Topic: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key - page 10. (Read 152995 times)

Sorry, still on my TODO.

v3.2.0 still shows "uncaught exception: Checksum validation failed!" in console.

I'm trying to understand the use case/purpose for having the compressed address. Can anyone enlighten?

v3.2.0
https://www.bitaddress.org/bitaddress.org-v3.2.0-SHA256-ad4fd171c647772aa76d0ce828731b01ca586596275d43a94008766b758e8736.html
 - switch languages without full page load
 - add BIP38 encryption to Bulk Wallet
 - use compressed addresses on Single/Paper/Bulk Wallet
 - add compressed address option on Brain Wallet

Thank you very much!


Tip for you!

The error is uncaught and shows in the console:
Checksum validation failed!

Yes, I'll fix it so that the error is handled and shown to the user. No one can lose money due to that bug, so I'll fit it in with the next release.

Thanks for reporting it.

Not sure if this is a bug:

If I manually change a letter in a private key and click "View Details" (wallet details tab), I don't get any error message but text and QR codes are not displayed either.

For example:
1. generate private key like: 5KjQAHniFiy18SU7eenyJ9EPYUkjrbiBPfDqw987QjT5vehVQZV
2. paste address into "Wallet Details" tab
3. manually change something, for example
  5KjQAHniFiy18SU7eenyJ9EPYUkjrbiBPfDqw987QjT5vehVQZV
  5kjQAHniFiy18SU7eenyJ9EPYUkjrbiBPfDqw987QjT5vehVQZV
  (at the beginning uppercase is changed from "5K" to "5k")
3. click "View Details"

Nothing happens... no text, no QR code, no Error message.

Would it be possible to get "CRC Error" message or something like that?

v3.1.0
https://www.bitaddress.org/bitaddress.org-v3.1.0-SHA256-c3d4d8da8fc6980435a520dff562b7f831b2f6037ec2d4dd6bf76c5321873303.html
 - add BIP38 encryption on Wallet Details tab.

Looks good. Thanks.

I'd like to be able to 'skip entropy collection', like I added to https://clamaddress.org/ (a fork of bitaddress). I took the code for that from the bitcoinpaperwallet fork.

I don't know, but you should assume that they (or your own computer) store it and will one day leak it to a hacker.

To assume anything else is dangerous. You're presumably using bitaddress.org for offline storage. Once you've entered a private key online, consider it compromised, and move any remaining funds to a new address.

Thanks pointbiz, it works perfectly!

Just a sugesiton: For intermediate user everything is clear. If you are a beginner or just started playing around with key generation and bip38 stuff,  I guess you would get lost in "Details tab".  Maybe separate tab with a little bit of explanation would help a lot.

I published a branch with bip38 encryption on the wallet details tab. It addresses the requests on this thread and the issue posted on github:
https://github.com/pointbiz/bitaddress.org/issues/44

Here is the branch:
https://github.com/pointbiz/bitaddress.org/tree/bip38walletdetails

Here is the raw html:
https://raw.githubusercontent.com/pointbiz/bitaddress.org/bip38walletdetails/bitaddress.org.html

Please take a look and give me feedback. I'm wondering if this is what people are looking for. Also, wondering if the usability is good.

Each Private Key could have a few different BIP38 keys. This is because there is more than one way to generate a BIP38 key.

Here is an example. The Paper Wallet tab would generate an "EC Multiply" BIP38 key like #1 below. It's uncompressed and uses an intermediate point derived from the passphrase then mixed with random data to make the encrypted key.
Passphrase: TestingOneTwoThree
1) EC Multiply, no compression, 6PfQu77ygVyJLZjfvMLyhLMQbYnu5uguoJJ4kMCLqWwPEdfpwANVS76gTX   5K4caxezwjGCGfnoPTZ8tMcJBLB7Jvyjv4xxeacadhq8nLisLR2

If I take the WIF key above ('5xxx') then I use it on the Wallet Details tab using the passphrase above I get this BIP38 key that does NOT use "EC Multiply".
2) no EC Multiply, no compression, 6PRNpUxL88gG5GeAGqQnEpTzLfzCNaq91m8TmMwMsAqWrfG9SA4CiMsCBJ   5K4caxezwjGCGfnoPTZ8tMcJBLB7Jvyjv4xxeacadhq8nLisLR2

If you take the compressed WIF key and use it on the Wallet Details tab using the passphrase above you'll get yet another BIP38 key because this key will keep track of the compression flag so you can generate the Bitcoin Address for the compressed public key.
3) no EC Multiply, compression, 6PYMHFJQL84b73nEHQcfQYzGbvnPGufT4VkxC9aHr2gWJBkvpnQZtJrrMk   L2ix4teikZY4kAD9k8Cqofxnpbdcr9FSREVzcsN3T1DTLkDhHDkk

To keep things simple for users I just show one key. When decrypting a BIP38 key then I just show that key. When encrypting you get the uncompressed no EC multiply BIP38 key. Unless you use the compressed WIF key then you get the compressed no EC multiply BIP38 key. I considered that these details are not important for end users. Hence, why I just show one of these versions at any given time because you can always get the same private key out anyways.

Thanks!

Great resource PointBiz, thanks very much.  Small donantion left.  

Quick question, does anyone know if Blockchain.info store the private key from a watch only address once you use on their site to authorize a payment?  i used the private key created on Bitaddress the other day to do such a thing.

again, many thanks

Looking for which browsers support getRandomValues, I found
http://caniuse.com/#feat=getrandomvalues
Does anyone here know whether dolphin browser supports getRandomValues?  Didn't find any information on it.

Sweet thanks for the explanation.

TL;DR The uniqueness gathered from your browser and the mouse movements should be enough "randomness"  for a secure wallet.

If you take the about 60 bits from browser uniqueness + current date/time and 1 bit for every mouse point (each point is worth more than one bit) and the site collects at least 200 mouse points then you have more than 256 bits (the length of a Bitcoin Private Key). This is the seed for the PRNG. If the PRNG has a flaw you are at risk. This is why the site warns people to use a browser that supports getRandomValues (OS level entropy) because if you have that then the site XORs the PRNG output with the getRandomValues output to protect you from flaws in either of those random generators.

How useless is a wallet when that random numbers warning comes up?

Great! I've been waiting for this feature patiently. Thank you for continuously improving bitaddress! I guess it's donation time again : )

The next two features I'm planning to add are:
1) improve instructions for verifying signature (.sig) vs checking the SHA256 hash.
I'm going to look at Canton Becker's bitcoinpaperwallet.com for inspiration. He's got a good tutorial for doing this.

2) wallet details tab bip38 encrypt:
https://github.com/pointbiz/bitaddress.org/issues/44