Author

Topic: Iancoleman users I want answers (Read 209 times)

legendary
Activity: 2268
Merit: 18748
January 21, 2023, 03:39:33 AM
#20
This might sound as an excuse but how you people suggest this to non-techy person using bitcoin/crypto who only wants safety to his coins, obviously most doesn't know how to use and setup linux OS, or doesn't have extra device for airgapped option.
I wouldn't. As I mentioned above, I think using websites for anything like this is a bad idea from the start, even if you are following all these precautions. Most users should download (and verify) a good software wallet such as Core or Electrum for small amounts, and get a good hardware wallet for larger amounts. If you know what you are doing then airgapped cold storage is even better, but I don't recommend this for non-technical users and I certainly wouldn't recommend generating cold storage from any website.

But as OP was asking, if you want to use Ian Coleman, then on an airgapped machine with a clean OS is the only safe way to use it.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
January 19, 2023, 01:10:04 PM
#19
Note: The website won't work if you just save the page using your browser and Ctrl-S.
It works. I just tried it. If you save the webpage, then you can open it with your browser on an offline device and use the tool without being connected to the internet.
Of course, it should be better to download the source code and run the tool on an airgapped device.

Well, it did not work on Firefox or Pale Moon for Linux. The HTML works, but the JS is apparently gone, and prevents mnemonics from being generated. Google Chrome, I don't know about it. Maybe it's different there.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 19, 2023, 11:23:02 AM
#18
This might sound as an excuse but how you people suggest this to non-techy person using bitcoin/crypto who only wants safety to his coins
Those people should get a hardware wallet.
hero member
Activity: 1554
Merit: 880
pxzone.online
January 19, 2023, 10:58:16 AM
#17
There is nothing stopping malware already on your device from altering what Ian Coleman will display, or saving anything you enter to file and transmitting it to an attacker next time you connect to the internet. At a bare minimum, you should use a live and amnesic OS such as Tails as Loyce has described above. Better still is to use it only on a permanently airgapped device which has been formatted and had a clean Linux OS installed.

I would also note that in general using any website which relies on Javascript is a bad idea for generating entropy. Ian Coleman (airgapped!) is useful for exploring a pre-existing seed phrase, checking different derivation paths, etc., but I would never suggest using it (or any other website, even if airgapped) for generating a wallet.
This might sound as an excuse but how you people suggest this to non-techy person using bitcoin/crypto who only wants safety to his coins, obviously most doesn't know how to use and setup linux OS, or doesn't have extra device for airgapped option. If most are not that techy, then does it mean more are prone of hacking for lacking of this security measurements. Or simply said that bitcoin and crpyto is just for techy people. Because if this is the case, then its one of the reasons why most people use exchange and other regulated user-friendly platform instead than learning the technicals.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
January 18, 2023, 06:18:15 AM
#16
I was warned a few times on this forum not to type my recovery seed into any online website or platform but I am surprised that people are using the Iancoleman website by fully typing in their recovery seed, how can we be sure that this is safe?

This is not safe. You should never type online any recovery seed which has funds, unless you are willing to spend them right away.

When handling private keys, I always assume my system is compromised (even though I haven't found any evidence for that).

This is the reason why you shouldn't type your keys in any website or online tool.

Even if you follow @dkbit98 advice and disconnect from the internet,  your system might be compromised and you don't know if someone is watching you.

Unless you are a computer security specialist, I highly recommend that you buy a hardware wallet and use it for seed generation, as you can be 99.9% sure it is safe and nobody had access to it.
legendary
Activity: 2268
Merit: 18748
January 18, 2023, 06:04:30 AM
#15
Open website in your browser and save it on you computer, than disconnect internet and generate seed phrase safely and write it on paper.
You should download and verify the source code from Github rather than save the website from your browser, since you don't know if the website is actually running the published source code.

This includes bitaddress.org should be used on your offline device to avoid getting compromised, it should always be "prevention is better than cure"
Disconnecting your computer temporarily is completely insufficient in terms of security. There is nothing stopping malware already on your device from altering what Ian Coleman will display, or saving anything you enter to file and transmitting it to an attacker next time you connect to the internet. At a bare minimum, you should use a live and amnesic OS such as Tails as Loyce has described above. Better still is to use it only on a permanently airgapped device which has been formatted and had a clean Linux OS installed.

I would also note that in general using any website which relies on Javascript is a bad idea for generating entropy. Ian Coleman (airgapped!) is useful for exploring a pre-existing seed phrase, checking different derivation paths, etc., but I would never suggest using it (or any other website, even if airgapped) for generating a wallet.
legendary
Activity: 2380
Merit: 5213
January 18, 2023, 03:21:06 AM
#14
Note: The website won't work if you just save the page using your browser and Ctrl-S.
It works. I just tried it. If you save the webpage, then you can open it with your browser on an offline device and use the tool without being connected to the internet.
Of course, it should be better to download the source code and run the tool on an airgapped device.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
January 18, 2023, 02:51:07 AM
#13
Note: The website won't work if you just save the page using your browser and Ctrl-S. You have to go to the Releases page on Github, and download the source code archive itself and then extract everything and open the webpage that is inside the unzipped folder.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 17, 2023, 11:56:12 AM
#12
And while IanColeman's original is supposed to be safe, it's much better to trust nobody and make sure you handle it with the correct security precautions. Better safe than sorry.
Those security precautions are not only meant for the website, but also for your own system. When handling private keys, I always assume my system is compromised (even though I haven't found any evidence for that).
hero member
Activity: 1554
Merit: 880
pxzone.online
January 17, 2023, 10:57:08 AM
#11
I was warned a few times on this forum not to type my recovery seed into any online website
That's right, except for the correct platform.

Now regarding the Iancoleman website, all of the inputs above about this site is true. This includes all the famous open source third party tools regarding wallet address generation (HD, paper,.QR, etc.), seed to private keys extractions, seed to x/y/zpub, etc. This includes bitaddress.org should be used on your offline device to avoid getting compromised, it should always be "prevention is better than cure"
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
January 17, 2023, 10:08:56 AM
#10
If that is really existing i think that's not safe because it will become visible to those people behind who created the website, where in surely they can get all your information easily as well.. So be aware!
This is not how Iancoleman  is currently working. Iancoleman is open-source and there is nothing hidden from the users. The website creator has no access to your input.
Of course, using the online version of Iancoleman is still unsafe and you should never enter your sensitive data on an online website.

There are also already IanColeman's clones which sole reason to exist is to steal users' keys.
And while IanColeman's original is supposed to be safe, it's much better to trust nobody and make sure you handle it with the correct security precautions. Better safe than sorry.
legendary
Activity: 2380
Merit: 5213
January 17, 2023, 10:05:25 AM
#9
If that is really existing i think that's not safe because it will become visible to those people behind who created the website, where in surely they can get all your information easily as well.. So be aware!
This is not how Iancoleman  is currently working. Iancoleman is open-source and there is nothing hidden from the users. The website creator has no access to your input.
Of course, using the online version of Iancoleman is still unsafe and you should never enter your sensitive data on an online website.
sr. member
Activity: 2016
Merit: 283
January 17, 2023, 09:53:52 AM
#8
I was warned a few times on this forum not to type my recovery seed into any online website or platform but I am surprised that people are using the Iancoleman website by fully typing in their recovery seed, how can we be sure that this is safe?

Some high ranking members even talk about this iancoleman, saying it's safe to use if you know how to, but typing your recovery seed into a website automatically brings down the security wall, correct me if I am wrong friends.

How sure are you that iamcoleman is safe? It's open source? My foot, because this website is just like every other websites out there, someone is always behind them, typing in your recovery seed means it's not safe anymore.

I am waiting for answers.
tbh with you mate i never heard such way to have an easy way to access a wallet using recovery seeds.  If that is really existing i think that's not safe because it will become visible to those people behind who created the website, where in surely they can get all your information easily as well.. So be aware!
for me I'm gonna take my time to input my address manually than using that websites just to ensure that my wallet is secured from hacking because that's very common and no one can avoid it even in some trusted platforms..
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 17, 2023, 07:24:46 AM
#7
Some high ranking members even talk about this iancoleman, saying it's safe to use if you know how to
Everything is safe if you know how to Wink

Quote
but typing your recovery seed into a website automatically brings down the security wall
Great, you know the basics. So don't do it!



If you haven't done it yet: play around with Live Linux distributions. There are many, I used to recommend Knoppix but Tails is much more aiming at security and privacy. Download it, put it on a DVD, boot it, unplug your interent, don't add WiFi, and run IanColeman's site (or Bitaddress or anything else you need offline) from a USB stick. Turn it off when you're done, and all traces are gone from RAM (unless you tell it to, it won't save any data). If you still don't trust it, remove your hard drive first.
legendary
Activity: 2212
Merit: 7064
January 16, 2023, 03:16:11 PM
#6
How sure are you that iamcoleman is safe? It's open source? My foot, because this website is just like every other websites out there, someone is always behind them, typing in your recovery seed means it's not safe anymore.
There is scary boogeyman behind every website so better don't use internet anymore  Cheesy
Official iancoleman website is safe and open source, you can verify that if you understand coding, but you don't need to do anything online if you correctly follow instructions.
Open website in your browser and save it on you computer, than disconnect internet and generate seed phrase safely and write it on paper.
If you are still paranoid, just use hardware wallet or airgapped laptop with Electrum to reduce chance of getting scammed.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
January 16, 2023, 03:02:28 PM
#5
And this is the important part, once you use it to recover whatever you wanted to recover if you put any key / seed / whatever into a live wallet consider it forever out there in the open.

Once you type something into a live system / hot wallet never think it's safe.

There is where the danger is. Yes, it's a very slight danger, but don;t think it does not exist.
There are many coins with interchangeable private keys....

-Dave
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
January 16, 2023, 02:40:10 PM
#4
How sure are you that iamcoleman is safe? It's open source?

It's open source. But that doesn't make it safe. You never have to trust what you find running online.
This being said, Ian Coleman's page also has, at its end, link for getting the files for offline usage. And if you get those, and use them offline, on a system with no persistence or which you'll wipe (not just delete) afterwards, then you're pretty much OK.
And even so, if you are paranoid enough (which is not a bad thing) you'll read that the random used by such scripts may not be that good. And this may or may not be a problem. 99% of the cases it isn't.

Is this the answer you were looking for?
legendary
Activity: 2380
Merit: 5213
January 16, 2023, 02:04:35 PM
#3
How sure are you that iamcoleman is safe? It's open source? My foot, because this website is just like every other websites out there, someone is always behind them, typing in your recovery seed means it's not safe anymore.
The tool in question is open-source and we can be sure that it hasn't been created to steal people's keys. So, it's not that anything you enter is recorded by the website owner. But since any online service and any online device is vulnerable to hacking, you should never use this tool online.
If you use Iancoleman properly, it's safe. Using properly means downloading the source code and running it on an airgapped device.
staff
Activity: 3500
Merit: 6152
January 16, 2023, 01:52:43 PM
#2
You can't be sure. It's never recommended to use it online but since the site is 100% open source (as you can see at the bottom of the page) you can download the source code and run it offline locally[1].

[1] https://github.com/iancoleman/bip39
sr. member
Activity: 728
Merit: 388
DGbet.fun - Crypto Sportsbook
January 16, 2023, 01:49:28 PM
#1
I was warned a few times on this forum not to type my recovery seed into any online website or platform but I am surprised that people are using the Iancoleman website by fully typing in their recovery seed, how can we be sure that this is safe?

Some high ranking members even talk about this iancoleman, saying it's safe to use if you know how to, but typing your recovery seed into a website automatically brings down the security wall, correct me if I am wrong friends.

How sure are you that iamcoleman is safe? It's open source? My foot, because this website is just like every other websites out there, someone is always behind them, typing in your recovery seed means it's not safe anymore.

I am waiting for answers.
Jump to: