Pages:
Author

Topic: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key - page 12. (Read 153479 times)

sr. member
Activity: 437
Merit: 415
1ninja
sr. member
Activity: 437
Merit: 415
1ninja
sr. member
Activity: 437
Merit: 415
1ninja
v2.9.9
https://www.bitaddress.org/bitaddress.org-v2.9.9-SHA256-90ddaf250f6302acb53945128e38225208af5a2fa7cfdf51519213e8b144a76d.html
 - improve tab usability. You can now get to the Brain Wallet and Wallet Details tabs before
   completing the entropy collection.
sr. member
Activity: 437
Merit: 415
1ninja
If an offline wallet was created in a version previous to v2.9.7 it could be hacked?  Like created on a computer that has never/will never touch the web.

No.

All "ACTIVE" versions listed here are safe to use:
https://www.bitaddress.org/CHANGELOG.txt.asc
legendary
Activity: 1722
Merit: 1000
If an offline wallet was created in a version previous to v2.9.7 it could be hacked?  Like created on a computer that has never/will never touch the web.
legendary
Activity: 1512
Merit: 1012
French traduction : cosmetics corrections.

- displayed on the French start-up page (automated language detection)

English : OR type some random characters into this textbox

French : OU veuillez taper des caractères aléatoires dans le rectangle blanc suivant


---


- displayed on paper wallet section

English : Passphrase required for BIP38 key

French : Mot de passe a inventé pour crypter en BIP38



English : BIP38 Encrypt?

French : Cryptage en BIP38 ?



French : Retirer Le Style?

French correction : Enlever l'image ?
donator
Activity: 674
Merit: 523
I like the feature that allows me to enter 99 dice rolls to generate a truly random address, but it is lacking the ability to encrypt the keys with BIP38 and so leaves the paper wallet vulnerable to physical theft.

How hard would it be to allow BIP38 encryption on the 'details' tab?  It seems I currently have to choose between allowing bitaddress to generate the randomness or having my paper wallets unencrypted.  Please let me use true randomness and encryption at the same time.  Smiley

I guess pointbiz will integrate this soon, but in the mean time - it is possible to do it here, this is (sort-of) a fork of bitaddress project with some extra features.
https://github.com/cantonbecker/bitcoinpaperwallet

Hope this helps.
full member
Activity: 194
Merit: 100
Could you paste your pgp signature here at bitcointalk instead? Copy paste it into the opening message for example. It doesn't make much sense get it from the same website which authenticity I am trying to verify, specially over plain http.

Yes, done.

Thank you. sorry I didn't suggest this at first, but in adition to posting the key here (which greatly improves security) you could also upload it to a key server and update the tutorial to retrieve the key from a key server instead of from bitaddress.org.

It is fairly simple to do:
https://www.gnupg.org/gph/en/manual/x457.html

Anyway. Great work, been using it even more frequently as of lately. It is my favourite way of generating addresses as I can manually enter randomness, while many other wallets and address generators rely simply on RNGs which have been attacked repeatedly. All has been great using Bitaddress+mycelium.

I have another feature request if you're up to it:
in the wallet details tab, if the entered private key is bip38 encrypted, you could show the encrypted private key in HEX format too.

Either way, big thanks and keep up.
sr. member
Activity: 437
Merit: 415
1ninja
Could you paste your pgp signature here at bitcointalk instead? Copy paste it into the opening message for example. It doesn't make much sense get it from the same website which authenticity I am trying to verify, specially over plain http.

Yes, done.
sr. member
Activity: 437
Merit: 415
1ninja
Has anybody noticed CVE-2014-6342?  
http://www.symantec.com/security_response/vulnerability.jsp?bid=70341

Many hosts are now actively blocking bitaddress.org.html. 

It seems that our method of stuffing a png file in a webpage is no longer compliant.  Is there a branch out there that uses a different style?  

Any update on whatever came of this?



The problem went away after the next Symantec update.
legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF
Could you paste your pgp signature here at bitcointalk instead? Copy paste it into the opening message for example. It doesn't make much sense get it from the same website which authenticity I am trying to verify, specially over plain http.

The link to the public key is in pointbiz' sig: http://pgp.mit.edu/pks/lookup?op=get&search=0x87497B9163974F5A
full member
Activity: 194
Merit: 100
Could you paste your pgp signature here at bitcointalk instead? Copy paste it into the opening message for example. It doesn't make much sense get it from the same website which authenticity I am trying to verify, specially over plain http.
hero member
Activity: 836
Merit: 1007
"How do you eat an elephant? One bit at a time..."
Has anybody noticed CVE-2014-6342?  
http://www.symantec.com/security_response/vulnerability.jsp?bid=70341

Many hosts are now actively blocking bitaddress.org.html. 

It seems that our method of stuffing a png file in a webpage is no longer compliant.  Is there a branch out there that uses a different style?  

Any update on whatever came of this?

sr. member
Activity: 437
Merit: 415
1ninja
Hi,

I would like to BIP 38 encrypt my DICE generated private addresses.

Are you going to implement it?

Thank you.

Yes. When I find some time Smiley
sr. member
Activity: 263
Merit: 280
Hi,

I would like to BIP 38 encrypt my DICE generated private addresses.

Are you going to implement it?

Thank you.
newbie
Activity: 17
Merit: 0
Thanks mate! Guys like you keeps my belief alive in the community.

Cheers!   Smiley
sr. member
Activity: 437
Merit: 415
1ninja
Hi Pointbiz,

First off thanks for a great tool!!

Had a small nagging query:

Can I safely use symbols like:  ~ `  ! @ # $ % ^ & * ( ) _ + { } | [ ]\ / * - +  

and also other advanced special characters like  Æ Ç Ë Ì Ð § © µ ý  (full list here http://symbolcodes.tlt.psu.edu/accents/codealt.html)

I want to use all the above special characters along with the mouse movement entropy to get a super secure key pair.

I will be putting all my life savings into it, so don't wanna take any chances. Would really appreciate if you clarify this nagging doubt!! Thanks.


Are you asking about the Paper Wallet tab? If so, for the BIP38 encryption, yes, you can use those specific special characters. And advanced ones the page is unicode. Please make sure any wallet you encrypt with BIP38 that you check on the Wallet Details tab to make sure you can decrypt it and that the Bitcoin Addresses match on both tabs. Make sure to print back up copies. Put the paper inside ziplock bags. Have a copy in a locked safe place.

Are you asking about the Brain Wallet tab? If so, then stop. Don't use a brain wallet to secure your life savings.


In general, you should spread your savings over more than 1 Bitcoin Address. You may want to spend a small portion later and it's safer to not put everything on 1 private key that you may later expose to a device that contains malware.

You might also want to read the FAQ on the Wallet Details tab "How do I make a wallet using dice?". Using physical randomness will get you the super secure key you truly desire.



Hey pointbiz!  Smiley

I will be using these special characters on the bitaddress.org homepage.

Would be typing in the characters in the box along with the mouse movements.

Yes, I will be generating couple of address and distribute savings into each of them. To be super secure, I have already bought  a completely offline system, will boot from live Ubuntu CD, download your software  >> verify the hash  & >> verify the signature.

I guess I am doing the correct procedures. PLEASE bump me if I am wrong anywhere above, including use of special characters on the homepage. Means a lot. Thanks.

Your procedure is correct.

On the homepage, where the entropy is collected. The input box looks at which key you pressed. I doubt you have those advanced special characters on your keyboard. Each time you press down on a key in that input box it takes into consideration which key it was. Not what character shows on the screen from you pressing and holding a combination of keys.

Here's a reference table:
http://protocolsofmatrix.blogspot.ca/2007/09/javascript-keycode-reference-table-for.html

Just focus on pressing different physical keys on your keyboard.
newbie
Activity: 17
Merit: 0
Hi Pointbiz,

First off thanks for a great tool!!

Had a small nagging query:

Can I safely use symbols like:  ~ `  ! @ # $ % ^ & * ( ) _ + { } | [ ]\ / * - +  

and also other advanced special characters like  Æ Ç Ë Ì Ð § © µ ý  (full list here http://symbolcodes.tlt.psu.edu/accents/codealt.html)

I want to use all the above special characters along with the mouse movement entropy to get a super secure key pair.

I will be putting all my life savings into it, so don't wanna take any chances. Would really appreciate if you clarify this nagging doubt!! Thanks.


Are you asking about the Paper Wallet tab? If so, for the BIP38 encryption, yes, you can use those specific special characters. And advanced ones the page is unicode. Please make sure any wallet you encrypt with BIP38 that you check on the Wallet Details tab to make sure you can decrypt it and that the Bitcoin Addresses match on both tabs. Make sure to print back up copies. Put the paper inside ziplock bags. Have a copy in a locked safe place.

Are you asking about the Brain Wallet tab? If so, then stop. Don't use a brain wallet to secure your life savings.


In general, you should spread your savings over more than 1 Bitcoin Address. You may want to spend a small portion later and it's safer to not put everything on 1 private key that you may later expose to a device that contains malware.

You might also want to read the FAQ on the Wallet Details tab "How do I make a wallet using dice?". Using physical randomness will get you the super secure key you truly desire.



Hey pointbiz!  Smiley

I will be using these special characters on the bitaddress.org homepage.

Would be typing in the characters in the box along with the mouse movements.

Yes, I will be generating couple of address and distribute savings into each of them. To be super secure, I have already bought  a completely offline system, will boot from live Ubuntu CD, download your software  >> verify the hash  & >> verify the signature.

I guess I am doing the correct procedures. PLEASE bump me if I am wrong anywhere above, including use of special characters on the homepage. Means a lot. Thanks.
sr. member
Activity: 437
Merit: 415
1ninja
Try to download again. Earlier version is working fine for me, haven't updated it. maybe some downloading error. Download bitaddress(English) zip : https://github.com/pointbiz/bitaddress.org/archive/v2.9.8.zip

   ~~MZ~~

Thanks if you were trying to help me. But I seem to get the same outcome after downloading v2.9.8.

Thanks

Are you on a tablet or mobile phone? The tabs only appear after supplying the mouse movement entropy or keyboard entropy.
Pages:
Jump to: