Pages:
Author

Topic: Check out my awesome site for generating secure OfflineAddress.com - page 2. (Read 12180 times)

newbie
Activity: 50
Merit: 0

As for ways of validating the integrity / checksum of a live webpage, I've been very interested in this as well but haven't found a solution myself yet. bitaddress.org inserts the SHA checksum into the URL bar itself, but if the server or pointbiz's FTP credentials were compromised, this could easily be spoofed, so my feeling is that this provides a false sense of security.

The "live webpage validation" systems I've considered mostly fall along two lines:

1) A manual checksum process with instructions like, "copy and paste the source code into such and such website, and make sure the checksum matches such-and-such publish checksum." Bleah.

2) A distributed / buddy "check the checksums" network. Something like a github project that deploys as a service that each of us (you, me, pointbiz, brainwallet.org, etc.) runs on our own servers that checks the live HTML checksums of our buddy sites every hour. Users of bitaddress.org would check bitcoinpaperwallet.com to see if bitaddress.org's live checksum matches the github-published checksum, and visa-versa. This way a hacker would have to compromise several services simultaneously to avoid detection. There's a lot that I like about this, but to be effective it would be a little complicated as the user agents and IP addresses of the "checker" websites would have to be unpredictable. Otherwise the compromised site would just serve up the unadulterated web page to the buddy network checksum requests.

But until there's some effective "validate this live webpage" function that a grandma can use, I have to yell loud and clear that it is NOT safe to trust something as vulnerable as paper wallets generation off a live website. The "go offline" instruction isn't significant because a hacked website will produce predictable random numbers just as well.

All websites can get hacked, and it's such a soft juicy target that we must assume that some of our wallet-related sites (bitaddress.org, bitcoinpaperwallet.com, offlineaddress.com, brainwallet.org) WILL be hacked. And we should plan accordingly. That's my $.02.

PS: I've put up a proposal for comments regarding the idea of a third party site that would help validate live bitcoin web services:
https://bitcointalksearch.org/topic/auto-validating-bitaddressorg-bitcoinpaperwalletcom-brainwalletorg-etc-413882

Thanks for starting the topic, having third-party service check the checksum sounds like a great idea.
donator
Activity: 674
Merit: 523
That's not yet possible with offlineaddress.com. Once all the code is packed-up as one downloadable file it's harder to continue developing it. So since I'm still adding code to this project on almost daily basis I'm postponing that feature.

Great news, thanks for info!
sr. member
Activity: 261
Merit: 285
The instructions are created for broader audience than the one you're thinking about.

Mike, the instructions I quoted were under the heading "If you're looking for the ultimate approach." In my opinion, downloading a ZIP from github is ultimately more secure than using a live web page, even if it is hosted by Google.

As for ways of validating the integrity / checksum of a live webpage, I've been very interested in this as well but haven't found a solution myself yet. bitaddress.org inserts the SHA checksum into the URL bar itself, but if the server or pointbiz's FTP credentials were compromised, this could easily be spoofed, so my feeling is that this provides a false sense of security.

The "live webpage validation" systems I've considered mostly fall along two lines:

1) A manual checksum process with instructions like, "copy and paste the source code into such and such website, and make sure the checksum matches such-and-such publish checksum." Bleah.

2) A distributed / buddy "check the checksums" network. Something like a github project that deploys as a service that each of us (you, me, pointbiz, brainwallet.org, etc.) runs on our own servers that checks the live HTML checksums of our buddy sites every hour. Users of bitaddress.org would check bitcoinpaperwallet.com to see if bitaddress.org's live checksum matches the github-published checksum, and visa-versa. This way a hacker would have to compromise several services simultaneously to avoid detection. There's a lot that I like about this, but to be effective it would be a little complicated as the user agents and IP addresses of the "checker" websites would have to be unpredictable. Otherwise the compromised site would just serve up the unadulterated web page to the buddy network checksum requests.

But until there's some effective "validate this live webpage" function that a grandma can use, I have to yell loud and clear that it is NOT safe to trust something as vulnerable as paper wallets generation off a live website. The "go offline" instruction isn't significant because a hacked website will produce predictable random numbers just as well.

All websites can get hacked, and it's such a soft juicy target that we must assume that some of our wallet-related sites (bitaddress.org, bitcoinpaperwallet.com, offlineaddress.com, brainwallet.org) WILL be hacked. And we should plan accordingly. That's my $.02.

PS: I've put up a proposal for comments regarding the idea of a third party site that would help validate live bitcoin web services:
https://bitcointalksearch.org/topic/auto-validating-bitaddressorg-bitcoinpaperwalletcom-brainwalletorg-etc-413882
newbie
Activity: 50
Merit: 0
I started out with one big file so I know what you mean about making it harder to develop. On the advice of others I now use nodeJS and GruntJS to automate the build process.

Thanks for the hint  Smiley
sr. member
Activity: 437
Merit: 415
1ninja
I can download bitaddress file and unzip it and run it for the fist time in a freshly booted system using WinPE or Ubuntu on CD or USB.

Downloading offline all the content is one thing, but is this possible (what i described above) with your software?


That's not yet possible with offlineaddress.com. Once all the code is packed-up as one downloadable file it's harder to continue developing it. So since I'm still adding code to this project on almost daily basis I'm postponing that feature.

I started out with one big file so I know what you mean about making it harder to develop. On the advice of others I now use nodeJS and GruntJS to automate the build process.
sr. member
Activity: 437
Merit: 415
1ninja
I'd like to see this tool and bitaddress allow input of dice rolls as the entropy source for the ultra-paranoid. 100 rolls at 2.58 bits of entropy per dice makes more than the 256 maximum bits of entropy required to get the best protection. Of course users could choose to stop after say 60 rolls if they were willing to give up some protection. With multiple dice in a shoebox this doesn't have to take very long.

Check out the wallet details tab on bitaddress.org there are instructions for doing this at the bottom. It's not that user friendly but it works. It looks for 99 dice rolls.
newbie
Activity: 50
Merit: 0
Hi Mike,

These security instructions on your site are problematic. Nobody should generate addresses directly from HTML loaded directly from offlineaddress.com -- or any other website for that matter.

* you aren't running your site over https (yet) so visitors are exposed to man-in-the-middle attacks

* even if you were running this over https, this places too much reliance on the security of your website and/or your webhosting provider. an obvious vector for attack is for someone to get access to your website and edit the live site. Visitors should *assume* that sites like bitaddress.org are compromised.

Your instructions should specify that the only safe way to print wallets is to download your github code and verify signatures/checksums before running the code. Github may be hacked some day, but at least it's fairly easy to verify checksums/signatures on downloaded files, unlike HTML loaded directly from a live website.

Your consideration are very correct.
As for as HTTPS goes - yes, there is no reason not to implement it, and I'll add that as soon as site budget allows.

As for as server security goes - I'm hosting the site from Google's hardware and software, in order to be able to resist any attack Google itself can resist.

The instructions are created for broader audience than the one you're thinking about.
This site was created with security in mind as well as usability, so there are some compromises that have to be made. The security experts will download GitHub code anyway, but some old lady in China probably wouldn't know how to use the site if I make it a bit more complicated. Bitcoins shouldn't be elitistic currency accessible only to those with technical education, we have to think about those that don't know what we know. That's why I've also added "Other important considerations", those things might be very obvious to us, but they aren't obvious to everyone.
There is nothing we disagree about canton, it's just different users we're having in our minds.

Please share any other thought you have about security issues, here or on GitHub (for example, I'm thinking about ways to implement protection from SSL strip attach beside HSTS).
sr. member
Activity: 261
Merit: 285
Quote from: mikewoods[/quote
If you're looking for the ultimate approach:

1. Download a live disc and compare it's checksum to original source.
2. Boot your machine from a live disc.
3. Load OfflineAddress.com.
4. Disconnect from internet (unplug all network cables, turn off WiFi and Bluetooth, and turn on airplane mode if you have it).
5. Generate addresses and print them out.
6. Restart your machine.

Hi Mike,

These security instructions on your site are problematic. Nobody should generate addresses directly from HTML loaded directly from offlineaddress.com -- or any other website for that matter.

* you aren't running your site over https (yet) so visitors are exposed to man-in-the-middle attacks

* even if you were running this over https, this places too much reliance on the security of your website and/or your webhosting provider. an obvious vector for attack is for someone to get access to your website and edit the live site. Visitors should *assume* that sites like bitaddress.org are compromised.

Your instructions should specify that the only safe way to print wallets is to download your github code and verify signatures/checksums before running the code. Github may be hacked some day, but at least it's fairly easy to verify checksums/signatures on downloaded files, unlike HTML loaded directly from a live website.
newbie
Activity: 24
Merit: 0
Nice website, I like the idea.

Thanks
newbie
Activity: 50
Merit: 0
I can download bitaddress file and unzip it and run it for the fist time in a freshly booted system using WinPE or Ubuntu on CD or USB.

Downloading offline all the content is one thing, but is this possible (what i described above) with your software?


That's not yet possible with offlineaddress.com. Once all the code is packed-up as one downloadable file it's harder to continue developing it. So since I'm still adding code to this project on almost daily basis I'm postponing that feature.
newbie
Activity: 5
Merit: 0
I'd like to see this tool and bitaddress allow input of dice rolls as the entropy source for the ultra-paranoid. 100 rolls at 2.58 bits of entropy per dice makes more than the 256 maximum bits of entropy required to get the best protection. Of course users could choose to stop after say 60 rolls if they were willing to give up some protection. With multiple dice in a shoebox this doesn't have to take very long.
donator
Activity: 674
Merit: 523
I can download bitaddress file and unzip it and run it for the fist time in a freshly booted system using WinPE or Ubuntu on CD or USB.

Downloading offline all the content is one thing, but is this possible (what i described above) with your software?
newbie
Activity: 50
Merit: 0
Quote
If Chrome makes problems, try Firefox, it should be doable. But anyways, I'll try to implement HTML5 offline version as soon as possible - which should solve this.

Yes please. This is a priority for me. I use bitaddress.org (thank you ninja for your incredible work) online ONLY for didactic purposes.

I always do everything serious on a live distro that never sees the internet. bitaddress.org and brain wallet.org work perfectly offline.

Awesome site BTW. Thank you!

Actually I implemented offline functionality in the meantime.
Check it out, it should be working without any problems. Just load the site once and your browser will keep the site stored locally, so you'll be able to use it even when you're offline.
full member
Activity: 162
Merit: 100
Quote
If Chrome makes problems, try Firefox, it should be doable. But anyways, I'll try to implement HTML5 offline version as soon as possible - which should solve this.

Yes please. This is a priority for me. I use bitaddress.org (thank you ninja for your incredible work) online ONLY for didactic purposes.

I always do everything serious on a live distro that never sees the internet. bitaddress.org and brain wallet.org work perfectly offline.

Awesome site BTW. Thank you!
newbie
Activity: 50
Merit: 0
I've just added more description about the site here: http://www.offlineaddress.com/?site=about
newbie
Activity: 50
Merit: 0
Very nice site!

It would be nice if we could also include keystrokes into randomness.

Is there a elegant way to print or export to PDF?


I just added Print button  Cool , and it's working great. Check it out.

(if fonts go wild on first 2 notes just upgrade your browser or try it on chrome - some browsers don't yet support @font-face in print mode)
newbie
Activity: 50
Merit: 0

Thank you for the offer of beer :-) 

The visual feedback on mouse movement collection is very nice graphically.
You are waiting 40ms between collecting mouse points, correct? Do you have an article/white paper I can read on that technique?

I have avoided any use of ajax calls and it appears you make two ajax calls.
Canton Becker appears to have a good solution for warning the user about being online without using an ajax call:
Code:
switch(window.location.protocol) {
  case 'http:':
  case 'https:':
// you are online
  break;
  case 'file:':
// you are offline
  break;
  default:
}                       

I think I will implement that technique on bitaddress. Have you considered it for your site?

The 40ms was manually defined limit (after a lot of testing). Initially I was using longer interval, but I just ended up being frustrated (it takes to long to fill in for 1000 addresses  Smiley )

I didn't know about that online test you pasted.  Huh Does it work in all major browser?
I chose ajax test, because that way I'm also aware if user disconnects some cable or turnes off some router - user's machine will probably still think that it's online, but html requests won't go through (and request will timeout after 2sec).

@mikewoods,

Can you explain the ajax call to get an initial random number to fill the byte array?

https://github.com/mikewoods/OfflineAddress.com/blob/4af67c35effa95b54dda75e054a5631186b59ea7/index.html#L691-L701
https://github.com/mikewoods/OfflineAddress.com/blob/4af67c35effa95b54dda75e054a5631186b59ea7/index.html#L662-L668

How does this impact the entropy when you are offline? What is the benefit of providing an initial seed from the server? Are these seeds logged?

That initial ajax call is optional, nothing is lost if user is offline and the request doesn't goes through.
However, if user is already online that call provides him with initialization of array in which mouse-provided randomness will be stored (all mouse coordinates are XORed over initialized array). That way even if users is lazy and doesn't move his mouse much - his mouse coordinates will be evenly distributed over coordinate space. (Otherwise I'd probably increase those 40ms you've mentioned, which would be frustrated for user). And by providing those from server, user's browser is protected even if it's random generator is compromised or old (basically user doesn't have to trust his machine).

Cheers  Grin
sr. member
Activity: 437
Merit: 415
1ninja
@mikewoods,

Can you explain the ajax call to get an initial random number to fill the byte array?

https://github.com/mikewoods/OfflineAddress.com/blob/4af67c35effa95b54dda75e054a5631186b59ea7/index.html#L691-L701
https://github.com/mikewoods/OfflineAddress.com/blob/4af67c35effa95b54dda75e054a5631186b59ea7/index.html#L662-L668

How does this impact the entropy when you are offline? What is the benefit of providing an initial seed from the server? Are these seeds logged?
sr. member
Activity: 437
Merit: 415
1ninja

...

Other problems with BitAddress.org are:
- You are online while generating addresses - so you can't generate "offline" addresses, and also brings up the question if your browser or operating system is infected...

I don't follow your logic here ?!? How does your software allow someone to generate offline addresses but bitaddress does not ?
I've specifically packaged my software as an all-in-one HTML document that is hashed then signed by my PGP key. The hash is available on bitaddress.org and bitcointalk.org. The HTML can be downloaded from either bitaddress.org or github.com and verified that you received the document that I authored.

Hi 1ninja, I'm very glad you commented on this tread.
Let me first say that my site owes a lot to you marvelous work! Thank you a lot, having your site to look at helped me with my work!

As for the text I've quoted:
My software is notifying user if he's online, so that he can get offline and generate addresses. Your site can be used offline as well, the only difference is that I'm warning people about that.
Also, I must say I'm a bit envious of that all-in-one packaging you've done by embedding all your media into the site. I'll try to do the same thing once code base growth slows down.

We both have a lot to learn from each other, and I'll be happy to listen to any advice you have.

If we ever meet, beers are on me.  Grin Cheers!


Thank you for the offer of beer :-) 

The visual feedback on mouse movement collection is very nice graphically.
You are waiting 40ms between collecting mouse points, correct? Do you have an article/white paper I can read on that technique?

I have avoided any use of ajax calls and it appears you make two ajax calls.
Canton Becker appears to have a good solution for warning the user about being online without using an ajax call:
Code:
switch(window.location.protocol) {
  case 'http:':
  case 'https:':
// you are online
  break;
  case 'file:':
// you are offline
  break;
  default:
}                       

I think I will implement that technique on bitaddress. Have you considered it for your site?
legendary
Activity: 2912
Merit: 1060
Don't get discouraged.

It's just we have had bitaddress from the beginning almost. We've grown to trust it. You need to stick around and age as well.

Bitaddress was also around when bitcoins were worthless so it wasn't risky to test.
Pages:
Jump to: