Author

Topic: [BTC] Online/Offline Wallet (Read 3003 times)

full member
Activity: 224
Merit: 100
Any store can buy, sell, and accept Crypto
March 23, 2014, 12:51:59 PM
#39
The SourceCode of Kryptowallet.com and Carbonwallet.com you can't compare. Me as a cryptographer and some other of the NewTimes team have changed the SourceCode so much that you can only compare the Code-Core (base of KryptoWallet/Carbonwallet)
full member
Activity: 224
Merit: 100
Any store can buy, sell, and accept Crypto
March 23, 2014, 12:05:45 PM
#38
So kryptowallet is a copy of carbon wallet:

http://carbonwallet.com/



No, only to about 30-40% we added a bigger dictionary, added AES256bit, a faster GUI, a new design, more funktions .......
Carbonwallet was only the base like Bitcoin for Litecoin. Litecoin use a other PoW, but is based on Bitcoin. That is same like here. Kryptowallet use a other encryption than Carbonwallet
legendary
Activity: 3682
Merit: 1580
March 23, 2014, 12:02:07 PM
#37
So kryptowallet is a copy of carbon wallet:

http://carbonwallet.com/

full member
Activity: 224
Merit: 100
Any store can buy, sell, and accept Crypto
March 23, 2014, 12:00:52 PM
#36
I like the electrum compatibility but I am not sure about the RNG (RC4) you are using. I would not advice using wallets based on passphrases generated by this site just yet.

Also there are some UI bugs. When you logout you can't log back in. It gets stuck on the open wallet progress bar.

The open wallet button also remains disabled until you press a key while the text field has focus. For example if you copy paste a passphrase instead of typing it out.

The way the UI is structured around the open wallet area is also confusing. It makes it look like we are supposed to enter a human generated passphrase. I suggest hiding the text field until you choose to open an existing wallet.

This is for the security. You can't open the Wallet with copy and paste you need to do Ctrl+V or write manual.
The stuck on the progress bar is normal. The Browser try to download again the SoureCode, but you allready had a copy. Just refresh the Browser.

We don't use RNG (RC4), how do you get on this

It uses arcfour as prng?

js/newtimes.js -> generatepassword() -> rng_get_bytes()

extjs/bitcoin/rng.js -> rng_get_bytes () -> rng_get_byte() -> prng_new_state()

extjs/bitcoin/prng4.js -> prng_new_state() creates arcfour object

I am no expert so I think we should wait for a cryptologist to look at this.


A cryptologist expert has allready looked at the SoureCode, it's very secure. 2.11 trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion centuries would take to hack a passphrase.

[js/newtimes.js -> generatepassword() -> rng_get_bytes()

extjs/bitcoin/rng.js -> rng_get_bytes () -> rng_get_byte() -> prng_new_state()

extjs/bitcoin/prng4.js -> prng_new_state() creates arcfour object] this is how the passphrase generator works. Your are good at this, but some items missing
full member
Activity: 224
Merit: 100
Any store can buy, sell, and accept Crypto
March 23, 2014, 11:56:31 AM
#35
If you mean how we generate a passphrase we use a dictionary based on from Electrum’s (we use different words)
legendary
Activity: 3682
Merit: 1580
March 23, 2014, 11:39:21 AM
#34
I like the electrum compatibility but I am not sure about the RNG (RC4) you are using. I would not advice using wallets based on passphrases generated by this site just yet.

Also there are some UI bugs. When you logout you can't log back in. It gets stuck on the open wallet progress bar.

The open wallet button also remains disabled until you press a key while the text field has focus. For example if you copy paste a passphrase instead of typing it out.

The way the UI is structured around the open wallet area is also confusing. It makes it look like we are supposed to enter a human generated passphrase. I suggest hiding the text field until you choose to open an existing wallet.

This is for the security. You can't open the Wallet with copy and paste you need to do Ctrl+V or write manual.
The stuck on the progress bar is normal. The Browser try to download again the SoureCode, but you allready had a copy. Just refresh the Browser.

We don't use RNG (RC4), how do you get on this

It uses arcfour as prng?

js/newtimes.js -> generatepassword() -> rng_get_bytes()

extjs/bitcoin/rng.js -> rng_get_bytes () -> rng_get_byte() -> prng_new_state()

extjs/bitcoin/prng4.js -> prng_new_state() creates arcfour object

I am no expert so I think we should wait for a cryptologist to look at this.
full member
Activity: 224
Merit: 100
Any store can buy, sell, and accept Crypto
March 23, 2014, 10:58:35 AM
#33
I like the electrum compatibility but I am not sure about the RNG (RC4) you are using. I would not advice using wallets based on passphrases generated by this site just yet.

Also there are some UI bugs. When you logout you can't log back in. It gets stuck on the open wallet progress bar.

The open wallet button also remains disabled until you press a key while the text field has focus. For example if you copy paste a passphrase instead of typing it out.

The way the UI is structured around the open wallet area is also confusing. It makes it look like we are supposed to enter a human generated passphrase. I suggest hiding the text field until you choose to open an existing wallet.

This is for the security. You can't open the Wallet with copy and paste you need to do Ctrl+V or write manual.
The stuck on the progress bar is normal. The Browser try to download again the SoureCode, but you allready had a copy. Just refresh the Browser.

We don't use RNG (RC4), how do you get on this
legendary
Activity: 3682
Merit: 1580
March 23, 2014, 09:42:44 AM
#32
I like the electrum compatibility but I am not sure about the RNG (RC4) you are using. I would not advice using wallets based on passphrases generated by this site just yet.

Also there are some UI bugs. When you logout you can't log back in. It gets stuck on the open wallet progress bar.

The open wallet button also remains disabled until you press a key while the text field has focus. For example if you copy paste a passphrase instead of typing it out.

The way the UI is structured around the open wallet area is also confusing. It makes it look like we are supposed to enter a human generated passphrase. I suggest hiding the text field until you choose to open an existing wallet.
full member
Activity: 224
Merit: 100
Any store can buy, sell, and accept Crypto
March 23, 2014, 08:48:15 AM
#31
The problem is no one should be using a web wallet, no one. Let alone a web wallet run by some random guy on a forum that speaks in broken English.

Sorry we are from Germany, and this is not a online Wallet this is a offline Wallet. Use only need your browser for the GUI, you could download the SourceCode and open index.html or index.php and use the Wallet on a PC without Internet connection. Kryptowallet.org is only the GUI/UserInterface
member
Activity: 70
Merit: 10
March 23, 2014, 08:42:49 AM
#30
The problem is no one should be using a web wallet, no one. Let alone a web wallet run by some random guy on a forum that speaks in broken English.
full member
Activity: 224
Merit: 100
Any store can buy, sell, and accept Crypto
March 23, 2014, 08:40:55 AM
#29

Hold on. Your Bitcoins are not at my Wallet there are in you PC. I generate nothing

You are using javascript. There is no reason on the planet for anyone to use javascript. Period. It's a steaming pile of shit with a bazillion known vulnerabilities and more found daily.

No. JavaScript is secure.

You made me laugh.

You are confusing Java with Javascript. Javascript is not related to Java in any way. Almost every website on the web uses javascript in some form or the other. For example, this forum.

I'm confusing nothing, https://www.google.com/#q=javascript+exploits About 3,190,000 results (0.29 seconds)

Sure, java has more exploits... but javascript is almost as bad, that's why noscript and scriptno block BOTH.

+1 Whats the problem i know that in the WWW are JavaScrypt Exploids, but almost every WebSite use JavaScrypt on anyway i use it only for the Bitcoind, beacause so you don't need a Server to use the Wallet in offline mod. Google use also JavaScrypt, with your opinion Google is bad, beacuse it uses JavaScrypt
member
Activity: 70
Merit: 10
March 23, 2014, 08:25:32 AM
#28

Hold on. Your Bitcoins are not at my Wallet there are in you PC. I generate nothing

You are using javascript. There is no reason on the planet for anyone to use javascript. Period. It's a steaming pile of shit with a bazillion known vulnerabilities and more found daily.

No. JavaScript is secure.

You made me laugh.

You are confusing Java with Javascript. Javascript is not related to Java in any way. Almost every website on the web uses javascript in some form or the other. For example, this forum.

I'm confusing nothing, https://www.google.com/#q=javascript+exploits About 3,190,000 results (0.29 seconds)

Sure, java has more exploits... but javascript is almost as bad, that's why noscript and scriptno block BOTH.
legendary
Activity: 3682
Merit: 1580
March 23, 2014, 08:24:40 AM
#27

Hold on. Your Bitcoins are not at my Wallet there are in you PC. I generate nothing

You are using javascript. There is no reason on the planet for anyone to use javascript. Period. It's a steaming pile of shit with a bazillion known vulnerabilities and more found daily.

No. JavaScript is secure.

You made me laugh.

You are confusing Java with Javascript. Javascript is not related to Java in any way. Almost every website on the web uses javascript in some form or the other. For example, this forum.
full member
Activity: 224
Merit: 100
Any store can buy, sell, and accept Crypto
March 23, 2014, 12:41:09 AM
#26
I understand now. Your site says that the passphrase is encrypted before being used to generate addresses, but it is not.

Quote
Your passphrase is encrypted into a number which is then turned into Bitcoin Addresses.


OK,  thanks that you found a "bug" in the translation
member
Activity: 70
Merit: 10
March 22, 2014, 09:36:48 PM
#25

Hold on. Your Bitcoins are not at my Wallet there are in you PC. I generate nothing

You are using javascript. There is no reason on the planet for anyone to use javascript. Period. It's a steaming pile of shit with a bazillion known vulnerabilities and more found daily.

No. JavaScript is secure.

You made me laugh.
legendary
Activity: 4466
Merit: 3391
March 22, 2014, 07:36:39 PM
#24
I understand now. Your site says that the passphrase is encrypted before being used to generate addresses, but it is not.

Quote
Your passphrase is encrypted into a number which is then turned into Bitcoin Addresses.
full member
Activity: 224
Merit: 100
Any store can buy, sell, and accept Crypto
March 22, 2014, 07:31:14 PM
#23
I am going now to sleep i reply later. If you want now a answer try a mail to [email protected] maby anybody of the Team don't sleep.
full member
Activity: 224
Merit: 100
Any store can buy, sell, and accept Crypto
March 22, 2014, 07:28:41 PM
#22
How does bitcoind generate a wallet.dat from a passphrase?

In the passphrase is you wallet.dat encypted
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
March 22, 2014, 07:26:53 PM
#21
How does bitcoind generate a wallet.dat from a passphrase?
full member
Activity: 224
Merit: 100
Any store can buy, sell, and accept Crypto
March 22, 2014, 07:24:49 PM
#20
If you have more question ask  here or at [email protected]
full member
Activity: 224
Merit: 100
Any store can buy, sell, and accept Crypto
March 22, 2014, 07:23:05 PM
#19
So where is the wallet stored?  It can't be in your cache because if you delete your cache you'd delete your wallet

In the Browser Cache. And no if you delete the Browser Cache you still can access your Bitcoin. You passphrase is your access(the key). With the passphrase you can generate again the Wallet with the same addresses and privat keys. Your passphrase is you Wallet only encypted
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
March 22, 2014, 07:18:44 PM
#18
So where is the wallet stored?  It can't be in your cache because if you delete your cache you'd delete your wallet
full member
Activity: 224
Merit: 100
Any store can buy, sell, and accept Crypto
March 22, 2014, 07:17:10 PM
#17

Hold on. Your Bitcoins are not at my Wallet there are in you PC. I generate nothing

You are using javascript. There is no reason on the planet for anyone to use javascript. Period. It's a steaming pile of shit with a bazillion known vulnerabilities and more found daily.

No. JavaScript is secure. And not all is JavaScrypt the most is HTML,PHP. Java+JavaScrypt only for Bitcoind (https://code.google.com/p/bitcoinj/)
full member
Activity: 224
Merit: 100
Any store can buy, sell, and accept Crypto
March 22, 2014, 07:14:28 PM
#16
Nothing of that. If you access our Server your PC download the SourceCode and encrypt/decrypt there the Wallet. But if you delete the Browser Cache your PC download the Code again and open the Wallet again. The Website is only the GUI/Userinterface for the Wallet. Your passphrase is like a door key. All Software runs local at your PC

Thanks. I understand.

Next question ... As I understand it, the passphrase is encrypted as a first step to generate the private keys. Where does the key used to encrypt the passphrase come from?

Now i don't und er stand you question. But i try to answer.

Generate:

1. Your Browser download the Scrypt
2. You generate a passphrase (OpenSSL+AES)
3. Bitcoind generate a encypted Wallet (AES) and generate 10 addresses (JavaScrypt/Bitcoind/Bitcoinj)
4.It encrypt all together (OpenSSL+AES)

Login:

1. You access KryptoWallet (online)
2.You enter the passphrase (offline)
3. It decrypt the passphase (offline) (OpenSSL with AES)
4.It decrypt the Wallet (OpenSSL with AES) (offline)
5. access to Wallet (offline)

This is a short Version of how KryptoWallet works
member
Activity: 70
Merit: 10
March 22, 2014, 07:03:23 PM
#15

Hold on. Your Bitcoins are not at my Wallet there are in you PC. I generate nothing

You are using javascript. There is no reason on the planet for anyone to use javascript. Period. It's a steaming pile of shit with a bazillion known vulnerabilities and more found daily.
full member
Activity: 224
Merit: 100
Any store can buy, sell, and accept Crypto
March 22, 2014, 07:01:19 PM
#14
At your Browser Cache, there is your Wallet,BTC ... saved. If you delete your Cache you still have access to your Coins

But what algorithm do you use to generate the private keys from the passphrase?

AES 256bit with OpenSSL, bitcoind in JavaScrypt

Hold on. You want me, to trust you ( a stranger) with my bitcoin in YOUR wallet... on a site that uses javascript... that claims to encrypt my wallet with a key YOU generate via javascript.

PASS

Hold on. Your Bitcoins are not at my Wallet there are in you PC. I generate nothing
legendary
Activity: 4466
Merit: 3391
March 22, 2014, 06:46:06 PM
#13
Nothing of that. If you access our Server your PC download the SourceCode and encrypt/decrypt there the Wallet. But if you delete the Browser Cache your PC download the Code again and open the Wallet again. The Website is only the GUI/Userinterface for the Wallet. Your passphrase is like a door key. All Software runs local at your PC

Thanks. I understand.

Next question ... As I understand it, the passphrase is encrypted as a first step to generate the private keys. Where does the key used to encrypt the passphrase come from?
member
Activity: 70
Merit: 10
March 22, 2014, 06:28:54 PM
#12
At your Browser Cache, there is your Wallet,BTC ... saved. If you delete your Cache you still have access to your Coins

But what algorithm do you use to generate the private keys from the passphrase?

AES 256bit with OpenSSL, bitcoind in JavaScrypt

Hold on. You want me, to trust you ( a stranger) with my bitcoin in YOUR wallet... on a site that uses javascript... that claims to encrypt my wallet with a key YOU generate via javascript.

PASS
full member
Activity: 224
Merit: 100
Any store can buy, sell, and accept Crypto
March 22, 2014, 06:04:22 PM
#11
If the private keys are generated from an encrypted passphrase, then I cannot access my bitcoins if your site goes down, right?
Where is the encryption of the passphrase done? Do I send the passphrase to your service or is your encryption key sent to me?
At your Browser Cache, there is your Wallet,BTC ... saved. If you delete your Cache you still have access to your Coins

Sorry, I didn't understand your answer. Let's assume the wallet isn't cached.

If the wallet is not cached, then the passphrase must be encrypted to generate the private keys. Do I send my passphrase to you to be encrypted or do you send the encryption key to me?

If the wallet is not cached, then I can only access my bitcoins if your service is available because I need you to encrypt the passphrase, right?



Nothing of that. If you access our Server your PC download the SourceCode and encrypt/decrypt there the Wallet. But if you delete the Browser Cache your PC download the Code again and open the Wallet again. The Website is only the GUI/Userinterface for the Wallet. Your passphrase is like a door key. All Software runs local at your PC
legendary
Activity: 4466
Merit: 3391
March 22, 2014, 05:41:06 PM
#10
If the private keys are generated from an encrypted passphrase, then I cannot access my bitcoins if your site goes down, right?
Where is the encryption of the passphrase done? Do I send the passphrase to your service or is your encryption key sent to me?
At your Browser Cache, there is your Wallet,BTC ... saved. If you delete your Cache you still have access to your Coins

Sorry, I didn't understand your answer. Let's assume the wallet isn't cached.

If the wallet is not cached, then the passphrase must be encrypted to generate the private keys. Do I send my passphrase to you to be encrypted or do you send the encryption key to me?

If the wallet is not cached, then I can only access my bitcoins if your service is available because I need you to encrypt the passphrase, right?

full member
Activity: 224
Merit: 100
Any store can buy, sell, and accept Crypto
March 22, 2014, 05:37:48 PM
#9
How do you generate additional addresses?

Your passphrase is turned into a 128bit key and it is into a 256bit key encrypted which is then stretched into 10 bitcoin addresses. There is no limit but for now 10 per passphrase should be adequate. (OpenSSL+AES+Bitcoind)
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
March 22, 2014, 05:18:51 PM
#8
How do you generate additional addresses?
full member
Activity: 224
Merit: 100
Any store can buy, sell, and accept Crypto
March 22, 2014, 05:13:26 PM
#7
At your Browser Cache, there is your Wallet,BTC ... saved. If you delete your Cache you still have access to your Coins

But what algorithm do you use to generate the private keys from the passphrase?

AES 256bit with OpenSSL, bitcoind in JavaScrypt
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
March 22, 2014, 05:07:36 PM
#6
At your Browser Cache, there is your Wallet,BTC ... saved. If you delete your Cache you still have access to your Coins

But what algorithm do you use to generate the private keys from the passphrase?
full member
Activity: 224
Merit: 100
Any store can buy, sell, and accept Crypto
March 22, 2014, 04:53:13 PM
#5
If the private keys are generated from an encrypted passphrase, then I cannot access my bitcoins if your site goes down, right?

Where is the encryption of the passphrase done? Do I send the passphrase to your service or is your encryption key sent to me?

At your Browser Cache, there is your Wallet,BTC ... saved. If you delete your Cache you still have access to your Coins
full member
Activity: 224
Merit: 100
Any store can buy, sell, and accept Crypto
March 22, 2014, 04:52:10 PM
#4
Just curious, how much complexity do you enforce when generating a passphrase?

It would seem that running an extensive dictionary password attack could yield some ill-gotten dividends if you have a high enough usage.


AES 256bit keys with AES 128bit
legendary
Activity: 4466
Merit: 3391
March 22, 2014, 04:49:57 PM
#3
If the private keys are generated from an encrypted passphrase, then I cannot access my bitcoins if your site goes down, right?

Where is the encryption of the passphrase done? Do I send the passphrase to your service or is your encryption key sent to me?
member
Activity: 112
Merit: 10
March 22, 2014, 04:45:13 PM
#2
Just curious, how much complexity do you enforce when generating a passphrase?

It would seem that running an extensive dictionary password attack could yield some ill-gotten dividends if you have a high enough usage.
full member
Activity: 224
Merit: 100
Any store can buy, sell, and accept Crypto
March 22, 2014, 04:36:14 PM
#1
https://kryptowallet.org/  Grin Grin Grin We love BTCBTCBTCBTC

It's time to get a secure Bitcoin wallet.We don't store your Bitcoins locally or on our servers. So there is no Hacking possible like in MtGox.

Why should You use KryptoWallet ?

We are Open Source
We are a zero footprint wallet.
We support online or cold storage.
You can access your Bitcoin at every Computer with/without Internet access

We will do everything we can to protect your Bitcoins.

However you also need to take responsibility and follow these guidelines.

 Never give out your passphrase.
 Consider multiple passphrases
 Never lose your passphrases.

For more infomation visit kryptowallet.org/ or newtimes.co Try also our encrypted Cloud Service newtimes.co/infinity



Copyright (C) NewTimes/Devision KryptoWallet.
Jump to: