Author

Topic: [ANN] coinglacier.org | Browser Tools for Bitcoin Cold Storage (Read 310 times)

newbie
Activity: 12
Merit: 0
Hi guys, I would like to know, from who is able to analyze code, if this project is completely reliable. Thank you in advance!
newbie
Activity: 10
Merit: 6
New Bugfix Release: 1.1.1

Please download the latest version for further use.

SHA256 checksum: 9d0836a2b43a1661190146762786b3a21956c8192e57f6b18fa666a1266b47da
newbie
Activity: 10
Merit: 6
New Release: 1.1.0

* UI improvements
    * Always reset view on opening of HTML file
    * Spinner in print button
    * Decrypt PrivKey: Block input fields while decryption process is on-going
* Dockerized build process
* Updated dependencies
* Enable donations over Lightning

SHA256 checksum: 45288e949fb491f8833971edd4e42665cf1a619b6712114c2ecb14c5970ce218
newbie
Activity: 10
Merit: 6
coinglacier.org is NOT affected by this vulnerability:
https://github.com/dominictarr/event-stream/issues/116
newbie
Activity: 10
Merit: 6
There's a video series on YouTube about Bitcoin security and it also includes a comprehensive tutorial of coinglacier.org:

https://www.youtube.com/watch?v=6RO4aGOBulY&list=PLw2CWTI2tWri1NkoE6GSVHdwXjJUngAE2
newbie
Activity: 10
Merit: 6
nice tool! site looks neat, everything works perfectly and it seems to be the first tool to create a paper wallet with Mnemonic and Segwit! Smiley
I think so too, at least it was this perceived lack that motivated us to start developing.
jr. member
Activity: 57
Merit: 4
nice tool! site looks neat, everything works perfectly and it seems to be the first tool to create a paper wallet with Mnemonic and Segwit! Smiley
newbie
Activity: 10
Merit: 6
Nice application, ...

Also, the 3 details on bottom left is appreciated Smiley
Glad you like it  Smiley

1. Any details about "coinglacier.org calculates some entropy for you"?
With pleasure. Coinglacier.org uses cryptographic secure random numbers provided by your browser: https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues . This should be safe. However, as an additional security measure, we add more entropy on top of this, in case there is an unexpected flaw in your browsers implementation of Crypto.getRandomValues(). This is the part that is time consuming at the startup of the page. We do this through the use of the NPM package "more-entropy": https://www.npmjs.com/package/more-entropy

What it does is it runs some calculations in the background and measures the time used for each calculation. The resulting times are then used as the additional entropy which we XOR with the entropy from Crypto.getRandomValues().
This is basically the counterpart to moving your mouse around on bitaddress.org .

2. Sometimes, QR code generation is long (10-30s for 3 address) on offline browser (Firefox 60)
Hmmm.. interesting. Is it only the QR codes that takes long to load or also the addresses and private keys? Also, does it only happen when you password encrypt your private keys? In the case that would be normal, because the BIP38 decryption is rather resource consuming by design. This is not a bug, but a feature. Since the procedure takes so long, it is much harder for an attacker to brute force your password.

3. Any plans to support create encrypted private key on single wallet?
That could easily be implemented if people desire it. The idea was to have a very easy "single wallet" page, without all the options and leave the more advanced stuff for the "paper wallet" page. Of course you can also generate a paper wallet containing only one single address there.
sr. member
Activity: 807
Merit: 423
hero member
Activity: 672
Merit: 526
Thank you for your feedback!
One question about this one:
Quote
In the paperwallet section, it would be better separate a little more the private keys from the public keys.
--> What browser do you use? On a desktop/tablet/smartphone?

Ubuntu Desktop Chrome.  When I make a paper wallet using bitaddress The print wallet makes the public key very far away from the secret. In your template, The address is to close.
newbie
Activity: 10
Merit: 6
Thank you for your feedback!
One question about this one:
Quote
In the paperwallet section, it would be better separate a little more the private keys from the public keys.
--> What browser do you use? On a desktop/tablet/smartphone?
hero member
Activity: 672
Merit: 526
It would be best if you left the explanation on the initial page about the reason for the delay. In fact, I believe that it would be even more practical a first page where I could choose the type of address I want and only then generate. In the paperwallet section, it would be better separate a little more the private keys from the public keys.
newbie
Activity: 10
Merit: 6
We have always loved to use bitaddress.org for securing our Bitcoin offline. It is a great tool for cold storage and a big thank you from our side to the author(s).
However, it seems like the development of bitaddress.org has come to a halt which has lead to the lack of support for new Bitcoin features (most notably SegWit Addresses).
There are other generators out there like https://segwitaddress.org/ but they do not come close to the scope of features offered by bitaddress.org.

This lack of comprehensive yet up-to-date paper wallet generators has bothered us to the point where we decided to develop a tool ourselves.
With this in mind, we would like to introduce you to our implementation for a possible bitaddress.org successor:
https://coinglacier.org

The major differences are the new Bitcoin features that coinglacier.org supports:
  • SegWit and Bech32 Support
  • Hierarchical Deterministic (HD) Wallets
  • (password-protected) Mnemonics
  • Possibility to show extended public keys
  • We have changed the additional entropy generation from mouse movements to using the NPM package more-entropy in the background

Besides of that we have maintained the highly appreciated possibility to BIP38-encrypt private keys.
We do this asynchronously using web workers though, so it should be a bit faster for you if you are generating multiple addresses ;-)
Furthermore, we have kept the application as an all-in-one HTML file, so you can easily download the file and run it locally.

Of course you are skeptic at this point about whether you may trust our software or not.
We appreciate your skepticism it's a good thing to be skeptical in this space.
The good point is, coinglacier.org is fully open source and available on Github, so:
Don't Trust. Verify.

This is just the start of the development, we still have a lot of ideas to implement!
So if you want to support the further enlargement of the glacier, consider a donation to one of the following addresses:
35UEpPEJH9HgvMaqwiAZFaLwdEcxzo18K4
bc1qjgr5cwtpsaqq3sxsprnhv49hj8fy3s7szen92y

Coinglacier.org is safest when you open the HTML file locally (from an offline computer if possible).
For a safe installation, please follow the instructions on the Github readme:
https://github.com/dalitsairio/coinglacier.org

The watch-only wallet Sentinel is a great complement to coinglacier.org cold wallets and works best when you scan your extended private key(s).
This will then allow you to
  • Have an overview about your balances
  • Sweep BTC from other private keys onto your cold storage
and all this while not losing the security of a cold wallet.

Comments, criticism, pull requests, feedback and donations are welcome.
More documentation and features will follow.

Checksum history
coinglacier.org_v1.0.0_SHA256-53b04fc126ce2f4b814d0994359e6992a2982218c2048d58c5249fc5df586fb5.html
coinglacier.org_v1.1.0_SHA256-45288e949fb491f8833971edd4e42665cf1a619b6712114c2ecb14c5970ce218.html
coinglacier.org_v1.1.1_SHA256-9d0836a2b43a1661190146762786b3a21956c8192e57f6b18fa666a1266b47da.html

Code signing key
Fingerprint: 12A2 411A 8C5C C035 6DDB 767C 24B0 274E 5B6C A8B1
Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBFqpQfsBCACsYk0qsvK0DWmaRoyAK2D7CA0qNqe8xujY1H9NMQZWVSvik+Bn
6ixDKlq7UykJJl+y0upSyrDN9u2uk1/VIsE8dYZhRCiefeUZ/zoYU6KO6VSIjtWe
of29WDx2D0qmuIchesUM6kmwSgVEXizUmmsWpsKXd+pk9KsE/D6o9umyOF4+PEQu
RXdt9V8UDJlgqtsuYNDVRQNFJTYHrLE5aHgx89NUIu0sY7CiAIaUT59Qb3KyUQPr
N4hAbQXYsvWa8l3lj0Igtr5ByrplV3s/YPSIgIRxqBSiYx2X7rUXOLf5C+/SSZ8V
sYaX7d9rP4cJxH0OZbR+VgqOztQDt0cRWeelABEBAAG0KkRhbGl0IFNhaXJpbyA8
ZGFsaXQuc2FpcmlvQHByb3Rvbm1haWwuY29tPokBNwQTAQgAIQUCWqlB+wIbAwUL
CQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAksCdOW2yosdsECACNdPMHdmRxFgV6
Gzi1EEMRrPwBwmmtQON4++jQHWj4FsnYC0HcNfgsG9ef6BKvspRO+KJxnKbptvjM
G5sgdfin33XEhVszcKcEgc5ZeKcGDkOhpmXYR5BAO+gJeJnx8cF7HBm/UwrESnUe
8FEAjTlU/DJpiwMEb39/vHk/c1gT0T9eWMbgaEQxPQf4duCUlu89yHaNkyh3yXuY
eygjlckaMfaHOFV3X3nZRbhVu6fKMohqverBKpVRrKjUo9pCTXJCwVg6ego+z1gc
gyL3mPANT2ajRv0lVaPHDt/TUhuhPE2oU6d+/QMqTFtZQTLfC6JfvWjhNqeCVFJe
6d1Ti132uQENBFqpQfsBCADncfuDsYlzEg8lDf7QUdMbeDOxwog5+EdJTbDIr3oa
3FEGqyzQqQcozYKc5/FYS9yA2gvIdDQqXrjXALUjBi696ve4tVfuOPuiwij90T1S
W74XaDOpKJ8sI5ivOGox9otAilT0aqMadoBeaHUlabUC4cfSMKoyOHHBZ/5NylZo
X1bJbC8572HGcsIJyQPc+25ULw5HFMqR9GB//YSxkPut+fJKDVbyN5t8k5PeSygj
CUzfQejnO8LrvOEu2LF24NNZYidSoWsWr1sIDmaUB7QrQ9yRzcCCqoodHDOt4Pz6
5OPyl73rBhnjyT2izXlCYlJiH7KG/Kn3oklPS9FZZnOnABEBAAGJAR8EGAEIAAkF
AlqpQfsCGwwACgkQJLAnTltsqLGWUwf/VWsFPyawpdtaX8yD5JBDOV2LwMIx0r+P
6ghTRbIIRkaYZG7XGHA/Jbh0NCF8EUu9IZu5SBDr0GH9g5hFmu39vDgpmAUqjacm
bVOW7PBZo1ZkU+t7ppCDgdKFlRfOZH6pUg6gNaJqIt4ZabTzjpm46PbiuSRyQFPG
kMQzmXKBPfSISWuozmVraRwg/6LwlvPtcmKjxOMaQOCKELYEIUHMRfuS3pxZLMnN
TggPZDf4rOlR33k2X6/JauNokaTkwDAlWysZQLExxs3ho5ozRYJs7EMG7iRTmo9h
JJ6k9f+vjhKUBTdAMRzVk4kLsCLudPvXcuom8wTDpV/rEZSGFJvbVw==
=rkyM
-----END PGP PUBLIC KEY BLOCK-----
Jump to: