Pages:
Author

Topic: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key - page 10. (Read 153479 times)

sr. member
Activity: 437
Merit: 415
1ninja
The error is uncaught and shows in the console:
Checksum validation failed!

Yes, I'll fix it so that the error is handled and shown to the user. No one can lose money due to that bug, so I'll fit it in with the next release.

Thanks for reporting it.

v3.2.0 still shows "uncaught exception: Checksum validation failed!" in console.


Sorry, still on my TODO.
donator
Activity: 674
Merit: 523
The error is uncaught and shows in the console:
Checksum validation failed!

Yes, I'll fix it so that the error is handled and shown to the user. No one can lose money due to that bug, so I'll fit it in with the next release.

Thanks for reporting it.

v3.2.0 still shows "uncaught exception: Checksum validation failed!" in console.
hero member
Activity: 836
Merit: 1007
"How do you eat an elephant? One bit at a time..."
I'm trying to understand the use case/purpose for having the compressed address. Can anyone enlighten?

sr. member
Activity: 437
Merit: 415
1ninja
v3.2.0
https://www.bitaddress.org/bitaddress.org-v3.2.0-SHA256-ad4fd171c647772aa76d0ce828731b01ca586596275d43a94008766b758e8736.html
 - switch languages without full page load
 - add BIP38 encryption to Bulk Wallet
 - use compressed addresses on Single/Paper/Bulk Wallet
 - add compressed address option on Brain Wallet
sr. member
Activity: 263
Merit: 280
I published a branch with bip38 encryption on the wallet details tab.


Thank you very much!


Tip for you!
sr. member
Activity: 437
Merit: 415
1ninja
Not sure if this is a bug:

If I manually change a letter in a private key and click "View Details" (wallet details tab), I don't get any error message but text and QR codes are not displayed either.

For example:
1. generate private key like: 5KjQAHniFiy18SU7eenyJ9EPYUkjrbiBPfDqw987QjT5vehVQZV
2. paste address into "Wallet Details" tab
3. manually change something, for example
  5KjQAHniFiy18SU7eenyJ9EPYUkjrbiBPfDqw987QjT5vehVQZV
  5kjQAHniFiy18SU7eenyJ9EPYUkjrbiBPfDqw987QjT5vehVQZV
  (at the beginning uppercase is changed from "5K" to "5k")
3. click "View Details"

Nothing happens... no text, no QR code, no Error message.

Would it be possible to get "CRC Error" message or something like that?


The error is uncaught and shows in the console:
Checksum validation failed!

Yes, I'll fix it so that the error is handled and shown to the user. No one can lose money due to that bug, so I'll fit it in with the next release.

Thanks for reporting it.
donator
Activity: 674
Merit: 523
Not sure if this is a bug:

If I manually change a letter in a private key and click "View Details" (wallet details tab), I don't get any error message but text and QR codes are not displayed either.

For example:
1. generate private key like: 5KjQAHniFiy18SU7eenyJ9EPYUkjrbiBPfDqw987QjT5vehVQZV
2. paste address into "Wallet Details" tab
3. manually change something, for example
  5KjQAHniFiy18SU7eenyJ9EPYUkjrbiBPfDqw987QjT5vehVQZV
  5kjQAHniFiy18SU7eenyJ9EPYUkjrbiBPfDqw987QjT5vehVQZV
  (at the beginning uppercase is changed from "5K" to "5k")
3. click "View Details"

Nothing happens... no text, no QR code, no Error message.

Would it be possible to get "CRC Error" message or something like that?
legendary
Activity: 2940
Merit: 1333
I published a branch with bip38 encryption on the wallet details tab. It addresses the requests on this thread and the issue posted on github:

Looks good. Thanks.

I'd like to be able to 'skip entropy collection', like I added to https://clamaddress.org/ (a fork of bitaddress). I took the code for that from the bitcoinpaperwallet fork.
legendary
Activity: 2940
Merit: 1333
Quick question, does anyone know if Blockchain.info store the private key from a watch only address once you use on their site to authorize a payment?  i used the private key created on Bitaddress the other day to do such a thing.

I don't know, but you should assume that they (or your own computer) store it and will one day leak it to a hacker.

To assume anything else is dangerous. You're presumably using bitaddress.org for offline storage. Once you've entered a private key online, consider it compromised, and move any remaining funds to a new address.
donator
Activity: 674
Merit: 523
Thanks pointbiz, it works perfectly!

Just a sugesiton: For intermediate user everything is clear. If you are a beginner or just started playing around with key generation and bip38 stuff,  I guess you would get lost in "Details tab".  Maybe separate tab with a little bit of explanation would help a lot.
sr. member
Activity: 437
Merit: 415
1ninja
I published a branch with bip38 encryption on the wallet details tab. It addresses the requests on this thread and the issue posted on github:
https://github.com/pointbiz/bitaddress.org/issues/44

Here is the branch:
https://github.com/pointbiz/bitaddress.org/tree/bip38walletdetails

Here is the raw html:
https://raw.githubusercontent.com/pointbiz/bitaddress.org/bip38walletdetails/bitaddress.org.html

Please take a look and give me feedback. I'm wondering if this is what people are looking for. Also, wondering if the usability is good.

Each Private Key could have a few different BIP38 keys. This is because there is more than one way to generate a BIP38 key.

Here is an example. The Paper Wallet tab would generate an "EC Multiply" BIP38 key like #1 below. It's uncompressed and uses an intermediate point derived from the passphrase then mixed with random data to make the encrypted key.
Passphrase: TestingOneTwoThree
1) EC Multiply, no compression, 6PfQu77ygVyJLZjfvMLyhLMQbYnu5uguoJJ4kMCLqWwPEdfpwANVS76gTX   5K4caxezwjGCGfnoPTZ8tMcJBLB7Jvyjv4xxeacadhq8nLisLR2

If I take the WIF key above ('5xxx') then I use it on the Wallet Details tab using the passphrase above I get this BIP38 key that does NOT use "EC Multiply".
2) no EC Multiply, no compression, 6PRNpUxL88gG5GeAGqQnEpTzLfzCNaq91m8TmMwMsAqWrfG9SA4CiMsCBJ   5K4caxezwjGCGfnoPTZ8tMcJBLB7Jvyjv4xxeacadhq8nLisLR2

If you take the compressed WIF key and use it on the Wallet Details tab using the passphrase above you'll get yet another BIP38 key because this key will keep track of the compression flag so you can generate the Bitcoin Address for the compressed public key.
3) no EC Multiply, compression, 6PYMHFJQL84b73nEHQcfQYzGbvnPGufT4VkxC9aHr2gWJBkvpnQZtJrrMk   L2ix4teikZY4kAD9k8Cqofxnpbdcr9FSREVzcsN3T1DTLkDhHDkk

To keep things simple for users I just show one key. When decrypting a BIP38 key then I just show that key. When encrypting you get the uncompressed no EC multiply BIP38 key. Unless you use the compressed WIF key then you get the compressed no EC multiply BIP38 key. I considered that these details are not important for end users. Hence, why I just show one of these versions at any given time because you can always get the same private key out anyways.
sr. member
Activity: 437
Merit: 415
1ninja
Great resource PointBiz, thanks very much.  Small donantion left.  Grin

Quick question, does anyone know if Blockchain.info store the private key from a watch only address once you use on their site to authorize a payment?  i used the private key created on Bitaddress the other day to do such a thing.

again, many thanks

Thanks!
hero member
Activity: 1106
Merit: 521
Great resource PointBiz, thanks very much.  Small donantion left.  Grin

Quick question, does anyone know if Blockchain.info store the private key from a watch only address once you use on their site to authorize a payment?  i used the private key created on Bitaddress the other day to do such a thing.

again, many thanks
hero member
Activity: 870
Merit: 585
Looking for which browsers support getRandomValues, I found
http://caniuse.com/#feat=getrandomvalues
Does anyone here know whether dolphin browser supports getRandomValues?  Didn't find any information on it.
legendary
Activity: 1722
Merit: 1000
How useless is a wallet when that random numbers warning comes up?

TL;DR The uniqueness gathered from your browser and the mouse movements should be enough "randomness"  for a secure wallet.

If you take the about 60 bits from browser uniqueness + current date/time and 1 bit for every mouse point (each point is worth more than one bit) and the site collects at least 200 mouse points then you have more than 256 bits (the length of a Bitcoin Private Key). This is the seed for the PRNG. If the PRNG has a flaw you are at risk. This is why the site warns people to use a browser that supports getRandomValues (OS level entropy) because if you have that then the site XORs the PRNG output with the getRandomValues output to protect you from flaws in either of those random generators.

Sweet thanks for the explanation.
sr. member
Activity: 437
Merit: 415
1ninja
How useless is a wallet when that random numbers warning comes up?

TL;DR The uniqueness gathered from your browser and the mouse movements should be enough "randomness"  for a secure wallet.

If you take the about 60 bits from browser uniqueness + current date/time and 1 bit for every mouse point (each point is worth more than one bit) and the site collects at least 200 mouse points then you have more than 256 bits (the length of a Bitcoin Private Key). This is the seed for the PRNG. If the PRNG has a flaw you are at risk. This is why the site warns people to use a browser that supports getRandomValues (OS level entropy) because if you have that then the site XORs the PRNG output with the getRandomValues output to protect you from flaws in either of those random generators.
legendary
Activity: 1722
Merit: 1000
How useless is a wallet when that random numbers warning comes up?
donator
Activity: 674
Merit: 523
I will add BIP38 encryption on the wallet details tabs. It will be a checkbox beside the View Details button. When checked it will make the passphrase visible so you can then encrypt your key.

Great! I've been waiting for this feature patiently. Thank you for continuously improving bitaddress! I guess it's donation time again : )
sr. member
Activity: 437
Merit: 415
1ninja
The next two features I'm planning to add are:
1) improve instructions for verifying signature (.sig) vs checking the SHA256 hash.
I'm going to look at Canton Becker's bitcoinpaperwallet.com for inspiration. He's got a good tutorial for doing this.

2) wallet details tab bip38 encrypt:
https://github.com/pointbiz/bitaddress.org/issues/44
Pages:
Jump to: