Author

Topic: [ANN] PHPCoinAddress - create public/private key pairs for Bitcoin, etc (Read 5754 times)

legendary
Activity: 1420
Merit: 1010
I assume the original dev has abandoned this project with no response to the pull requests from Abdussamad to the security issue found.

I have forked the original project and pulled in the recommended changes and am hosting it here :

http://phpcoinaddress.peercointalk.org/


Github repo: https://github.com/FuzzyBearBTC/PHPCoinAddress
Donate to the development of this project on Peer4commit: http://peer4commit.com/projects/139

any requests please PM me, if the project takes off seriously again I will start an official thread

Fuzzybear
legendary
Activity: 1092
Merit: 1000
nahtnam.com
Looks like this has already been reported:

https://github.com/zamgo/PHPCoinAddress/pull/1

So if I download it now, it would be much safer?

No the use of mt_rand continues which is why I too encountered it. Wait for the developer to respond.

Oh. I thought on the ticket it said that it removed all instances of mt_rand.

That's a pull request by another forum member. He's requesting zamgo to incorporate this change in his script. And BTW that pull request does not address the use of mt_rand that I've reported above. You can see that here:

https://github.com/zamgo/PHPCoinAddress/blob/master/PHPCoinAddress.php#L240

Oh ok. Thank you.
legendary
Activity: 3710
Merit: 1586
Looks like this has already been reported:

https://github.com/zamgo/PHPCoinAddress/pull/1

So if I download it now, it would be much safer?

No the use of mt_rand continues which is why I too encountered it. Wait for the developer to respond.

Oh. I thought on the ticket it said that it removed all instances of mt_rand.

That's a pull request by another forum member. He's requesting zamgo to incorporate this change in his script. And BTW that pull request does not address the use of mt_rand that I've reported above. No wait it does. But still hasn't been included in master branch.
legendary
Activity: 1092
Merit: 1000
nahtnam.com
Looks like this has already been reported:

https://github.com/zamgo/PHPCoinAddress/pull/1

So if I download it now, it would be much safer?

No the use of mt_rand continues which is why I too encountered it. Wait for the developer to respond.

Oh. I thought on the ticket it said that it removed all instances of mt_rand.
legendary
Activity: 3710
Merit: 1586
Looks like this has already been reported:

https://github.com/zamgo/PHPCoinAddress/pull/1

So if I download it now, it would be much safer?

No the use of mt_rand continues which is why I too encountered it. Wait for the developer to respond.
legendary
Activity: 1092
Merit: 1000
nahtnam.com
Looks like this has already been reported:

https://github.com/zamgo/PHPCoinAddress/pull/1

So if I download it now, it would be much safer?
legendary
Activity: 3710
Merit: 1586
legendary
Activity: 1092
Merit: 1000
nahtnam.com
The private keys generated by this script are not safe. You can see on line 240 of phpcoinaddress.php that mt_rand is used to generate the private key. That function is not safe for cryptographic use:

Code:
for ($i = 0; $i < 32; $i++) { $privBin .= chr(mt_rand(0, $i ? 0xff : 0xfe)); }

Quote
Caution

This function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using openssl_random_pseudo_bytes() instead.
http://php.net/mt_Rand

This is the same problem that was found in bitfreak's shopping cart script:

http://www.mail-archive.com/[email protected]/msg03064.html


What would be the best way to fix it?
legendary
Activity: 3710
Merit: 1586
The private keys generated by this script are not safe. You can see on line 240 of phpcoinaddress.php that mt_rand is used to generate the private key. That function is not safe for cryptographic use:

Code:
for ($i = 0; $i < 32; $i++) { $privBin .= chr(mt_rand(0, $i ? 0xff : 0xfe)); }

Quote
Caution

This function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using openssl_random_pseudo_bytes() instead.
http://php.net/mt_Rand

This is the same problem that was found in bitfreak's shopping cart script:

http://www.mail-archive.com/[email protected]/msg03064.html
legendary
Activity: 1092
Merit: 1000
nahtnam.com
Wow this is really great! It would be really useful if someone could port it to Ruby on Rails!
legendary
Activity: 1358
Merit: 1002
Awesome stuff you have here! You should include some cryptocoin donation addresses on the readme file and on the OP, ya know? Wink
member
Activity: 70
Merit: 10
newbie
Activity: 32
Merit: 0
I'm gathering a Prefix list for as many cryptocoin variations as possible to include into PHPCoinAddress.  Please feel free to report errors on this list, or fix missing prefixes, or report OK tests, or to suggest new coins.   For new coins, please include the public and private prefixes in either Decimal or Hex, or just a pointer to a source code repository where the prefixes can be found.   I'll keep this post updated as new versions of PHPCoinAddress are released.
Code:
Version 0.2.0.pre
Key:
Pub Dec = Prefix for Public Key, Decimal
Pub Hex = Prefix for Public Key, Hexadecimal
Pub lead = leading character in Public Key
Priv Dec = Prefix for Private Key, Decimal
Priv Hex = Prefix for Private Key, Hexadecimal
Priv lead = leading character in Private Key (Wallet Import Format)
PrvC lead = leading character in Private Key (Compressed Wallet Import Format)
test = Test results for importing PHPCoinAddress created keys into standard client
src = source code repository
Note: tests are for uncompressed keys

              Pub   Pub   Pub  Priv  Priv  Priv PrvC
Coin          Dec   Hex   lead  Dec   Hex  lead lead  test  src
============  ====  ====  ==== ====  ====  ==== ====  ====  ====
BITCOIN          0  0x00  1     128  0x80   5   K,L   OK    https://github.com/bitcoin/bitcoin
BBQCOIN         85  0x05  3     213  0xD5   8   K,    -     https://github.com/overware/BBQCoin
BITBAR          25  0x19  B     153  0x99   6   K,    -     https://github.com/aLQ/bitbar
BYTECOIN        18  0x12  8     128  0x80   5   K,    -     https://github.com/bryan-mills/bytecoin
CHNCOIN         28  0x1C  C     156  0x9C   6   K,    -     https://github.com/CHNCoin/CHNCoin
DEVCOIN          0  0x00  1     128  0x80   5   K,L   -     http://sourceforge.net/projects/galacticmilieu/files/DeVCoin/
FAIRBRIX         -     -  -       -     -   -   -     -     https://github.com/coblee/Fairbrix
FEATHERCOIN     14  0x0E  6     142  0x8E   5   K,    -     https://github.com/FeatherCoin/FeatherCoin
FREICOIN         0  0x00  1     128  0x80   5   K,L   -     https://github.com/freicoin/freicoin
IXCOIN           -     -  -       -     -   -   -     -     https://github.com/ixcoin/ixcoin
JUNKCOIN        16  0x10  7     144  0x90   5   K,    OK    https://github.com/js2082/JKC
LITECOIN        48  0x30  L     176  0xB0   6   K,    OK    https://github.com/litecoin-project/litecoin
MINCOIN         50  0x32  M     178  0xB2   6   K,    -     https://github.com/SandyCohen/mincoin
NAMECOIN        52  0x34  M,N   180  0xB4   7   K,    -     https://github.com/namecoin/namecoin
NOVACOIN         8  0x08  4     136  0x88   5   K,    -     https://github.com/CryptoManiac/novacoin
ONECOIN        115  0x73  o     243  0xF3   9   K,    -     https://github.com/cre8r/onecoin
PPCOIN          55  0x37  P     183  0xB7   7   K,    OK    https://github.com/ppcoin/ppcoin
ROYALCOIN        -     -  -       -     -   -   -     -     http://sourceforge.net/projects/royalcoin/
SMALLCHANGE     62  0x3E  S     190  0xBE   7   K,    -     https://github.com/bfroemel/smallchange
TERRACOIN        0  0x00  1     128  0x80   5   K,L   -     https://github.com/terracoin/terracoin
YACOIN          77  0x4D  Y     205  0xCD   7   K,    -     https://github.com/pocopoco/yacoin

              Pub   Pub   Pub  Priv  Priv  Priv PrvC
TESNET Coin   Dec   Hex   lead  Dec   Hex  lead lead  test
============  ====  ====  ==== ====  ====  ==== ====  ====
BITCOIN-T      111  0x6F  m,n   239  0xEF   9   -     OK(uncompressed only)
BBQCOIN-T       25  0x19        153  0x99   -   -     -
BITBAR-T       115  0x73        243  0xF3   -   -     -
FAIRBRIX-T       -     -  -       -     -   -   -     -
IXCOIN-T         -     -  -       -     -   -   -     -
NAMECOIN-T       -     -  -       -     -   -   -     -
ROYALCOIN-T      -     -  -       -     -   -   -     -

TESTNET Coins using BITCOIN TESTNET prefixes:
BYTECOIN, CHNCOIN, DEVCOIN, FEATHERCOIN, FREICOIN, JUNKCOIN, LITECOIN
MINCOIN, NOVACOIN, ONECOIN, PPCOIN, TERRACOIN, SMALLCHANGE, YACOIN
newbie
Activity: 32
Merit: 0
PHPCoinAddress is a PHP Object that creates public/private key pairs for Bitcoin and many other cryptocoins.

PHPCoinAddress is intended to be easy to integrate into other PHP projects.

More info: https://github.com/zamgo/PHPCoinAddress

This is a beta release, and the project is still under active development.  Be careful before using this in a production environment.

Example usage:
Code:
require_once 'PHPCoinAddress.php';
$coin = CoinAddress::bitcoin();  
print 'public (base58): ' . $coin['public'] . "\n";
print 'public (Hex)   : ' . $coin['public_hex'] . "\n";
print 'private (WIF)  : ' . $coin['private'] . "\n";
print 'private (Hex)  : ' . $coin['private_hex'] . "\n";
All bug reports, fixes, pull requests, comments and criticisms welcome.
Jump to: