pointbiz / bitaddress.org Goto Github PK
View Code? Open in Web Editor NEWJavaScript Client-Side Bitcoin Wallet Generator
Home Page: https://www.bitaddress.org
JavaScript Client-Side Bitcoin Wallet Generator
Home Page: https://www.bitaddress.org
I've looked for about half an hour while pulling my hair out and I can't seem to figure out where I could replace the address prefix '1' with something else.
What do you think about using www.random.org for seed pool initialization? Overwritten (XOR) with mouse movements of course.
Usable only when online of course.
I suggest to show only the QR code for the password-protected private key in BIP38 format, if such a key was the input.
Rationale:
Don't show the unprotected private keys as QR codes unless this is absolutely needed. If the user supplied a BIP38 key and the password as input, it is not necessary to generate QR codes for the unprotected keys.
The Brainwallet-Section-Warning is not working good enough. Every now and then is there someone on Reddit who lost his coins because of a weak brainwallet.
http://www.reddit.com/r/Bitcoin/comments/1q5rh6/4_btc_hacked_from_semicold_storage/
The Warning has to be much more explicit about what a "secure" password means and why "as#$h377!52" is not secure at all if people probe 4 billion combinations a second.
And the warning it should be highlighted.
And maybe stated that a brainwallet-passwort that is less complex then a normal bitcoin private key like
5KGoV3oZ9RSnqrpB9pGw3a9duMMqeHYwDqqeUQf4cdXACh9xqhJ
weakens your security.
Maybe a link to http://www.coindesk.com/dumb-mistakes-costly-bitcoin-losses/ would help to explain it.
If I check HideArt, Addresses to generate: 1
BIP38 Encrypt? check Passphrase: 123 Addresses per page: 7
I would expect to get 1 encrypted wallet copied 7 times e.g. seven identical wallets all encrypted with the same passphrase (in this example 123). As it is I only get one copy of the wallet.
This would be ideal, because I have seven copies of this wallet to keep in different locations. When I spend anything from this wallet I move all the change to a new paper wallet using a new passphrase for maximum security. Trying to always use a new encrypted paper wallet with a new passphrase and making multiple copies is quite cumbersome without my suggested option.
Thanks
Roger
I was learning about BIP38 today and went to bitaddress.org to see how it worked. I created an address on the Paper Wallet tab with the 'BIP38 Encrypt?' checked and a passphrase that just so happened to end with a space.
In Wallet Details tab, when I tried to decrypt with the same passphrase, it couldn't decrypt it. I tried removing the trailing space in the passphrase, but that didn't work either.
I went through the whole process again, this time without a trailing blank space and this time the decryption worked.
I repeated this process a few more times to make sure I hadn't made a mistake, alternating between putting a trailing space at the end and not putting a trailing space at the end of the passphrase with the same results. Passphrases without a trailing space decrypt just fine. Passphrases with a trailing space will not decrypt (again, trying both with the trailing space and removing the trailing space).
Here was my process in case you want to reproduce the error:
I'm using Safari 7.0.2.
I would like to contribute by letting the generated graphics of a paper wallet be super shap )by contructing an SVG image - including QR code)
Does anybody know where / who could have the original background graphics used at this moment?
When multiple paper wallets are generated, they blend into the private key of the paper wallet above. Even when one is generated, the private key bleeds off the printable area shown by my printer and off the screen.
http://i.imgur.com/Tpqu7Du.jpg
I am using Chrome version 33.0.1750.146 m
My Java is the latest version.
I am on Windows 7, 64bit, Japanese language OS.
The output of the paper wallet should have a big bold section of text worded like this:
"SECURITY NOTICE: DO NOT SCAN OR PHOTOCOPY WITHOUT WRITTEN PERMISSION FROM ACCOUNT HOLDER."
This is to protect people storing their paper wallets with legal services who employ people that may not realise the security hazard of copying a bunch of exposed private keys.
How do I get to the source for liteaddress.org - the site points to this repo but I dont see how I can compile it for litecoin.
If one generates paper wallets he either has to scan the QR codes of the Bitcoin addresses or has to enter them manually to load money on the paper wallets. This is very time consuming if creating a large number of paper wallets.
So I suggest to create a CSV list of Bitcoin addresses which can be copy&pasted.
Hello,
Today I created a paper wallet, I checked the Pub Addr in blockchain.info and strangely enough, the newly created bitcoin address had 1 BTC on it!!
The Priv Key on the other hand didn't match with this address, I extracted the Pub Key via Armory from this Priv Key and it resulted in a different Pub Addr.
I fully understand why bitaddress.org is shipped as a single file, but I'm pretty sure that there's a script somewhere that creates that single file, probably by grabbing a bunch of files from GitHub by commit hashes and concatenating them.
I'm interested because I have a use case where it'd be nice to have the individual files and perhaps the script that I suspect you're using to assemble them. I put together a Chrome packaged-app version of Bitaddress, and it's nice (though it still needs some polish). I followed these steps:
I could see two versions of the build script, one creating the single file with direct script concatenation, and the other with script src includes. The set of includes could be an optional file that's concatenated only in the second build type.
A different question is whether you would be interested in this app existing as a Bitaddress-branded app. I'm happy to help by handing over my work if you are. Otherwise, I'll probably take the open-sourced components of Bitaddress and build my own app (though since Bitaddress has become such a trusted name in the offline wallet space, I'd prefer just to be a contributor to your project).
Any interest?
I've been doing some testing with BIP38 decryption at bitaddress.org and ran into a funny issue when encrypting/decrypting wallets using the passphrase "घोडा स्टेपल" (no quotes) -- which is what you get when you use google translate to translate "horse staple" (no quotes) into Nepali.
My own BIP38 generator is, weirdly enough, giving me two different BIP38 encodings for the same wallet, whose details are:
public key 1ABCDF5v4oaodTPYnKfYvkfwuoa8PJkjMC
WIF key 5J4pcwBDPwPY1cdNqxTdmZWr7yCK8rXi9avFvezgYbmoatJpKGn
If I use Safari to encrypt with घोडा स्टेपल, I get
6PRNXA7M57uqSYXX2TXHkfNJEVMiWarkPkqUv3AsZa5r41u3VpXHLkUD9q
If I use Chrome / Firefox / IE and encrypt with घोडा स्टेपल, I get
6PRNXA7M4qEppBJCHM2SEizfna7XTomzXwdCBrEG6Mjo3nU6iziS6vWWXA
I'm not sure if this is my own bug, or something native to the BIP38 implementation I'm borrowing from bitaddress.org. Hard to test because I don't think bitaddress.org will let me BIP38 encrypt my own vanity address or brain wallet.
But here's something you can replicate / experience. I've been using bitaddress.org to check the validity of my BIP38 wallets. What I do is I fire up bitaddress.org, open up the "wallet details" tab, and use this to decrypt my "6P..." keys. And I'm getting browser-dependent results:
*** Using the 'wallet details' tab on bitaddress.org to decrypt the BIP38 key, if using safari, the safari-generated key (_9q) works, and the other-browsers key (_XA) fails to decrypt. If using chrome/FF/IE, the reverse is true. ***
I'm experiencing the same browser-dependent decrypting success/failure using the "decrypt private key" function at bit2factor.org.
Any ideas on why bitaddress.org is unable to decrypt my Nepali-encoded private keys unless I'm using the same browser I used to generate those keys?
From the "Brain Wallet" tab, entering a passphrase generates the address and WIF for an uncompressed public key only. Moreover, the compression status isn't noted on the screen.
This could be confusing to users who create key pairs using custom entropy sources. If they use another tool to double check, it may exclusively or by default show compressed WIF and address.
I'd like to see a checkbox labeled "Compressed" under the Brain Wallet tab. If checked, it produces a compressed address/WIF. It can be unchecked by default to maintain compatibility with current behavior.
I would like the ability to not only input 256 bits of random data as hex but also in other bases (like 6). This way generating truly random private keys offline from for example regular 6 sided dices would be much simplified.
Filename bitaddress.org-v2.8.1-SHA1-a6e63f2712851710255a27fa0f22ef7833c2cd07.html does not match the SHA fingerprint of the downloaded file, which is coming up as b298601228c883331e45bc03cac26e9aa306221a
$ wget -k https://bitaddress.org/
--2014-01-28 18:41:48-- https://bitaddress.org/
Resolving bitaddress.org (bitaddress.org)... 78.47.86.61
Connecting to bitaddress.org (bitaddress.org)|78.47.86.61|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://www.bitaddress.org/bitaddress.org-v2.8.1-SHA1-a6e63f2712851710255a27fa0f22ef7833c2cd07.html [following]
--2014-01-28 18:41:50-- https://www.bitaddress.org/bitaddress.org-v2.8.1-SHA1-a6e63f2712851710255a27fa0f22ef7833c2cd07.html
Resolving www.bitaddress.org (www.bitaddress.org)... 78.47.86.61
Connecting to www.bitaddress.org (www.bitaddress.org)|78.47.86.61|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 767382 (749K) [text/html]
Saving to: ‘index.html’
$ sha1sum index.html
b298601228c883331e45bc03cac26e9aa306221a
If I generate paper wallets with a BIP38 passphrase, for instance this one:
!"#€%&/()=?!"#€%&/()=?
.. and then copy / paste the encrypted private key to "Wallet details" and enter the same passphrase, sometimes I get "Incorrect passphrase for this encrypted private key", other times it just works. I cannot see a pattern for when it works or doesn't. It can give the error one time and then work fine right afterwards without me changing the input fields.
I can only reproduce this on OSX 10.8.5 / Safari 6.0.5 on my couple year old MacBook Air, have tried on two other OSX-configurations which both seemed fine, but since the error is periodical, I can not be sure it is related to this specific configuration.
I am guessing it is some kind of overflow / memory crash, that is not handled properly...?
I am using an offline copy of v.2.6.6
Is the file securerandom.js the most up to date version? Remember there was a CVE security issue about securerandom a while back that meant the PRNG was not as random as it should be.
Should allow one to bulk create encrypted keys too on the bulk keys tab.
Hey there,
i cloned the html file and changed everything needed for another altcoin. everything works fine except for two things:
Hi.
https://bitaddress.org/ redirects to
bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html
it would be good if https://bitaddress.org/?testnet=true redirected to
bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html?testnet=true
Cheers.
HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL[1]). HSTS is an IETF standards track protocol and is specified in RFC 6797.
The HSTS Policy[2] is communicated by the server to the user agent via a HTTP response header field named "Strict-Transport-Security". HSTS Policy specifies a period of time during which the user agent shall access the server in only secure fashion.
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Please consider adding BIP38 encryption to the Wallet Details page.
I generate BIP32 chains for storage and would like to keep an encrypted key or two on me to sweep as needed.
Thanks!
I would like to be able to specify my own Private Keys in the paperwallets tab.
Something like line 5576:
var key = new Bitcoin.ECKey(document.getElementByID("papercustompk").value().toString());
And on line 4677: Custom text input field.
I'm not sure if it can be solved or is due to the hard BIP38 process, but every time I try to encrypt a paper wallet with BIP38 on any iOS device (iphone/iPad), it just crashes. I'm not sure if its a memory issue or what, but I tried it on the last iPhone and iPad available on market with the same result... And would be great to have it working there, being Mobile Safari some kind of sandboxed-secured app..
The keys and addresses ought to be in a monospaced
font. The reason is so that if one had to manually transcribe the address it's more legible. The CSS font-family: monospace;
ought to work. I'm not sure what's a web safe font and what's not, though.
Having obtained one of these, http://onerng.info/ I wondered if there is a way for a user to manually incorporate it and remove the need for seeding the PRNG with dots and typing?
Tested in Firefox 23.0 on Ubuntu 12.04.3 and Firefox 25.0.1 on Mac OS X 10.9.1.
Steps to reproduce:
Expected output:
100 paper wallets with unique addresses and keys
Actual output:
Around half of the wallets are completely blank (no QR codes or address or encrypted private keys). The number of blank wallets varies with each run.
Other notes:
It appears it may have something to do with the async callback being called too early. When experimenting with a smaller number of wallets to generate (say 25), I get a similar result with the bottom few wallets being empty, but after about 30 seconds, they sometimes will populate themselves. With a large number of wallets (around 100), the bottom half never gets populated no matter how long I wait.
This problem only seems to happen when I select Hide Art.
The current release doesn't work on IOS devices (iPad, iPhone) because UI interaction (especially tapping/clicking) doesn't work. You can't seed the random number generator, even by clicking on the textbox.
Not sure if this is the best way to fix it, but I tested this and it works:
<body onclick="SecureRandom.seedTime();" onmousemove="ninja.seeder.seed(event);" ontouchmove="ninja.seeder.seed(event);">
// body-appending these divs on IOS breaks the ability to click on anything
if (navigator.platform != 'iPad' && navigator.platform != 'iPhone' && navigator.platform != 'iPod') {
document.body.appendChild(div);
}
In commit 19f99f the seed space has the full height of the window available.
However, after modifiying:
body, html { height: 99%; }
with commit a8e317 (Version 2.9.2) into:
body, html { min-height: 99%; }
The available seed space has returned to only the height of the page content, not the full window.
I couldn't remember at the time why I decided to use the height
attribute instead of min-height
and this appears to be the reason.
On the Paper Wallet tab, it will allow you to encrypt a BIP38 wallet with an empty passphrase.. but then if you copy an encrypted 6**** encrypted private key to the Wallet Details and then try to View Details with an empty passphrase, an error states that you must enter a passphrase...
SO, either the error box should be removed and attempt to complete with no passphrase.. or an error box should pop-up when you create the encrypted wallet requiring a passphrase..
thx.. /mr
If your bitaddress.org site was compromised, how would anyone know?
The signed message at https://www.bitaddress.org/pgpsignedmsg.txt is not worth anything unless we are sure it is signed with your public key and not the attacker's.
How do we verify this? I would imagine you would either have to prove your key pre-dates the site, or it has been signed by someone else in the bitcoin community that people are likely to trust?
Hello dear developers,
I use BTC though I also use LTC and It's been a while since I've tried to find a way in sending raw transactions to the Litecoin - LTC network (blockchain).
While using bitcoins - BTC, I use to create addresses thru brainwallet.org and bitaddress.org instead of creating them by oficial client. I also use to generate raw transactions in http://brainwallet.org (offline) as well, then copy them and send to the blockchain/network at https://blockchain.info/pushtx
Is there any way to make a BTC and LTC add-on into the javascript for it to also support both BTC and LTC raw transaction generators?
Is there anybody out there with any plans to develop that function in the near future?
Best Regards,
Financisto
Currently browser fonts are used. This leads to two problems:
The OCR-A font (https://en.wikipedia.org/wiki/OCR-A_font) was developed in 1968 as an extremly well machine-readable font and is standardized as ANSI X3.4-1977. X3.4 and ISO 1073-1:1976 (and DIN 66008 in Germany). The fixed character width avoids layout problems.
So I suggest to use OCR-A as font and include it in the repository to make sure it's available on all browsers.
Please make BIP38 available for testnet. Right now I only see it in the prodnet version, and I'd like to test your implementation with Mycelium (I am a Mycelium dev).
The html file is now triggering some antivirus software because of this newly catalogued exploit of IE browsers. We may need to find another way to add the images.
I've been trying to make a B6 key and it's been pretty rough due to losing count, not being able to see how long the string is so far, and so on. I feel as if either a length indicator should be added to the wallet details input box, or a separate tab that goes through a full set of prompts for 99 digits should be added for dice generation.
I would love the opportunity to make custom paper wallet backgrounds and choose them in the paper wallet tab. I'm not a coder, but please let me know if there is a way to do this now that a normal person can do and what tools to use. Thanks.
I see you can generate three wallets per page. The problem is they all have the same password.
I would like to be able to specify separate passwords for each, otherwise it's a paste of paper to generate one per page.
The UI could be something like
Encrypt [y/n] Use same password for all [y/n]
wallet 1 password [____________________]
If they tick no, then repeat password field for n times. Use HTML5 validation so they all have to be completed.
e.g.
Number of wallets [3]
Encrypt [y] Use same password for all [n]
wallet 1 password [____________________]
wallet 2 password [____________________]
wallet 3 password [____________________]
Allow placing text in the "Amount" section of paper wallets, perhaps right-adjusted.
I noticed in the code,
https://github.com/pointbiz/bitaddress.org/blob/master/src/ninja.misc.js#L31-38
That if the mouse isn't moved during the seeding, that all that is folded in to the seed value is the current time. At first I thought this was being done many times, but I put in a log statement and it only printed once.
That doesn't seem like enough entropy, right? Someone asked about this on reddit because his browser wasn't using the mouse movements for some reason.
Unless I'm misreading the code or miscalculating how much entropy we have, (which is entirely possible), it seems the prudent thing to do here is just bail out - we should never let a key be generated without enough entropy.
vanitygen defaults to creating compressed public keys, so the vanity wallet tab should follow suit.
See 9aadff5 for a simple fix.
I'd like to be able to add entropy through a text field (e.g., from flipping a coin). Is this a reasonable feature, or should I just pursue this in my own fork?
The details tab suggests "Below we show ... your Private Key in the most popular encoding formats (WIF, WIFC, HEX, B64, MINI). "
However MINI is not displayed. Not sure if the fix is to remove the promise or add in MINI display?
It would be nice to be able to select a number of splits (n) and a threshhold number (t), and have the generated key go straight into shamir's algorithm. Then base58 each of the n pieces.
Currently there's no elegant way to do this. passguardian.com will do the splitting, but the resulting output is unnecessarily long. I could base58 it myself, but I would really like to see a solution that a non-programmer could use. And it's kind of silly to repeatedly switch between numbers and strings, when you could do it all in one go.
When loading bitaddress.org on Android (all versions it seems) it says the site is untrusted.
I think this is because Android does not trust PositiveSSL as a root CA and requires the full intermediate chain linking back to Commodo. The SSLLabs test seems to confirm this.
Basically step two from here: http://www.positivessl.com/ssl-certificate-support/cert_installation/apache-ssl.php
Sorry if this is an inappropriate way to contact you, but your DNS is anonymous.
On the "Wallet Details" tab, entering the following out of range private key value into the text box and clicking "View Details" causes an error which displays incomplete output:
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
This is the error logged in the browser console:
Uncaught TypeError: Cannot read property 'toBigInteger' of null
bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html:1861 ec.PointFp.getX
bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html:2026 ec.PointFp.getEncoded
bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html:5693 Bitcoin.ECKey.ECKey.getPub
bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html:5730 Bitcoin.ECKey.ECKey.getPubKeyHash
bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html:5735 Bitcoin.ECKey.ECKey.getBitcoinAddress
bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html:9332 ninja.wallets.detailwallet.populateKeyDetails
bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html:9323 ninja.wallets.detailwallet.viewDetails
bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html:6787 onclick
Entering 0000000000000000000000000000000000000000000000000000000000000000
generates this error in the browser console:
Uncaught TypeError: Cannot read property 'toBigInteger' of null
bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html:1861 ec.PointFp.getX
bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html:2026 ec.PointFp.getEncoded
bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html:5693 Bitcoin.ECKey.ECKey.getPub
bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html:5730 Bitcoin.ECKey.ECKey.getPubKeyHash
bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html:5735 Bitcoin.ECKey.ECKey.getBitcoinAddress
bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html:9332 ninja.wallets.detailwallet.populateKeyDetails
bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html:9323 ninja.wallets.detailwallet.viewDetails
bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html:6787 onclick
Further, since the range of valid private key values for the secp256k1 curve, when specified in hex is [0x1
, 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140
], perhaps values out of range should be rejected, or displayed with a warning.
For example, the following invalid private key values seem to work without problem:
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364142
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.