA720997A

It only requires openssl and dc.

[weex]

I did not consider that as I couldn't find it when I searched. As mentioned in my second feature, I would like windows users to be able to run it fairly easily. Python is a bit easier to install than bash(using cygwin is what comes to mind) on Windows.

[dunand]

Nice tool Grondilu.

[weex]

I get that all the time. You should thank Joric though as he's the one that really put it together.

[Stardust]

Great tool Grondilu. Well I was a fan before this addition of the bitcoin bash tools.

[smokeyrd]

Im more than a bit late to this thread but... I am just starting out on python and see where the script defines the functions but for whatever reason I do not see where the functions are actually called I know there's some way to trace the program and will look into that but wanted to post here to see if anyone is able to assist my nubness.

[Remember remember the 5th of November]

Im more than a bit late to this thread but... I am just starting out on python and see where the script defines the functions but for whatever reason I do not see where the functions are actually called I know there's some way to trace the program and will look into that but wanted to post here to see if anyone is able to assist my nubness.

Which functions arent called?

[andytoshi]

The majority of the python code is "classic Joric" address-from-user-passphrase generation, defaulting to a single round of SHA256 to coerce a passphrase into a key. It looks like the program itself wisely ignores all this and simply uses OpenSSL's random keygen functionality. So for example the function `generate` is 14 lines long but only the very last one is actually ever used, the rest is just there to compromise your security in case you call the function wrong.

[weex]

The majority of the python code is "classic Joric" address-from-user-passphrase generation, defaulting to a single round of SHA256 to coerce a passphrase into a key. It looks like the program itself wisely ignores all this and simply uses OpenSSL's random keygen functionality. So for example the function `generate` is 14 lines long but only the very last one is actually ever used, the rest is just there to compromise your security in case you call the function wrong.

Are you saying you wouldn't consider this safe to use if you modify it to use the passphrase AND the passphrase has 160+ bits of entropy?

[deepceleron]

It looks like the program itself wisely ignores all this and simply uses OpenSSL's random keygen functionality. So for example the function `generate` is 14 lines long but only the very last one is actually ever used, the rest is just there to compromise your security in case you call the function wrong.

I hadn't seen this before, but I am agreed. What's on the repo just uses "EC_KEY_new_by_curve_name" to have whatever ssl library happens to be on the system generate a random number for the curve. There's lots of functions that are never reached. Hopefully the system library still gives back a secp256k1 curve for NID 714. Even if you trust a 10 year old Microsoft library to do what it's supposed to without NSA backdoors in the RNG, it could have been altered or replaced by a virus or rootkit.

Since this thread got a bump, I'll refer people to https://bitcointalk.org/index.php?topic=361092.0 for making strong random addresses, or https://github.com/vbuterin/pybitcointools for Python functions that include all the EC math that Bitcoin needs.