Topic: Check out my awesome site for generating secure OfflineAddress.com - page 3. (Read 12180 times)

I registered to tell you all about this site. I'm not kind of person to brag about something without first having something to show.

Bad seeds can't effect the security of the site because all users mouse movements are used to create exact number of bits needed for generating all the addresses - which are then XORed over pseudorandom sequence, making is unnecessary from theoretical perspective.
If user shakes his mouse well, there is absolutely no benefit of using seeded number at all.
In other words - even if seed is bad, total provided entropy will still be enough to generate all address with perfect (maximum theoretically possible) entropy - providing perfect security. 

In code, there is 'randomnessContainer' in https://github.com/mikewoods/OfflineAddress.com/blob/master/index.html which is the only thing used for providing randomness for generating addresses, and it's this.array contain the truly random data - which you can inspect using your favorite debug tool.

mike, why did you register to Bitcointalk the day before you released this? I'm a skeptic because it could be easy for this software to generate bad seeds, which lead to bad private keys.

Its hard for anyone to use this kind of software, even if it does provide excellent security as you claim. But your a new user, who suddenly releases a software to generate private keys.

I want to use it because of added security compared to bitaddress, but its a risk..

Solved 

Now site supports html5 caching!
This means that once you load the site, everything will work perfect even if you try reloading it when you offline, or after you restart your browser. 
This mechanism only stores static files, no other data like cookies or anything else is stored.

Could you try it out and let me know if everything works fine for you now?

Let's just be glad this isn't a straight up scam (or not yet)

Unlike this site a newbie is using http://flexcoin.com/

Hi 1ninja, I'm very glad you commented on this tread.
Let me first say that my site owes a lot to you marvelous work! Thank you a lot, having your site to look at helped me with my work!

As for the text I've quoted:
My software is notifying user if he's online, so that he can get offline and generate addresses. Your site can be used offline as well, the only difference is that I'm warning people about that.
Also, I must say I'm a bit envious of that all-in-one packaging you've done by embedding all your media into the site. I'll try to do the same thing once code base growth slows down.

We both have a lot to learn from each other, and I'll be happy to listen to any advice you have.

If we ever meet, beers are on me.  Cheers!

Who's going to pay for that? I think the responses Mike has given us are not those of a scammer, completely the opposite in fact ....

If you want to audit, please go ahead, I'm sure Mike would be delighted

The issue of entropy for a pseudorandom number generator is serious and important. It's true that bitaddress will generate an address for you if you do not move the mouse at all. That feature was requested by users of my site and in hindsight text input from the keyboard should replace mouse movements on devices without a mouse. I am discussing the issue here with other coders, I welcome any comments:
https://github.com/pointbiz/bitaddress.org/issues/35

You can visualize the seed pool of bitaddress.org by using the following query string at the end of the url:
https://www.bitaddress.org/bitaddress.org-v2.7.2-SHA1-364542f1ccc5777c79aebb1692a6265cf3e42e7e.html?showseedpool=true

If you move the mouse then bitaddress takes more than 1 mouse position, here is where it's determined how many mouse movements it will look for:
https://github.com/pointbiz/bitaddress.org/blob/master/bitaddress.org.html#L6638-L6669
https://github.com/pointbiz/bitaddress.org/blob/master/bitaddress.org.html#L5952

I would like to add that in all versions of bitaddress.org the time as well as mouse movements have been used to gather entropy.

Versions >= 2.7 have extra entropy from browser fingerprinting added to the seed pool. Additionally window.crypto.getRandomValues is used to initialize the seed. window.crypto.getRandomValues is also used to XOR the results of the ArcFour PRNG.

With the newest version of bitaddress.org the lowest entropy without mouse movements should be about 64 bits (assuming your browser does not support window.crypto.getRandomValues). If you add mouse movements to that you should be ok depending on your adversary.


I don't follow your logic here ?!? How does your software allow someone to generate offline addresses but bitaddress does not ?
I've specifically packaged my software as an all-in-one HTML document that is hashed then signed by my PGP key. The hash is available on bitaddress.org and bitcointalk.org. The HTML can be downloaded from either bitaddress.org or github.com and verified that you received the document that I authored.

Has anyone audited this code yet?

Idk whether to trust it or not.

If Chrome makes problems, try Firefox, it should be doable. But anyways, I'll try to implement HTML5 offline version as soon as possible - which should solve this.


Thank Canton, it was very fun to work on those dots  
As for as window.crypto.getRandomValues() goes - there are a few problems:
1) not all browsers support it correct (and I'm trying to support a bit older browser (not really old once) as well, for example I've implemented address computation using both html5 workers, as well as doing it using UI tread with delayed recursives.
2) It's still pseudorandom which makes it conceptually unacceptable because it has limited entropy.
3) (less important then 1) and 2) ) Browser could be compromised (and it's very obvious thing to attack).

Mouse movement are used as primary source of randomness and it has a lot higher entropy then any pseudorandom source. Still, to protect the user a bit more it's xor-ed over pseudorandom sequence.

Anyways, I'd be more happy if this kind of very technical questions are discussed on GitHub, because they can be useful for people that decide to join later.


Those are valid consideration for possible attack - that's why my site doesn't store (and won't) a single cookie, doesn't include outside .js (no ads, and no analytic software), and that's also the reason why I'll have to support the site using only the donations.

Luckily the ecdsa can not be compromised because the randomness source is from human (bad randomness is what enabled the exploit on android).

Bitpop, I'd be very thankful if you open discussion about possible attack on GitHub, this information is very valuable.


Thanks devthedev!

Wow, very nice site!

Great job.

Yes watch out for html5 offline storage to. I would use on unnetworked vm that is then destroyed.

Its just cold keys are perfect, you can steal them later and they have large amounts. Be careful people. This looks legit. I didnt see any http requests after load. But someone can clone this site, etc.

Even then, initial ecdsa can be compromised. Like the android hack.

I also don't believe bitaddress takes only one reading

Hi mikewoods,

I quite like the visual display for your entropy gathering. From a psychological perspective, I think it makes it more likely that a user will do the work it takes to make good mouse movements.

I notice you're not taking advantage of window.crypto.getRandomValues(). Do you believe your random number generator is more secure? If so I'd like an explanation. It seems to me that mouse movement and such should either be a fallback or an enhancement to using window.crypto.getRandomValues. Not leveraging getRandomValues at all seems an oversight to me since it's supported by almost every browser now. (IE9 being the notable exception.)

Canton

I was looking out for the community when I said what I said and I think Mike knows that.
Of course someone could write something in the Java to do what they want. A program does what you tell it. It doesn't have to send things back, it could create Private Keys that it is told to.

I'm not accusing him though (I'm saying to be careful and have someone look at the code), perhaps he is bringing up a VERY important issue regarding those initial seeds not having the required entropy for truly random private keys and that is worrisome.
That needs to be looked at.

But, so does the code here.

It's certainly beautiful... I sure hope you are what you say you are Mike.

I downloaded the chrome "web page complete" and while running it locally, it let me do the mouse movements just fine but wouldn't let me go to the next screen upon generation. Oh well.

The more I think about it, the more I really think you need to make the site into a downloadable package that we can use as a portable app... It still seems too easy for the browser to report the priv key back to you after an offline generation. A cookie could store that and be told to report it at next page load, couldn't it?

Yeah I noticed the dots flying over the screen. Nice touch. Thanks for all the advice. Looks like I need to use your service

Thank you Its_About_Sharing - your post is correct.

I did push project on GitHub a few days ago (however it's 4 months old now), I didn't want to share any half-baked or untested product with others before I can call it version 1.0.
(If I were in other people's shoes I'd probably be skeptic at the beginning as well.)
You don't have to worry about math - it's working perfectly.
I didn't want to risk anyone's money with buggy software, so I finished it before sharing.

All the code is clean and as simple as possible (and not compressed for now, so that everyone can read it easily).
It's available here: https://github.com/mikewoods/OfflineAddress.com

I'm looking for all the help I can get to make this site even better.

Cheers!

Hey guys, with all due respect to Mike, he registered here Yesterday.
His code needs to be thoroughly looked through by the community before you go using it.
Most of us are not coders and open source is nice, once you know it is safe.

And I just checked - Mike opened his Git Hub account yesterday as well!
DO NOT USE this software until it is checked!!!

IAS

Thank you minimalB!

For now you could use browser's printing mechanism to print or export to pdf, but I'm planning to improve printing experience as soon as I get some time to do it (or if someone sends me a pull request on GitHub in the meantime  ).

Very nice site!

It would be nice if we could also include keystrokes into randomness.

Is there a elegant way to print or export to PDF?

That's a great thing, especially if they use smartphone sensors (unfortunately, on desktop clients there isn't much to collect beside mouse movements and keystrokes).

Regarding "industry-standard OpenSSL random number generator" - I'm a bit skeptic because it's know that some 'standards' have been forced by NSA and have a backdoor, for example:
https://en.wikipedia.org/wiki/Dual_EC_DRBG
http://www.researchgate.net/publication/250025759_Chapter_10_An_Elliptic_Curve_Asymmetric_Backdoor_in_OpenSSL_RSA_Key_Generation
, so it's hard to tell if there is more of those 'paid standards' that actually work against us.



I personally don't use any wallets to generate my BTC addresses, I always generate secure addresses and import them.
However, if software you're using does use mouse movements, camera snapshots or other input sensors to provide randomness than you don't have to worry (if they have it, and it's well implemented, they'll probably brag about it).