Totally Noob: How to check That Your Private Key Is Random

bitmover

legendary

Activity: 2352

Merit: 6089

bitcoindata.science

Quote from: Husires on January 30, 2022, 03:43:41 PM

I found some javascripts that allow you to generate offline private key randomly, what are the important parts of the code that I guarantee that the private key will be generated

I think you basically need to reviews the code.
Do you mindset sharing it?

Javascript's randomness is not very good.
For example, Math.random() is not really random. So if your scripts uses it, I think it is not good.
https://hackernoon.com/how-does-javascripts-math-random-generate-random-numbers-ef0de6a20131

You can try some libs such as
https://github.com/bitcoinjs/bitcoinjs-lib
https://bcoin.io/

I never used them.. but you can even run a full node using bcoin

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: Husires on January 30, 2022, 03:43:41 PM

Please: Dont say just download electrum or any other well-reviewed software.

You can use tools that can help you generate your wallet seed based on the results of a dice:
https://bitcointalksearch.org/topic/m.58955841
I know that from that point on you will have to create your private key from the seed.

You should read that thread, maybe you get more ideas for what you want to achieve.

Or, after all, the private key is just an awfully large integer.
If I've read/calculated it correctly, it's a number between 1 and 115792089237316195423570985008687907852837564279074904382605163141518161494337
You can easily pick yourself a number in that range (and convert it into WIF). But, as others said, there's quite a good chance you'll go for some "nice pattern" and will make your private key weak.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: Husires on January 30, 2022, 03:43:41 PM

randomly
unique (as same level as electrum)

How about this?

Code:

xxd -l 32 -ps /dev/urandom
# 1bcfc845367bb56264f8fba8886fefa86294ac96c86ef269f1ad208b1b1faa48

Quote from: Husires on January 30, 2022, 03:43:41 PM

Please: Dont say just download electrum or any other well-reviewed software.

Why not? It's most practical option if you're not cryptography/math expert.

witcher_sense

legendary

Activity: 2450

Merit: 4415

🔐BitcoinMessage.Tools🔑

Quote from: Husires on January 30, 2022, 03:43:41 PM

We knows that well-reviewed software is better, but it's better to find some alternatives.

I found some javascripts that allow you to generate offline private key randomly, what are the important parts of the code that I guarantee that the private key will be generated

randomly
unique (as same level as electrum)

Please: Dont say just download electrum or any other well-reviewed software.

If you don't trust well-reviewed reputable software with which to generate random numbers, just generate them manually using cards, dice, coin flips, or other methods that provide decent entropy. The alternative to that must not be other software that is less known/reviewed and may contain unexpected bugs, vulnerabilities, and backdoors. As for other questions: you can't prove the number you get is actually random no matter what methods of generation, software, or manual, you are employing. And you can't prove its uniqueness because it would require the knowledge of all other already generated private keys which you obviously can't know.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: Husires on January 30, 2022, 03:43:41 PM

Please: Dont say just download electrum or any other well-reviewed software.

Well, that's the correct answer because the alternative is for you to be an expert in that particular language (like the javascript you mentioned above) and review the code yourself. I'm not familiar with javascript to tell you where to look and what to look for, if it were c# and you had posted a link to the source code of the project you were planning to use, then I would be able to look at it and point out what to look for. So the answer is for you to stick to well reviewed software such as Electrum or Bitcoin Core.

Keep in mind that it is not enough to just look at the random() function, you have to see what the whole code is doing. It may have the correct random() function but the button you click in UI may not even use that!

hatshepsut93

legendary

Activity: 3024

Merit: 2148

Quote from: Husires on January 30, 2022, 03:43:41 PM

We knows that well-reviewed software is better, but it's better to find some alternatives.

Please: Dont say just download electrum or any other well-reviewed software.

No it's not better to find some alternatives, it's better to use the widely used and reviewed solution with a good reputation.

Quote from: Husires on January 30, 2022, 03:43:41 PM

Please: Dont say just download electrum or any other well-reviewed software.

What's the point of asking questions if you only want to hear answers that would validate your opinion?

Quote from: Husires on January 30, 2022, 03:43:41 PM

randomly
unique (as same level as electrum)

The low-hanging fruit would be to check that the function used to get random values is Crypto.getRandomValues() and not Math.random() or some library.

But it's pointless, you need to make a full software review to decide if the software is safe or not. If you don't have a high-lavel expertise in the target programming language, you won't be able to do it.

Husires

legendary

Activity: 1596

Merit: 1288

We knows that well-reviewed software is better, but it's better to find some alternatives.

I found some javascripts that allow you to generate offline private key randomly, what are the important parts of the code that I guarantee that the private key will be generated

randomly
unique (as same level as electrum)

Please: Dont say just download electrum or any other well-reviewed software.

Topic: Totally Noob: How to check That Your Private Key Is Random (Read 165 times)