Pages:
Author

Topic: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key - page 20. (Read 153479 times)

hero member
Activity: 700
Merit: 500
Would be great to have the option for BIP38 encryption at the "Wallet Details" tab.
I like to dice roll my addresses and currently have to manually encrypt private keys.
sr. member
Activity: 437
Merit: 415
1ninja
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
@zemario,

I prefer the bulk wallet tab, to create compressed addresses. I think the entropy is fine at this point. Go generate like 100, pick 10 in the middle, and you should be fine.

Although your random gibberish should also be fine as long as it is extremely long and sufficiently random.

I don't know about the details, sorry.
full member
Activity: 194
Merit: 100
Hey, I've been aware of this site for a long time. Yesterday I generated a handful of addresses by manually entering random gebrish as the brainwallet seed.

But now that I see that this started of a little buggy (no offense intended) I'm not sure I want to use those adresses.

Tis thread is quite long, could anyone provide more details (or link to them) about how the first bounty was collected?
sr. member
Activity: 437
Merit: 415
1ninja
v2.7.1
https://www.bitaddress.org/bitaddress.org-v2.7.1-SHA1-6dfa290d1a133fc444c5580e2a8f1f890d5edf17.html
 - more entropy for the PRNG seed.
 - use ?showseedpool=true to see the contents of the seed pool in hex.
sr. member
Activity: 249
Merit: 256
Try Purse Instant! https://purse.io/instant
Just used it for first time today to pass out Christmas gifts at the office. It was well received but a pain in the ass to load up each wallet individually. Is it possible to provide a URI that'll automatically send 1 transaction of fixed size to each of the wallet generated?
sr. member
Activity: 437
Merit: 415
1ninja
sr. member
Activity: 437
Merit: 415
1ninja
I translated bitaddress.org (v2.6.2; I'll take care of the latest changes asap) into German. How should I go about submitting it?

I answered you in PM but incase other people are wondering for other languages the best way to submit translations is to fork the code at github:
https://github.com/pointbiz/bitaddress.org

And submit a pull request.

You just need to modify the file:
src/ninja.translator.js
newbie
Activity: 2
Merit: 0
I translated bitaddress.org (v2.6.2; I'll take care of the latest changes asap) into German. How should I go about submitting it?
legendary
Activity: 2940
Merit: 1333
One or two of the operators stated that depositing more than one time to the public address of a printed bitaddress "wallet"/keypair will create too many signatures which the hackers will use to decode the private address.

You're probably talking about this issue:
  https://bitcointalksearch.org/topic/bad-signatures-leading-to-5582152538-btc-theft-so-far-271486

Spending multiple times from the same address will allow hackers to deduce your private key if the random number generator in the client you're using to do the spending is no good.  There's no danger in sending multiple times to the same address (except that when you come to spend the coins you deposited, you are effectively spending multiple times from that address).

It's only when you come to spend from the address that the risk exists.
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)

I don't think that's a real problem because the pool of dice generated possible private keys is still huge. But I would prefer a dice method that covers the full range of possible private keys. 100 rolls should be enough, but that could produce number that are too large.
Is there any easy solution to this?

not really...

You are getting 255.91 bits of entropy with 99 dice rolls.  The idea that you're losing almost 6% of "something" makes it sound much scarier than it is.

I will bet that a private key that has only 224 random bits is still for all intents and purposes secure, even though 99.999999999%+ of the key space is being left on the table.

And then, keep in mind that a bitcoin address only has 160 bits of entropy in the first place.
hero member
Activity: 700
Merit: 500
v2.6.2 support input of a private key in base6 format which shall be defined as:
99 characters (1,2,3,4,5,0) where 1=1 and 6=0

This allows you to create a private key with physical randomness with 99 rolls of a die. Use 3 dice and do 33 rolls.
Then enter the 99 character string into the wallet details tab of bitaddress.org and you've got yourself a truly randomly generated bitcoin wallet.

When using 99 rolls, the highest base6 number one could come up would be this:
Code:
555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555

This results in this hex private key:
Code:
F0BB8A1BBDE9163B9E053E8F918BF8E4D34034D7FFFFFFFFFFFFFFFFFFFFFFFF

I'm quoting from the Bitcoin wiki:
Quote
Nearly every 256-bit number is a valid private key. Specifically, any 256-bit number between 0x1 and 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141 is a valid private key.

Now there's quite a large amount of numbers between
the highest dice generated number at F0BB8A1BBDE9163B9E053E8F918BF8E4D34034D7FFFFFFFFFFFFFFFFFFFFFFFF
and
the upper limit at FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141

It seems the 99-rolls dice method is not using the full range of possible private keys, leaving the upper 5.96% of possible keys untouched.

I don't think that's a real problem because the pool of dice generated possible private keys is still huge. But I would prefer a dice method that covers the full range of possible private keys. 100 rolls should be enough, but that could produce number that are too large.
Is there any easy solution to this?

In any case, I love the principle of rolling my own private keys and not being dependent on software RNGs.
newbie
Activity: 7
Merit: 0
To Pointbiz, et al...

Guys I was reading up in bitcoin's freenode irc room about some people arguing against paper wallets like yours versus Armory's paper wallet.

One or two of the operators stated that depositing more than one time to the public address of a printed bitaddress "wallet"/keypair will create too many signatures which the hackers will use to decode the private address.

But doesn't bitaddress not create signatures to begin with??? Can you guys explain this a little bit to a beginner like myself?

I already know that the random mouse movement and printing everything offline, in a livecd linux, will create a very secure unique set of addresses, but then when bitcoin veterans would advise against using bitaddress puts me in a dilemma on what to use.


Thank you so much and more power to all of you.
newbie
Activity: 26
Merit: 0
v2.6.2 support input of a private key in base6 format which shall be defined as:
99 characters (1,2,3,4,5,0) where 1=1 and 6=0

This allows you to create a private key with physical randomness with 99 rolls of a die. Use 3 dice and do 33 rolls.
Then enter the 99 character string into the wallet details tab of bitaddress.org and you've got yourself a truly randomly generated bitcoin wallet.


If throwing 3 dice... would need to ensure you don't introduce any bias such as reading from lowest to highest. Would be best to read dice from left to right as they fell.

This is nice. The hex format can be confirmed with this I think -

echo 'obase=16; ibase=6; 0123450123450123450123450123450123450123450123450123450123450123450123450123450 12345012345012345012' | bc

Nice to not have to rely on computer rng.




legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
I have used 2.6.1 to generate my bulk addresses, can anyone confirm that the generated keys are safe? Sorry kind of noob questions but better safe than sorry

If you generated it on an offline computer, it is safe. You can also attempt to import the private keys into your client to see if it accepts them, using an offline computer.

bitaddress is great as is but I still have a small feature request.
Would you consider to add the option to show an extra textbox with only the public keys? this would make saving them digitaly easier.

I used to grab the whole bulk text, save it as a file, and import the whole thing into a spreadsheet. Then you can save a version with only the public keys after you delete the private keys.

I now use vanitygen to generate bulk addresses since it works faster and I can even use a short prefix if I wanted.
full member
Activity: 196
Merit: 100
bitaddress is great as is but I still have a small feature request.
Would you consider to add the option to show an extra textbox with only the public keys? this would make saving them digitaly easier.

thanks

legendary
Activity: 1320
Merit: 1007
Here is a feature request that I think would help assuage people's fears about random number generation, which have become more valid the more we hear about NSA-rigged RNG.

Right now, the script collects entropy by way of mouse movements.

I propose that the script also collect some additional entropy by way of the keyboard.

When the script generates new private keys, the private key should be SHA256(user-entered-string | prng-generated-string) (where | is concatenation).  
I agree and consider this a high priority item on the TODO.



Hi, wondering if this was implemented in 2.6.1?

I have used 2.6.1 to generate my bulk addresses, can anyone confirm that the generated keys are safe? Sorry kind of noob questions but better safe than sorry
legendary
Activity: 3038
Merit: 1032
RIP Mommy
How do we know the website isn't storing our private keys?

You download it to an airgapped computer, using the website live is only proof of concept.
sr. member
Activity: 322
Merit: 250
How do we know the website isn't storing our private keys?
legendary
Activity: 1708
Merit: 1020
Is printing safe on linux?
If you use a live cd it is and your printer doesn't store print jobs in memory.
As long as it only uses the ramdisk for temporary files and not a hard drive....   can you recommend one?

So printing from a normal linux machine will potentially leave traces/keys on the system just as printing from a windows machine does? Maybe bitaddress.org should warn about that.

It would be cool to have a Bitcoin Live CD with a hardened system, bitaddress and some nice tools ready to go.
Pages:
Jump to: