1.
Isn't the difficulty calculation still wrong?
1LoyceVa: $2.00 case sensitive.
1LoyceVa: $1.50 case insensitive.
The Y, C, E, V and A can all change case, that's 2
5 more valid results. Shouldn't the case insensitive address be 97% cheaper instead of only 25%?
My vanitygen stopped working (and doesn't compile anymore) so I can't check it.
Even if we get hacked all the hackers will have is Public Key,SPLiTKEY provided partialpriv and your email address.
2.
There's a flaw: you made your own merge tool, and if anyone would get access to your account, it could get compromised. A fake random for instance would put your funds at risk. I think it's much better to (recommend to) use the original Bitaddress. Even if you "just" forked it, checking it is a lot of work.
3.
I tested the service, and got 1LoyceV in about a minute. I used online Bitaddress for this test, so it's totally compromised.
I've numbered your concerns and will address them accordingly. Thank you for your feedback
1.
We understand that "True" difficulty says one thing but we've done a lot of back end testing and have concluded that time is the big enemy
even if calculated that its 97% easier the time it takes to generate is still probable based on our in house formula.
We would assume case insensitive 1ABCDEFG is very easy to generate based on difficulty but the truth is it still takes the same amount of time\2 to generate
since time is $ and all case insensitive scenarios take about half as long or slightly more we felt it best to max deduce 50% if all prefixes are case-able.
if partially case-able we've chosen %30, whether its 1 letter or all but 1 letter.
2.
Your absolutely correct on this, But is an
"if" scenario that can be addressed via MD5 Checksums.
We will promptly implement this to address this concern and put the checksum on the site & github and here and possibly something like steemit that cant be edited.
Great point out! Much Thanks!In a worst case scenario of everything being (gh/server ect) compromised the site is registered to valid CC with multifactor auth measures implemented and everything can be taken down and promptly addressed.
edit- Added SHA256 Checksum
You can verify the tool with SHA256 (5/7/22)
3.
Thats great to know! I hope more feedback comes in like this, I value it and appreciate it more than you know.