Topic: Check out my awesome site for generating secure OfflineAddress.com - page 2. (Read 12180 times)

Thanks for starting the topic, having third-party service check the checksum sounds like a great idea.

Great news, thanks for info!

Mike, the instructions I quoted were under the heading "If you're looking for the ultimate approach." In my opinion, downloading a ZIP from github is ultimately more secure than using a live web page, even if it is hosted by Google.

As for ways of validating the integrity / checksum of a live webpage, I've been very interested in this as well but haven't found a solution myself yet. bitaddress.org inserts the SHA checksum into the URL bar itself, but if the server or pointbiz's FTP credentials were compromised, this could easily be spoofed, so my feeling is that this provides a false sense of security.

The "live webpage validation" systems I've considered mostly fall along two lines:

1) A manual checksum process with instructions like, "copy and paste the source code into such and such website, and make sure the checksum matches such-and-such publish checksum." Bleah.

2) A distributed / buddy "check the checksums" network. Something like a github project that deploys as a service that each of us (you, me, pointbiz, brainwallet.org, etc.) runs on our own servers that checks the live HTML checksums of our buddy sites every hour. Users of bitaddress.org would check bitcoinpaperwallet.com to see if bitaddress.org's live checksum matches the github-published checksum, and visa-versa. This way a hacker would have to compromise several services simultaneously to avoid detection. There's a lot that I like about this, but to be effective it would be a little complicated as the user agents and IP addresses of the "checker" websites would have to be unpredictable. Otherwise the compromised site would just serve up the unadulterated web page to the buddy network checksum requests.

But until there's some effective "validate this live webpage" function that a grandma can use, I have to yell loud and clear that it is NOT safe to trust something as vulnerable as paper wallets generation off a live website. The "go offline" instruction isn't significant because a hacked website will produce predictable random numbers just as well.

All websites can get hacked, and it's such a soft juicy target that we must assume that some of our wallet-related sites (bitaddress.org, bitcoinpaperwallet.com, offlineaddress.com, brainwallet.org) WILL be hacked. And we should plan accordingly. That's my $.02.

PS: I've put up a proposal for comments regarding the idea of a third party site that would help validate live bitcoin web services:
https://bitcointalksearch.org/topic/auto-validating-bitaddressorg-bitcoinpaperwalletcom-brainwalletorg-etc-413882

Thanks for the hint 

I started out with one big file so I know what you mean about making it harder to develop. On the advice of others I now use nodeJS and GruntJS to automate the build process.

Check out the wallet details tab on bitaddress.org there are instructions for doing this at the bottom. It's not that user friendly but it works. It looks for 99 dice rolls.

Your consideration are very correct.
As for as HTTPS goes - yes, there is no reason not to implement it, and I'll add that as soon as site budget allows.

As for as server security goes - I'm hosting the site from Google's hardware and software, in order to be able to resist any attack Google itself can resist.

The instructions are created for broader audience than the one you're thinking about.
This site was created with security in mind as well as usability, so there are some compromises that have to be made. The security experts will download GitHub code anyway, but some old lady in China probably wouldn't know how to use the site if I make it a bit more complicated. Bitcoins shouldn't be elitistic currency accessible only to those with technical education, we have to think about those that don't know what we know. That's why I've also added "Other important considerations", those things might be very obvious to us, but they aren't obvious to everyone.
There is nothing we disagree about canton, it's just different users we're having in our minds.

Please share any other thought you have about security issues, here or on GitHub (for example, I'm thinking about ways to implement protection from SSL strip attach beside HSTS).

Hi Mike,

These security instructions on your site are problematic. Nobody should generate addresses directly from HTML loaded directly from offlineaddress.com -- or any other website for that matter.

* you aren't running your site over https (yet) so visitors are exposed to man-in-the-middle attacks

* even if you were running this over https, this places too much reliance on the security of your website and/or your webhosting provider. an obvious vector for attack is for someone to get access to your website and edit the live site. Visitors should *assume* that sites like bitaddress.org are compromised.

Your instructions should specify that the only safe way to print wallets is to download your github code and verify signatures/checksums before running the code. Github may be hacked some day, but at least it's fairly easy to verify checksums/signatures on downloaded files, unlike HTML loaded directly from a live website.

Nice website, I like the idea.

Thanks

That's not yet possible with offlineaddress.com. Once all the code is packed-up as one downloadable file it's harder to continue developing it. So since I'm still adding code to this project on almost daily basis I'm postponing that feature.

I'd like to see this tool and bitaddress allow input of dice rolls as the entropy source for the ultra-paranoid. 100 rolls at 2.58 bits of entropy per dice makes more than the 256 maximum bits of entropy required to get the best protection. Of course users could choose to stop after say 60 rolls if they were willing to give up some protection. With multiple dice in a shoebox this doesn't have to take very long.

I can download bitaddress file and unzip it and run it for the fist time in a freshly booted system using WinPE or Ubuntu on CD or USB.

Downloading offline all the content is one thing, but is this possible (what i described above) with your software?

Actually I implemented offline functionality in the meantime.
Check it out, it should be working without any problems. Just load the site once and your browser will keep the site stored locally, so you'll be able to use it even when you're offline.

Yes please. This is a priority for me. I use bitaddress.org (thank you ninja for your incredible work) online ONLY for didactic purposes.

I always do everything serious on a live distro that never sees the internet. bitaddress.org and brain wallet.org work perfectly offline.

Awesome site BTW. Thank you!

I've just added more description about the site here: http://www.offlineaddress.com/?site=about

I just added Print button  , and it's working great. Check it out.

_{(if fonts go wild on first 2 notes just upgrade your browser or try it on chrome - some browsers don't yet support @font-face in print mode)}

The 40ms was manually defined limit (after a lot of testing). Initially I was using longer interval, but I just ended up being frustrated (it takes to long to fill in for 1000 addresses  )

I didn't know about that online test you pasted.  Does it work in all major browser?
I chose ajax test, because that way I'm also aware if user disconnects some cable or turnes off some router - user's machine will probably still think that it's online, but html requests won't go through (and request will timeout after 2sec).


That initial ajax call is optional, nothing is lost if user is offline and the request doesn't goes through.
However, if user is already online that call provides him with initialization of array in which mouse-provided randomness will be stored (all mouse coordinates are XORed over initialized array). That way even if users is lazy and doesn't move his mouse much - his mouse coordinates will be evenly distributed over coordinate space. (Otherwise I'd probably increase those 40ms you've mentioned, which would be frustrated for user). And by providing those from server, user's browser is protected even if it's random generator is compromised or old (basically user doesn't have to trust his machine).

Cheers 

@mikewoods,

Can you explain the ajax call to get an initial random number to fill the byte array?

https://github.com/mikewoods/OfflineAddress.com/blob/4af67c35effa95b54dda75e054a5631186b59ea7/index.html#L691-L701
https://github.com/mikewoods/OfflineAddress.com/blob/4af67c35effa95b54dda75e054a5631186b59ea7/index.html#L662-L668

How does this impact the entropy when you are offline? What is the benefit of providing an initial seed from the server? Are these seeds logged?

Thank you for the offer of beer :-) 

The visual feedback on mouse movement collection is very nice graphically.
You are waiting 40ms between collecting mouse points, correct? Do you have an article/white paper I can read on that technique?

I have avoided any use of ajax calls and it appears you make two ajax calls.
Canton Becker appears to have a good solution for warning the user about being online without using an ajax call:

I think I will implement that technique on bitaddress. Have you considered it for your site?

Don't get discouraged.

It's just we have had bitaddress from the beginning almost. We've grown to trust it. You need to stick around and age as well.

Bitaddress was also around when bitcoins were worthless so it wasn't risky to test.