Bitaddress.org security. Top Notch? | Bitcointalksearch.org

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

Quote from: z12 on April 15, 2013, 01:41:59 PM

The seed is generated using javascript while you work with your computer (move mouse, press keys etc.) perhaps throw away a few first generated keys and they are random enough

I don't mind how the seed is generated. But how are the random numbers themselves generated? What is the PRNG bitaddress is using or how does it work?

I will look at the source code to find out, but if you already know, kindly post here. Thanks.

Edit:
It uses timers and mouse positions to generate the seed. It uses Random number generator with ArcFour PRNG. Based on comments in the source code.

Can this web html javascript be compiled? I want to run it as natively as possible, for speed. Javascript is interpreted, correct?

MagicBit15

sr. member

Activity: 294

Merit: 250

Let's Start a Cryptolution!!

Wow awesome feedback, can always trust you guys for the down and dirty!! Thanks again!!

z12

member

Activity: 63

Merit: 10

Quote from: Dabs on April 15, 2013, 03:27:28 AM

Okay, who has looked at the source code and see where the random numbers are generated?

The seed is generated using javascript while you work with your computer (move mouse, press keys etc.) perhaps throw away a few first generated keys and they are random enough

keatonatron

sr. member

Activity: 308

Merit: 250

Jack of oh so many trades.

Quote from: Grinder on April 15, 2013, 04:35:03 AM

Quote from: beckspace on April 15, 2013, 02:05:28 AM

Trust no one in any time. Check the source.

And also write your own compiler and create your own hardware from scratch. Being paranoid is really hard.

Better yet design your own bitcoin-like currency/protocol and try to get everyone else to use it. That's the only way you can really be sure Satoshi won't come back with an alien fleet and target those who stole his precious coins.

Grinder

legendary

Activity: 1284

Merit: 1001

Quote from: beckspace on April 15, 2013, 02:05:28 AM

Trust no one in any time. Check the source.

And also write your own compiler and create your own hardware from scratch. Being paranoid is really hard.

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

Okay, who has looked at the source code and see where the random numbers are generated?

aantonop

full member

Activity: 196

Merit: 116

Entrepreneur, coder, hacker, pundit, humanist.

Checkout OpenPaperWallet, a community project where we're building a kit for making beautiful, secure paper wallets.

https://bitcointalk.org/index.php?topic=155847.0;all

The designs are coming out great, the project has been moving at a nice speed and we should be doing the first production run in a couple of weeks...

apetersson

hero member

Activity: 668

Merit: 501

just to throw in some doubt: have you verified that the random number generator has enough randomness? that there is no known secret seen involved in the key generation?

keatonatron

sr. member

Activity: 308

Merit: 250

Jack of oh so many trades.

Quote from: beckspace on April 15, 2013, 02:05:28 AM

Quote from: keatonatron on April 15, 2013, 01:40:42 AM

Exactly. If the software can't connect to the internet, and can't save any information on the computer to be sent later, it's impossible for it to let someone else know what you've generated. The site itself suggests this method.

Not quite. The software may be compromised in a way that it "generates" for you some attacker's pre-generated keys. Even in offline mode, a compromised code can be disastrous.

Trust no one in any time. Check the source.

That is true.

beckspace

hero member

Activity: 931

Merit: 500

Quote from: keatonatron on April 15, 2013, 01:40:42 AM

Exactly. If the software can't connect to the internet, and can't save any information on the computer to be sent later, it's impossible for it to let someone else know what you've generated. The site itself suggests this method.

Not quite. The software may be compromised in a way that it "generates" for you some attacker's pre-generated keys. Even in offline mode, a compromised code can be disastrous.

Trust no one in any time. Check the source.

keatonatron

sr. member

Activity: 308

Merit: 250

Jack of oh so many trades.

Quote from: maaku on April 15, 2013, 01:34:41 AM

Worried? Save it to usb key, load on linux live cd with no network connection.

Exactly. If the software can't connect to the internet, and can't save any information on the computer to be sent later, it's impossible for it to let someone else know what you've generated. The site itself suggests this method.

(So far I don't think anyone has ever had a "bad experience" using the generator")

maaku

legendary

Activity: 905

Merit: 1012

Worried? Save it to usb key, load on linux live cd with no network connection.

MagicBit15

sr. member

Activity: 294

Merit: 250

Let's Start a Cryptolution!!

I have been into making paper wallets on my own for a while never used a javascript or web based one. I am sure this is a silly question but bitaddress.org been around for a while, pretty secure I assume. Like make paper wallet, no logs etc.,

Any positive experiences would be great!!

Topic: Bitaddress.org security. Top Notch? (Read 2438 times)