[ANN] bitaddress.org Safe JavaScript Bitcoin address/private key - page 19.

bitpop

legendary

Activity: 2912

Merit: 1060

Quote from: fluffypony on January 20, 2014, 03:43:07 AM

Heya - how hard would it be to add BIP-38 for brainwallet addresses? You already have an implementation for paper wallet addresses, but adding it to brainwallets would dramatically increase security on them (imho).

I dont think that's possible as there's nothing to encrypt.

fluffypony

donator

Activity: 1274

Merit: 1060

GetMonero.org / MyMonero.com

Heya - how hard would it be to add BIP-38 for brainwallet addresses? You already have an implementation for paper wallet addresses, but adding it to brainwallets would dramatically increase security on them (imho).

bitpop

legendary

Activity: 2912

Merit: 1060

Quote from: pointbiz on January 19, 2014, 02:25:03 PM

Quote from: bitpop on January 19, 2014, 01:52:16 AM

Any plans to fix the ssl chain to remove ssl warnings?

Sorry. Fixed.

Sweet, won't scare the mugus any more

pointbiz

sr. member

Activity: 437

Merit: 415

1ninja

Quote from: bitpop on January 19, 2014, 01:52:16 AM

Any plans to fix the ssl chain to remove ssl warnings?

Sorry. Fixed.

bitpop

legendary

Activity: 2912

Merit: 1060

Any plans to fix the ssl chain to remove ssl warnings?

pointbiz

sr. member

Activity: 437

Merit: 415

1ninja

v2.8.1
https://www.bitaddress.org/bitaddress.org-v2.8.1-SHA1-a6e63f2712851710255a27fa0f22ef7833c2cd07.html
- Czech translation
- remove firstbits link
- fix mouse movement visualization for Firefox and IE

phelix

legendary

Activity: 1708

Merit: 1020

Quote from: pointbiz on January 18, 2014, 12:41:51 AM

v2.8.0
https://www.bitaddress.org/bitaddress.org-v2.8.0-SHA1-87dcf19f02ee9fb9dd3a8c787bcf52eef944aa82.html
- more entropy from browser fingerprinting for PRNG seed
- user can add entropy through URL hash tag
- seed mouse movement as 16-bit number
- whole seed pool initially filled by window.crypto.getRandomValues
- added textbox as an alternative input source for entropy
- address will not generate without a minimum amount of human added entropy
from mouse or keyboard
- discard mouse movements less than 40ms apart
- visualize points of entropy collection from the mouse

cool

pointbiz

sr. member

Activity: 437

Merit: 415

1ninja

v2.8.0
https://www.bitaddress.org/bitaddress.org-v2.8.0-SHA1-87dcf19f02ee9fb9dd3a8c787bcf52eef944aa82.html
- more entropy from browser fingerprinting for PRNG seed
- user can add entropy through URL hash tag
- seed mouse movement as 16-bit number
- whole seed pool initially filled by window.crypto.getRandomValues
- added textbox as an alternative input source for entropy
- address will not generate without a minimum amount of human added entropy
from mouse or keyboard
- discard mouse movements less than 40ms apart
- visualize points of entropy collection from the mouse

canton

sr. member

Activity: 261

Merit: 285

Quote from: bruter on January 14, 2014, 01:51:56 PM

would you add wallet creation using coin

Lucky you! You can already do this.

1) click on "Wallet Details"

2) flip your coin(s) and record the results as 0's and 1's in the "Enter Private Key" field

3) click "View Details" and agree to have your 0101010... "key" used as a SHA256 hash.

Financisto

hero member

Activity: 640

Merit: 771

BTC⇆⚡⇄BTC

Quote from: CryptoMine on January 13, 2014, 04:07:19 PM

How would I modify this script for another coin? e.g. CatCoin, EarthCoin etc..

People did that already, see http://www.liteaddress.org

Most altcoin supported at the moment is http://www.brainwallet.org

bruter

newbie

Activity: 18

Merit: 0

pointbiz,
would you add wallet creation using coin.

To create a Bitcoin private key you only need one coin which you roll 256 times. Stopping each time to record the value of the coin. When recording the values follow these rules: head (of a coin) = 0, tail (of a coin) = 1. By doing this you are recording the big random number, your private key, in B2 or base 2 format.

CryptoMine

member

Activity: 112

Merit: 10

How would I modify this script for another coin? e.g. CatCoin, EarthCoin etc..

zemario

full member

Activity: 194

Merit: 100

What is wrong with typing in random stuff in the brainwallet input? Honest question? Just write stupid stuff and it should be pretty unique. Methods of collecting entropy automagically can be dangerous in the way that sometimes they are not so random as people would expect.
Wasn't this the problem with android's wallet app?

phelix

legendary

Activity: 1708

Merit: 1020

Quote from: casascius on January 06, 2014, 12:08:51 PM

I do wish that BitAddress entropy were improved in a verifiable way by offering to accept a "keyboard mash" string from the user and then incorporating that entropy in an auditable way*, but on the other hand, I do at least believe that it takes more than an initial mouse position as entropy so long as mouse move events are being sent to the page.

It is something I'd like to know was studied more, especially since people could be not moving their mouse, or be on a touch screen and not be able to really provide the sort of input the program was written to expect.

* example of auditable way: collect a string (minimum 80 characters, ask user to type gibberish) from the user, and then use something like SHA256(rng_generated_random_string + user_entered_random_string + n + constant salt) to generate private keys

+1

adrian33

member

Activity: 118

Merit: 10

In the latest Chrome on Windows the page is corrupted. It's fine in Firefox and IE.

minimalB

donator

Activity: 674

Merit: 523

Everytime new version is ready, pointbiz posts an announcement here.

This upcoming version is really what we were looking for! Thanks in advance, pointbiz!

ajk

donator

Activity: 447

Merit: 250

hi

noticed an update on github and was wondering if there will be announcement made here to make it official

thanks for continuing your efforts on this project,

pointbiz

sr. member

Activity: 437

Merit: 415

1ninja

Quote from: Its About Sharing on January 06, 2014, 08:33:25 AM

Has anyone come across the concerns raised by Mike Woods here in this thread?
He said bitaddress.org is far from secure. Not a very long thread, would appreciate comments from those of you who really understand this area.

https://bitcointalksearch.org/topic/check-out-my-awesome-site-for-generating-secure-offlineaddresscom-399452

A quote from that thread:

Quote

BitAddress.org is a great site, it had a good run, and it helped a lot of people for the last two years. But, it's far from perfect...

BitAddress uses only initial mouse position - which gives you about 20 bits that have fine entropy (and that mouse position is picked even if you don't move your mouse at all [not the case on my site]).

Having just 20 bits is enough to set up the seed, but not even enough for one private key created using true randomness, and you need new bits with good entropy for other addresses.
(Random numbers generated from seed have entropy equal to size of the seed - that's why they are called pseudorandom, and shouldn't be used for any security mechanisms: https://en.wikipedia.org/wiki/Pseudorandomness#Cryptography . Using pseudorandom numbers for storing your money is next to insane.)

Let's say you want to create 1000 addresses - that require around 1000*32*8 or around 500 000 bits of entropy, but instead you're using just 20 bits - so if you guess that 20 bits you'll have access to all 1000 addresses (which makes it worth for someone to brute force)

Other problems with BitAddress.org are:
- You are online while generating addresses - so you can't generate "offline" addresses, and also brings up the question if your browser or operating system is infected...
(- I also think that the site is not elegant enough with too much information that aren't necessary for average Bitcoin user (just my personal opinion)).

I replied here:
https://bitcointalksearch.org/topic/m.4358491

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

I do wish that BitAddress entropy were improved in a verifiable way by offering to accept a "keyboard mash" string from the user and then incorporating that entropy in an auditable way*, but on the other hand, I do at least believe that it takes more than an initial mouse position as entropy so long as mouse move events are being sent to the page.

It is something I'd like to know was studied more, especially since people could be not moving their mouse, or be on a touch screen and not be able to really provide the sort of input the program was written to expect.

* example of auditable way: collect a string (minimum 80 characters, ask user to type gibberish) from the user, and then use something like SHA256(rng_generated_random_string + user_entered_random_string + n + constant salt) to generate private keys

Its About Sharing

legendary

Activity: 1442

Merit: 1000

Antifragile

Has anyone come across the concerns raised by Mike Woods here in this thread?
He said bitaddress.org is far from secure. Not a very long thread, would appreciate comments from those of you who really understand this area.

https://bitcointalksearch.org/topic/check-out-my-awesome-site-for-generating-secure-offlineaddresscom-399452

A quote from that thread:

Quote

BitAddress.org is a great site, it had a good run, and it helped a lot of people for the last two years. But, it's far from perfect...

BitAddress uses only initial mouse position - which gives you about 20 bits that have fine entropy (and that mouse position is picked even if you don't move your mouse at all [not the case on my site]).

Having just 20 bits is enough to set up the seed, but not even enough for one private key created using true randomness, and you need new bits with good entropy for other addresses.
(Random numbers generated from seed have entropy equal to size of the seed - that's why they are called pseudorandom, and shouldn't be used for any security mechanisms: https://en.wikipedia.org/wiki/Pseudorandomness#Cryptography . Using pseudorandom numbers for storing your money is next to insane.)

Let's say you want to create 1000 addresses - that require around 1000*32*8 or around 500 000 bits of entropy, but instead you're using just 20 bits - so if you guess that 20 bits you'll have access to all 1000 addresses (which makes it worth for someone to brute force)

Other problems with BitAddress.org are:
- You are online while generating addresses - so you can't generate "offline" addresses, and also brings up the question if your browser or operating system is infected...
(- I also think that the site is not elegant enough with too much information that aren't necessary for average Bitcoin user (just my personal opinion)).

Topic: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key - page 19. (Read 153371 times)