bitaddress.org - bug & concerns | Bitcointalksearch.org

neutrinox

full member

Activity: 182

Merit: 100

1MCKW9AkWj3aopC1aPegcZEf2fYNrhUQVf

Quote from: grue on November 10, 2013, 01:53:12 PM

it does? the page is a single html file with no other dependencies.

You are right, I was wrong. I thought it's linking to google libraries, but it was a mistake on my behalf. It's simply crediting those libraries, not linking to them. I apologize and stand corrected!

inform

newbie

Activity: 42

Merit: 0

What is this blockchain walet analog? Huh

or?

yakov

newbie

Activity: 40

Merit: 0

I've responded to your post in the bitaddress.org thread.
https://bitcointalksearch.org/topic/m.3540166

I was also thinking about the RNG it uses, I quickly wrote some code where you can add your own entropy if you wish, though it requires some javascript and linux knowledge

canton

sr. member

Activity: 261

Merit: 285

Hi there,

My fork of bitaddress.org is virtually identical (in crypto not graphic design) except in the random number generator -- particularly the bit you're concerned about. It's not due to any crypto expertise on my own part: Gavin Andresen kindly sent me a patch to the bitaddress.org code which lets sufficiently advanced browsers use window.crypto.getRandomValues if it's available.

Here's the change:
https://github.com/cantonbecker/bitcoinpaperwallet/commit/b4c2cf68e79f9f469cd180238d9377086058aaa9

Here's the parent page:
https://github.com/cantonbecker/bitcoinpaperwallet

You can demo the generator here:
https://bitcoinpaperwallet.com

I've mentioned this amendment to pointbiz / bitaddress and I suspect it's under consideration.

- Canton

grue

legendary

Activity: 2058

Merit: 1431

Quote from: BitFanatic on November 10, 2013, 08:29:48 AM

So this random object value is used for ALL of the wallets when creating them in bulk. Surely the secureRandom should be recreated for each wallet?

because reusing it doesn't decrease the entropy of resulting wallets.

Quote from: neutrinox on November 10, 2013, 08:48:31 AM

My biggest concern at bitaddress.org is the use of external javascript files. This gives the host of those files the possibility to execute any javascript on the page. They could easily insert a function that sends the private keys to a third party website. If that's done only 1 of 10 times, it's hard to get caught.

it does? the page is a single html file with no other dependencies.

Quote from: DobZombie on November 10, 2013, 12:01:12 PM

Quote from: BitFanatic on November 10, 2013, 09:58:37 AM

Yeah - all I wanted to do was modify the code a bit to add some of my own extra randomness to it for my sanity... But this has put me off completely now! I just want to create a really secure paper wallet where I don't need to trust somebody... Any ideas?

why don't you multiple the output random number by the current time code. that'll add an extra layer of entropy

better idea: xor the output random number by the current time code. multiplying will add a bias toward bigger numbers.

RoxxR

full member

Activity: 209

Merit: 148

Quote from: BitFanatic on November 10, 2013, 09:58:37 AM

Quote from: neutrinox on November 10, 2013, 08:48:31 AM

I don't understand the code well enough to answer your specific concern.

My biggest concern at bitaddress.org is the use of external javascript files. This gives the host of those files the possibility to execute any javascript on the page. They could easily insert a function that sends the private keys to a third party website. If that's done only 1 of 10 times, it's hard to get caught.

Also, a week ago when I was trying to teach my college how to create a wallet, bitaddress.org displayed invalid security certificate -errors. Needles to say we stopped using the site immediately. Was a pretty embarrassing situation for me.

I'm taking a look at cascasius's address utility that included Bip0038 two factor encryption. This post on reddit made me curious:
http://www.reddit.com/r/Bitcoin/comments/1q7inm/this_paper_wallet_now_contains_0225_btc_and_is/

Yeah - all I wanted to do was modify the code a bit to add some of my own extra randomness to it for my sanity... But this has put me off completely now! I just want to create a really secure paper wallet where I don't need to trust somebody... Any ideas?

You may like the NoBrainr tool, also on this subforum. It's a little frugal but, I found it to be really easy to "review", even though I'm not a developer. It's so tiny there's little space to hide malicious code.

DobZombie

hero member

Activity: 896

Merit: 532

Former curator of The Bitcoin Museum

Quote from: BitFanatic on November 10, 2013, 09:58:37 AM

Quote from: neutrinox on November 10, 2013, 08:48:31 AM

I don't understand the code well enough to answer your specific concern.

My biggest concern at bitaddress.org is the use of external javascript files. This gives the host of those files the possibility to execute any javascript on the page. They could easily insert a function that sends the private keys to a third party website. If that's done only 1 of 10 times, it's hard to get caught.

Also, a week ago when I was trying to teach my college how to create a wallet, bitaddress.org displayed invalid security certificate -errors. Needles to say we stopped using the site immediately. Was a pretty embarrassing situation for me.

I'm taking a look at cascasius's address utility that included Bip0038 two factor encryption. This post on reddit made me curious:
http://www.reddit.com/r/Bitcoin/comments/1q7inm/this_paper_wallet_now_contains_0225_btc_and_is/

Yeah - all I wanted to do was modify the code a bit to add some of my own extra randomness to it for my sanity... But this has put me off completely now! I just want to create a really secure paper wallet where I don't need to trust somebody... Any ideas?

why don't you multiple the output random number by the current time code. that'll add an extra layer of entropy

BitFanatic

newbie

Activity: 17

Merit: 0

Quote from: neutrinox on November 10, 2013, 08:48:31 AM

I don't understand the code well enough to answer your specific concern.

My biggest concern at bitaddress.org is the use of external javascript files. This gives the host of those files the possibility to execute any javascript on the page. They could easily insert a function that sends the private keys to a third party website. If that's done only 1 of 10 times, it's hard to get caught.

Also, a week ago when I was trying to teach my college how to create a wallet, bitaddress.org displayed invalid security certificate -errors. Needles to say we stopped using the site immediately. Was a pretty embarrassing situation for me.

I'm taking a look at cascasius's address utility that included Bip0038 two factor encryption. This post on reddit made me curious:
http://www.reddit.com/r/Bitcoin/comments/1q7inm/this_paper_wallet_now_contains_0225_btc_and_is/

Yeah - all I wanted to do was modify the code a bit to add some of my own extra randomness to it for my sanity... But this has put me off completely now! I just want to create a really secure paper wallet where I don't need to trust somebody... Any ideas?

neutrinox

full member

Activity: 182

Merit: 100

1MCKW9AkWj3aopC1aPegcZEf2fYNrhUQVf

I don't understand the code well enough to answer your specific concern.

My biggest concern at bitaddress.org is the use of external javascript files. This gives the host of those files the possibility to execute any javascript on the page. They could easily insert a function that sends the private keys to a third party website. If that's done only 1 of 10 times, it's hard to get caught.

Also, a week ago when I was trying to teach my college how to create a wallet, bitaddress.org displayed invalid security certificate -errors. Needles to say we stopped using the site immediately. Was a pretty embarrassing situation for me.

I'm taking a look at cascasius's address utility that included Bip0038 two factor encryption. This post on reddit made me curious:
http://www.reddit.com/r/Bitcoin/comments/1q7inm/this_paper_wallet_now_contains_0225_btc_and_is/

BitFanatic

newbie

Activity: 17

Merit: 0

I replied this same info on the main bitaddress.org thread about 12 hours ago but am yet to get a response.

Disclaimer: I am no expert especially with Javascript.

I have been digging through the bitaddress.org code and I have a couple of concerns in generating the paper wallet addresses.

I've noticed that on the paper wallet page you have the option to choose how many wallets you wish to create. The problem is that the "random" secureRandom object is used for ALL of the wallets which you create on that page. Why is the object not refreshed on each wallet creation?

Let me show this with screenshot.

https://i.imgur.com/96ppaNM.jpg

So this random object value is used for ALL of the wallets when creating them in bulk. Surely the secureRandom should be recreated for each wallet?

Also please could somebody explain this bit of logic for randomising the 256 digits in this bit of code:

   while (sr.pptr < sr.poolSize) { // extract some randomness from Math.random()
   t = Math.floor(65536 * Math.random());
   sr.pool[sr.pptr++] = t >>> 8;
   sr.pool[sr.pptr++] = t & 255;
   }

What is the reasoning of the bitand and the >>> 8? Couldn't this be a bit shift to a different integer? Why 8? Please explain to me.

Thanks!

Topic: bitaddress.org - bug & concerns (Read 1728 times)