I assume the original dev has abandoned this project with no response to the pull requests from Abdussamad to the security issue found.
I have forked the original project and pulled in the recommended changes and am hosting it here :
http://phpcoinaddress.peercointalk.org/
Github repo: https://github.com/FuzzyBearBTC/PHPCoinAddress
Donate to the development of this project on Peer4commit: http://peer4commit.com/projects/139
any requests please PM me, if the project takes off seriously again I will start an official thread
Fuzzybear
Topic: [ANN] PHPCoinAddress - create public/private key pairs for Bitcoin, etc (Read 5749 times)
November 19, 2014, 10:00:21 PM
December 13, 2013, 09:45:22 PM
So if I download it now, it would be much safer?
No the use of mt_rand continues which is why I too encountered it. Wait for the developer to respond.
Oh. I thought on the ticket it said that it removed all instances of mt_rand.
That's a pull request by another forum member. He's requesting zamgo to incorporate this change in his script. And BTW that pull request does not address the use of mt_rand that I've reported above. You can see that here:
https://github.com/zamgo/PHPCoinAddress/blob/master/PHPCoinAddress.php#L240
Oh ok. Thank you.
December 13, 2013, 09:44:36 PM
So if I download it now, it would be much safer?
No the use of mt_rand continues which is why I too encountered it. Wait for the developer to respond.
Oh. I thought on the ticket it said that it removed all instances of mt_rand.
That's a pull request by another forum member. He's requesting zamgo to incorporate this change in his script.
December 13, 2013, 09:34:37 PM
So if I download it now, it would be much safer?
No the use of mt_rand continues which is why I too encountered it. Wait for the developer to respond.
Oh. I thought on the ticket it said that it removed all instances of mt_rand.
December 13, 2013, 09:33:47 PM
So if I download it now, it would be much safer?
No the use of mt_rand continues which is why I too encountered it. Wait for the developer to respond.
December 13, 2013, 09:28:55 PM
So if I download it now, it would be much safer?
December 13, 2013, 09:25:51 PM
December 13, 2013, 09:10:00 PM
The private keys generated by this script are not safe. You can see on line 240 of phpcoinaddress.php that mt_rand is used to generate the private key. That function is not safe for cryptographic use:
This is the same problem that was found in bitfreak's shopping cart script:
http://www.mail-archive.com/[email protected]/msg03064.html
Code:
for ($i = 0; $i < 32; $i++) { $privBin .= chr(mt_rand(0, $i ? 0xff : 0xfe)); }
Quote
Caution
This function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using openssl_random_pseudo_bytes() instead.
http://php.net/mt_RandThis function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using openssl_random_pseudo_bytes() instead.
This is the same problem that was found in bitfreak's shopping cart script:
http://www.mail-archive.com/[email protected]/msg03064.html
What would be the best way to fix it?
December 13, 2013, 09:03:45 PM
The private keys generated by this script are not safe. You can see on line 240 of phpcoinaddress.php that mt_rand is used to generate the private key. That function is not safe for cryptographic use:
This is the same problem that was found in bitfreak's shopping cart script:
http://www.mail-archive.com/[email protected]/msg03064.html
Code:
for ($i = 0; $i < 32; $i++) { $privBin .= chr(mt_rand(0, $i ? 0xff : 0xfe)); }
Quote
Caution
This function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using openssl_random_pseudo_bytes() instead.
http://php.net/mt_RandThis function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using openssl_random_pseudo_bytes() instead.
This is the same problem that was found in bitfreak's shopping cart script:
http://www.mail-archive.com/[email protected]/msg03064.html
December 13, 2013, 07:38:52 PM
Wow this is really great! It would be really useful if someone could port it to Ruby on Rails!
June 22, 2013, 01:05:52 PM
Awesome stuff you have here! You should include some cryptocoin donation addresses on the readme file and on the OP, ya know? 
May 26, 2013, 02:08:36 PM
How about the one for Digital Coin/WorldCoin?
DGC: https://github.com/baritus/digitalcoinSource
WDC: https://github.com/worldcoinproject/Worldcoin
DGC: https://github.com/baritus/digitalcoinSource
WDC: https://github.com/worldcoinproject/Worldcoin
May 09, 2013, 07:56:59 AM
I'm gathering a Prefix list for as many cryptocoin variations as possible to include into PHPCoinAddress. Please feel free to report errors on this list, or fix missing prefixes, or report OK tests, or to suggest new coins. For new coins, please include the public and private prefixes in either Decimal or Hex, or just a pointer to a source code repository where the prefixes can be found. I'll keep this post updated as new versions of PHPCoinAddress are released.
Code:
Version 0.2.0.pre
Key:
Pub Dec = Prefix for Public Key, Decimal
Pub Hex = Prefix for Public Key, Hexadecimal
Pub lead = leading character in Public Key
Priv Dec = Prefix for Private Key, Decimal
Priv Hex = Prefix for Private Key, Hexadecimal
Priv lead = leading character in Private Key (Wallet Import Format)
PrvC lead = leading character in Private Key (Compressed Wallet Import Format)
test = Test results for importing PHPCoinAddress created keys into standard client
src = source code repository
Note: tests are for uncompressed keys
Pub Pub Pub Priv Priv Priv PrvC
Coin Dec Hex lead Dec Hex lead lead test src
============ ==== ==== ==== ==== ==== ==== ==== ==== ====
BITCOIN 0 0x00 1 128 0x80 5 K,L OK https://github.com/bitcoin/bitcoin
BBQCOIN 85 0x05 3 213 0xD5 8 K, - https://github.com/overware/BBQCoin
BITBAR 25 0x19 B 153 0x99 6 K, - https://github.com/aLQ/bitbar
BYTECOIN 18 0x12 8 128 0x80 5 K, - https://github.com/bryan-mills/bytecoin
CHNCOIN 28 0x1C C 156 0x9C 6 K, - https://github.com/CHNCoin/CHNCoin
DEVCOIN 0 0x00 1 128 0x80 5 K,L - http://sourceforge.net/projects/galacticmilieu/files/DeVCoin/
FAIRBRIX - - - - - - - - https://github.com/coblee/Fairbrix
FEATHERCOIN 14 0x0E 6 142 0x8E 5 K, - https://github.com/FeatherCoin/FeatherCoin
FREICOIN 0 0x00 1 128 0x80 5 K,L - https://github.com/freicoin/freicoin
IXCOIN - - - - - - - - https://github.com/ixcoin/ixcoin
JUNKCOIN 16 0x10 7 144 0x90 5 K, OK https://github.com/js2082/JKC
LITECOIN 48 0x30 L 176 0xB0 6 K, OK https://github.com/litecoin-project/litecoin
MINCOIN 50 0x32 M 178 0xB2 6 K, - https://github.com/SandyCohen/mincoin
NAMECOIN 52 0x34 M,N 180 0xB4 7 K, - https://github.com/namecoin/namecoin
NOVACOIN 8 0x08 4 136 0x88 5 K, - https://github.com/CryptoManiac/novacoin
ONECOIN 115 0x73 o 243 0xF3 9 K, - https://github.com/cre8r/onecoin
PPCOIN 55 0x37 P 183 0xB7 7 K, OK https://github.com/ppcoin/ppcoin
ROYALCOIN - - - - - - - - http://sourceforge.net/projects/royalcoin/
SMALLCHANGE 62 0x3E S 190 0xBE 7 K, - https://github.com/bfroemel/smallchange
TERRACOIN 0 0x00 1 128 0x80 5 K,L - https://github.com/terracoin/terracoin
YACOIN 77 0x4D Y 205 0xCD 7 K, - https://github.com/pocopoco/yacoin
Pub Pub Pub Priv Priv Priv PrvC
TESNET Coin Dec Hex lead Dec Hex lead lead test
============ ==== ==== ==== ==== ==== ==== ==== ====
BITCOIN-T 111 0x6F m,n 239 0xEF 9 - OK(uncompressed only)
BBQCOIN-T 25 0x19 153 0x99 - - -
BITBAR-T 115 0x73 243 0xF3 - - -
FAIRBRIX-T - - - - - - - -
IXCOIN-T - - - - - - - -
NAMECOIN-T - - - - - - - -
ROYALCOIN-T - - - - - - - -
TESTNET Coins using BITCOIN TESTNET prefixes:
BYTECOIN, CHNCOIN, DEVCOIN, FEATHERCOIN, FREICOIN, JUNKCOIN, LITECOIN
MINCOIN, NOVACOIN, ONECOIN, PPCOIN, TERRACOIN, SMALLCHANGE, YACOIN
May 09, 2013, 07:54:54 AM
PHPCoinAddress is a PHP Object that creates public/private key pairs for Bitcoin and many other cryptocoins.
PHPCoinAddress is intended to be easy to integrate into other PHP projects.
More info: https://github.com/zamgo/PHPCoinAddress
This is a beta release, and the project is still under active development. Be careful before using this in a production environment.
Example usage:
All bug reports, fixes, pull requests, comments and criticisms welcome.
PHPCoinAddress is intended to be easy to integrate into other PHP projects.
More info: https://github.com/zamgo/PHPCoinAddress
This is a beta release, and the project is still under active development. Be careful before using this in a production environment.
Example usage:
Code:
require_once 'PHPCoinAddress.php';
$coin = CoinAddress::bitcoin();
print 'public (base58): ' . $coin['public'] . "\n";
print 'public (Hex) : ' . $coin['public_hex'] . "\n";
print 'private (WIF) : ' . $coin['private'] . "\n";
print 'private (Hex) : ' . $coin['private_hex'] . "\n";
Jump to: