Pages:
Author

Topic: Can bitaddress.org be trusted? (academic question) - page 2. (Read 2298 times)

hero member
Activity: 924
Merit: 1001
An important note:

As I understand it, after you generate your bitaddress.org private key, there is nothing stopping you from rearranging the letters manually and regenerating, while offline.

In such an event, there is no way on earth any third party could know your key.

You've effectively customized it.
member
Activity: 98
Merit: 10
Make sure printer isn't connected to internet in any way. Maximum security!
full member
Activity: 210
Merit: 100
Crypto News & Tutorials - Coinramble.com
Some of the best people in Bitcoin industry advised me to use that numbered method mentioned in the OP. It should work just fine, I guess.
full member
Activity: 209
Merit: 148
Might want to give Nobrainr a spin. It's a small python private key generator. Also supports physical dice input.

Thanks, I'm aware of it, but I don't want to fiddle with brainwallets... I'm looking for something that can generate plain standard key pairs. Couldn't find anything simple enough, but I'll keep searching...

EDIT: Also, I'm now getting a scary certificate warning (in Chrome) when going to https://www.bitaddress.org.
Not sure what this is all about, but it should be fixed as soon as possible.
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
Might want to give Nobrainr a spin. It's a small python private key generator. Also supports physical dice input.
full member
Activity: 209
Merit: 148
I really wish we had something more simple available for this kind of purpose.
bitaddress.org is nice but the complexity of the source code is too high for most
users (even tech-savvy ones) to casually review. This is why we are getting
threads like this one every other week...
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
I suppose you need to trust that the JS is not intentionally modified to use weaker PRNG/seed. Or that your browser is not compromised to provide less entropy.
legendary
Activity: 1960
Merit: 1062
One coin to rule them all
I know this topic has been discussed many time... I want to hear your opinion about the private address generation algorithm on https://www.bitaddress.org/.

I been looking at different methods to SECURE funds in a paper wallet (for a academic study).
My conclusion is that offline generation with a dump of https://www.bitaddress.org/ is straight forward and easy to use - and secure if you follow certain procedures.

Lets assume that I am super paranoid..
- Download https://www.bitaddress.org/ to a new USB stick
- Download Ubuntu to a new stick.
- Boot Ubontu on computer that is located in a soundproof Faraday cage with black curtains around - with no connection to any kind of network.
- Generate wallets - copy with pen/paper (or print through a printer on the USB port).
- Destroy all your equipment after.

.... am I missing something? (please point out if yes)

The question is: can bitaddress.org be trusted?

I have not studied the code - but if the seed are not completely deterministic, then will it be possible to re-generate the private address or at least limit the range to bruteforce.
What is your opinion, can https://www.bitaddress.org/ be trusted in regard to making completely random private keys?
 
Pages:
Jump to: