Topic: My awesome website for generating truly secure OfflineAddress.com (Read 987 times)

Fixed  

P.S. I've opened tread about this site on main forum:
https://bitcointalksearch.org/topic/check-out-my-awesome-site-for-generating-secure-offlineaddresscom-399452

LOL  
I've changed text on button - now it's more obvious. 

  It should take just a few seconds for 10 addresses (for 1000 it takes a minute or so, if your browser supports HTML5 multithreading).
It's just a UI bug in handling asynchronous calls in some browsers, so it doesn't dispose 'Loading' overlay properly, and I'm working on that right now - should be fixed within a day or two. For now just retry (sorry for that).

Actually I didn't know I had to click on the Generate Address button ROFL :-)
I thought it was computing and I had to wait.. Maybe it's worth mention it somewhere on the page!

  The test for connection is made by trying to get the resource at http://www.offlineaddress.com/amionline
However, since request for that resource will take a long time if you are disconnected, the request times out after 2 seconds. I guess your connection was slow so it took more than 2 seconds to get the results of request, which made the site think that you are offline.
I could make this wait time longer (and maybe I should) but the problem with making wait time longer is that users has to wait for that time (which can be frustrating).

Could you please try reproducing your test multiple times and provide results so that I can better adjust wait time.  

Thanks black_swan,
Cheers!

Great job, thanks for sharing that here. 

How long does it take the generate the addresses?  I tried to generate 10 a new Macbook and after 5 min of waiting nothing happened.  Is is supposed to take this long? 

I tried to use it to create 1 address, still connected to internet, but it doesn't display anything, nor an alert saying I am still connected?

I know that most random generation uses mouse movements and hardware activity to create entropy.  However, I like the idea of being prompted to move my mouse for a period of time as it confirms that the software is doing it properly and not using some poor function to provide randomness.  It's one of the reasons I like using truecrypt for data encryption.  I am sure most bitcoin clients like multibit, bitcoin-qt, electrum etc...use mouse/hardware activity but since I can't confirm it I roll dice when generating new addresses.  It's a pain, but at least I know I am getting true randomness.  Anyway, cool site, the only thing I would recommend is maybe placing a textbox displaying the random pool as you move the mouse.

Unfortunately not.
BitAddress.org is a great site, it had a good run, and it helped a lot of people for the last two years. But, it's far from perfect...

BitAddress uses only initial mouse position - which gives you about 20 bits that have fine entropy (and that mouse position is picked even if you don't move your mouse at all [not the case on my site]).

Having just 20 bits is enough to set up the seed, but not even enough for one private key created using true randomness, and you need new bits with good entropy for other addresses.
(Random numbers generated from seed have entropy equal to size of the seed - that's why they are called pseudorandom, and shouldn't be used for any security mechanisms: https://en.wikipedia.org/wiki/Pseudorandomness#Cryptography . Using pseudorandom numbers for storing your money is next to insane.)

Let's say you want to create 1000 addresses - that require around 1000*32*8 or around 500 000 bits of entropy, but instead you're using just 20 bits - so if you guess that 20 bits you'll have access to all 1000 addresses (which makes it worth for someone to brute force)

Other problems with BitAddress.org are:
- You are online while generating addresses - so you can't generate "offline" addresses, and also brings up the question if your browser or operating system is infected...
(- I also think that the site is not elegant enough with too much information that aren't necessary for average Bitcoin user (just my personal opinion)).

Cheers!

BitAddress.org uses your mouse movements to help initialize seed. It is not good enought ?

Hi y'all!

I was sick of how the whole world ignores the problem with bad randomness when generating Bitcoin addresses, and how everyone thinks that anything created with PSEUDORANDOM numbers is secure.

I needed a secure way to generate Bitcoin addresses for myself - so being a programmer and open-source geek, I decide to do it myself (and make the world a better place, of course  ).

Check out OfflineAddress.com

Please comment, commit (on GitHub), suggest what to add ...

Cheers!