Topic: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key - page 43. (Read 153002 times)

I'm glad Casascius can generate on his iPhone4. Unfortunately for my device and yours we are pretty much out of luck.

There is a technique to use setTimeout to split up the JavaScript work into batches so it doesn't trigger a browser timeout (for desktop browsers usually you get a popup asking if you want to stop the script or wait). This technique is useful when you can do bulk processing but it's not wise to implement this technique to facilitate 1 address generation because the execution path and variable scopes change when you call setTimeout.
It's mentioned here in the top answer:
http://stackoverflow.com/questions/4402012/avoiding-timeouts-on-iphone

This is so close to having a low-tech Do-It-Yourself paper-based solution for merchants.

With this, the merchant pre-prints out a batch of these with the public-key only (and its QR Code) on paper (such as blank personal check paper stock)  (see below)
 http://www.amazon.com/VersaCheck-Refills-Personal-Wallet-Prestige/dp/B00134O78S

And then generated is the merchant's master (see below) to be kept secure which contains the public-key (& QR Code) and also the private key (& QR Code) for redeeming.

Then at the point of sale the cashier has a supply of these pre-printed "check" blanks with Bitcoin addresses (see below).

When the purchase occurs, the cashier fills in the amount and invoice # (or other identifier for matching to the point of sale transaction) and provides the check blank to the customer.  The customer, using a mobile, scans the QR code and sends the bitcoins.

The merchant's back-office already has the address registered with BitcoinNotify.com so when payment is made (on 0/unconfirmed) an email (or SMS) is received.
  - http://bitcoinnotify.com

The cashier places the check in the drawer as the customer has paid and proceeds with completing the sale.

After the shift, the merchant's bookkeeper matches up the checks from the drawer against the corresponding master which has the private key, scans the key and spends those funds to the merchant's master wallet / consolidation address.  The "master" strip can then be stapled to the check and archived for records storage without having to further worry about securing the private key.

This could work.

Here's what I picture a batch of three checks looking like:  [Edit: obviously, each of the three would have a unique bitcoin address code, but being lazy, I just did a copy and paste using the same code for all three]


And the merchant's masters corresponding to the checks:

I am not sure this applies in this case.  Rainbow attacks help attackers take a large number of hashes and try to recover plaintext from as many as possible with the same effort.  In wallet generation, the hashes are used as private keys which the attacker has no access to (or else if he gets the private keys, his attack has already succeeded, there's no value in recovering the plaintext itself).  This advice is useful for someone operating a website and storing hashed passwords in a database, but I believe it has no application for wallet generation.

Although I agree that the linked wiki article discusses it and recommends the user enter a "salt"... what practical difference would there be between the user entering a "salt" into a separate field, versus simply appending some extra characters to their passphrase?  They will be concatenated anyway, so none from what I can tell.  Salt in most other contexts is not something chosen by a user, rather it is something added by an application outside the user's control.

Actually I am not using an iPhone. It's a 2G iPod Touch with iOS 4.2.1 (so yes, it is a slow device).

You should always use a salt when generating a deterministic wallet. The salt should be globally unique and easy to remember. An email address has those properties, and makes a rainbow attack impractical. This wiki discusses how it is done for the BCCAPI: http://code.google.com/p/bccapi/wiki/SecurityAndDeterministicWallets
The BCCAPI is opensource and available here: http://code.google.com/p/bccapi/

I am able to generate addresses on my iPhone 4... it is a bit slow but not unreasonable.  Couple of seconds.

Casascius, yes, I was thinking of the iPhone screenshot capability.

nmat, Debug Console huh... never noticed that option before. I confirm I see the timeout error, that would explain why I thought the try/catch wasn't working. I put a try/catch around generating the bitcoin address. It appears things are timing out in the "am3" function. I did notice in Safari 3.2.3 for Windows generating was painfully slow so I'd assume the iPhone Safari is processing the JavaScript at a snail's pace and timing out.

The mouse thing would cause trouble on an iPhone but I implemented a timeout which forces the bitcoin address generation after a few seconds and I confirmed that code it being called, the private key gets generated but things timeout when trying to create the public key. I checked on the older versions and they all timeout on Safari Mobile 4.

I didn't thought of that. Interesting idea.

It's version 5. I enabled debug console and it shows an error after a while:

I'm pretty sure it worked before you introduced the mouse thing.

On a cell phone, how would you use such a thing?

On an iPhone you can take a screenshot by pressing both hardware buttons... do you mean that?  If so, that's an unusual way to do it, though it would work.  Otherwise, the private key will disappear as soon as you touch the window and the funds will be gone.

What part of the code necessitates a try/catch?

A cellphone might be a good place to use this for a disposable address if someone wants to pay you and you don't have a bitcoin wallet handy.

I tested on a physical iPhone 3G Safari 4 and it doesn't work. I tested on Safari 3.2.3 for Windows and it works.
It appears that the Mobile Safari doesn't even support try/catch properly so there is little chance I can get this thing working on an iPhone.

Do you have Safari Mobile 4 or 5 ?

Android wallets autosend? There's no, "Hey, you're about to send 5 BTC to x" feature? I thought instapay was what NFC was for, not QR codes.

v0.6
http://www.bitaddress.org/bitaddress.org-v0.6-SHA1-1cea2d8c437d49c550b9ec1cfc5d02ac85e8199e.html
 -Removed QRCode donation address

Random suggestion: Your donation address shouldn't be a QR code.  You might get random donations if someone's scanner accidentally picks it up, but the problem is that those donations would be unintended and undesirable.

v0.5

http://www.bitaddress.org/bitaddress.org-v0.5-SHA1-7ea8d0e32c3583d369dc4079443e0d6e215ac216.html

2011-09-19: status ACTIVE
bitaddress.org-v0.5-SHA1-7ea8d0e32c3583d369dc4079443e0d6e215ac216.html
 -DO NOT USE VERSION 0.1 TO 0.4! They infrequently could generate bad keys.
 -Bug Fixed: v0.1 to v0.4 included a bug in the Elliptic Curve function:
   ec.PointFp.prototype.getEncoded
   The X and Y integers that were less than 32 bytes were not being zero padded.
   They are now zero padded which fixes the bug in generating public keys.
 -Bug Fixed: v0.3 and v0.4 had a bug in the Wallet Import Format function:
   ECKey.prototype.getBitcoinWalletImportFormat
   Private keys there were less than 32 bytes were not being zero padded.
   They are now zero padded which fixes the bug in generating private keys.
 -Requires IE8+, Firefox, Chrome or sufficient JavaScript support.
 -Added function to build a CSV list of addresses and keys.
   Not supported in the GUI yet.
 -Added a timeout to override the mouse move detection. Therefore, if the user
   has not moved his mouse before a certain random expiry the address and key
   will then be generated. This helps for mobile devices.

I tested the CSV file of 10,000 addresses you sent me (pointbiz) and all of them passed.  Woo hoo!

Sorry guys, I goxed on that. The site is down until the fixed version is live. V0.1 to V0.4 are permanently down. Please don't send BTC to addresses you generated with those versions unless you've double checked the private key and bitcoin address with pywallet or something else. Only a tiny percentage of addresses were bad. However, only zero percent is acceptable. My apologies.

Or put it offline for the time being.

Perhaps you should edit your first post in this thread to say that.  I had to get to page 3 before seeing any kind of a warning.

Preview of patched function:

The integerToBytes function has a while loop to pad the zeros, so we should be okay if there needs to be more than 1 leading zero byte.

Thank you for the fix for the private key as well!! I will work on getting this patched up and send you a PM with a big CSV.

This might be the answer to your other issue:

See current code:


Where I have marked "right here", I think the problem would be solved if you added this line:

while (bytes.Length < 32) bytes.unshift(0x00);

(assuming bytes.Length is how you get the number of bytes in the array?  I don't do much javascript)

When done, if you (or TTBit, thanks) can send me a large CSV file full of private keys with bitcoin addresses generated by this updated code, I already have some test code ready to verify them.  Send me 10,000 or more if possible.