Brainwallet.org safe to use? | Bitcointalksearch.org

TheButterZone

legendary

Activity: 3038

Merit: 1032

RIP Mommy

Quote from: Financisto on November 12, 2013, 08:51:20 PM

Can't not remember by now.

But as far as I can tell, when you broadcast the transaction (generated with brainwallet app) and do not set an change address, blockchain will reject it.

It used to automatically make the address you're sending from the change address, but IIRC I got errors from bc.i/pushtx when I last tried to use BW. I just went over to Electrum without looking into it. Maybe that's why.

Financisto

hero member

Activity: 640

Merit: 771

BTC⇆⚡⇄BTC

Can't remember by now.

But as far as I can tell, when you broadcast the transaction (generated with brainwallet app) and do not set an change address, blockchain will reject it.

lyth0s

legendary

Activity: 1260

Merit: 1000

World Class Cryptonaire

Would the change not automatically go back to the sending address?

Financisto

hero member

Activity: 640

Merit: 771

BTC⇆⚡⇄BTC

Quote from: lyth0s on November 11, 2013, 04:58:30 AM

Thank you sir

You're welcome.

At last, but not least: everytime you spend funds from an address, do it with all its funds.

e.g. You wanna send 2 BTC from an address funded with 3 BTC.

1) Right way to do it:

yoursendaddress: 3 BTC

BTC sent to:

receiveaddress: 2 BTC + fees

yourchangeaddress: ~ 1 BTC

2) Wrong way to do it:

yoursendaddress1: 3 BTC

BTC sent (only) to:

receiveaddres: 2 BTC

i.e. always consider the change (and fees). Because of bitcoin and its blockchain architecture, all funds from one address has to be spent as follows:

address1 (all funds) -> address2 + fees

OR

address1 (all funds) -> address2 + changeaddress + fees

Hope that explanation helps you avoiding future problems.

lyth0s

legendary

Activity: 1260

Merit: 1000

World Class Cryptonaire

Thank you sir

Financisto

hero member

Activity: 640

Merit: 771

BTC⇆⚡⇄BTC

Before going any further, I'd suggest that you read the discussion about using it right here: https://bitcointalksearch.org/topic/if-you-used-brainwalletorg-must-read-security-breach-251037

For the rest, all I've got to say is: keep doing it all (address creation, transactions, storage, signing etc.) offline.

IMHO, that javascript application was meant for using offline.

EDIT: don't ever trust this implementation because they don't even use KDF.

lyth0s

legendary

Activity: 1260

Merit: 1000

World Class Cryptonaire

So i'm considering using a brain wallet and I was wondering if anyone can take a look at brainwallet.org 's source code and tell me if it truly is all client side javascript? I'm curious to know if the site has any way to get/use the private keys I generate there? I know I can also download the source and run it locally (which I have done), but I already used a passphrase I would like to keep on their main website.

Any advice is greatly appreciated!

Under network activity on my web browser all I see is "get" upon page loads (and no activity when i enter a passphrase), which I believe means nothing was sent to their server...not sure though

Topic: Brainwallet.org safe to use? (Read 1030 times)