Comments (3)
TL;DR if you made your private key with bitaddress v2.7 or newer than nothing to worry about.
Issue #35 gives an overview of the quality of the entropy in the random number generator and what fixes were done to address the issue inherited from BitcoinJS.
There are no known randomness issues after commit 008c727 on Dec 15, 2013 where the browser RNG was XOR with the ArcFour PRNG. Additional improvements were added in commit 3d135f7 on Jan 18 2014. The versions above and newer have the necessary 256-bit of entropy minimum.
Regarding to versions before Dec 15 2013 it's not clear that everyone had a minimum of 90-bit entropy (to feel safe). Math.random and the timestamp and the screen size were definitely used for every key generation, I believe this is roughly the 48-bit entropy vulnerability that the disclosure mentions. The code from Nov 6 2011 was written to add an additional minimum 60-bits of entropy by seeding the mouse position (and timestamp) an additional 50+ times (totaling 90+ bit entropy); this code may have been ineffective if the mouse was not moved before a too short timeout was reached (forcedGenerate function in the code). Leaving the key with less than 90-bit entropy.
The versions of bitaddress from Nov 6 2011 to 15 Dec 2013 (v2.6 and older) are potentially at risk from the randstorm disclosure (especially if you were slow to move the mouse or didn't move the mouse at all). The disclosure team has described the attack in further detail than has been previously explicitly described. This increases the risk that keys with weak randomness will be brute forced by attackers.
This issue is not new and was fixed 10 years ago for bitaddress.
Edited for accuracy.
from bitaddress.org.
It should be noted that there are no heroes. We have to earn this. Only time hardens code. That's why BitAddress is effectively ossified.
math.Random was left weak by experts working for Javascript language vendors (numerous times).
window.crypto.random was improperly deprecated by browser developers.
window.crypto.getRandomValues has had multiple CVE disclosures.
The secure random number generator in Java used in Android was also broken in the past (see CVE).
This recent disclosure team has specifically mentioned BitAddress as an example of demonstrating good entropy.
I don't subscribe to the school of thought that non-type-safe languages (Javascript) should not build cryptographic libraries. The above broken random number generators mentioned were all coded in type-safe languages.
We must understand the adversary. BitAddress takes the browser's operating system hardware entropy and XORs it with the human mouse movement entropy (or keystrokes) this means any intentional vulnerability in the operating system or browser will not compromise the strength of your key because there's at least 256-bit of human entropy to protect you.
Most other wallets on the market are just using the random number generator shipped by the NSA or Google or MS or Apple all who are under non-disclosure agreements to weaken cryptography (as history has shown).
The only thing better is to use dice rolls. For newbies using Bluewallet and a 6-sided die is appropriate. You can also use a 6-sided die with BitAddress (the first example of this technique).
If you want the extremely paranoid technique use a 16-sided die (1 to 9 is 1 to 9, 10 is A, 11 is B, 12 is C, 13 is D, 14 is E, 15 is F, 16 is 0) and roll it 64 times to generate your key directly in hexadecimal and paste it into an offline version of BitAddress Wallet Details tab to get your compressed private key and compressed address. This way you bypass any conversions from BigInteger to private key and you just convert directly from the hex private key to the wif private key. This means the same string you randomly created with die rolls is your key and you are not trusting the software to convert your entropy into a key. The entropy is your key in this technique.
from bitaddress.org.
These are good questions, I would also like a position from a developer.
from bitaddress.org.
Related Issues (20)
- private key showing different public key when sweeped
- uncompressed doesn't work as intended
- Add translation for Hindi HOT 1
- Password bip38
- Native SegWit (P2WPKH) - Bech32 addresses should be shown after entry of a private key in the Wallet Details section HOT 2
- BIP-38 does not work on iPhone 6
- Mofify code to show private key in vanity wallet
- Unused bitcoin in your wallet HOT 4
- implement new code HOT 1
- Tim's shit
- Btc private keys HOT 1
- 3AR2sHnB3z2BZzL2yxMD7tSrey1PCp4rMQ
- T T
- pointbiz hello,pointbiz HOT 1
- When using the brainwallet function, is there a maximum number of characters you can use? HOT 1
- Btc
- Old 2015 address vulnerable? HOT 4
- [email protected]
- Paper waller BIP38 Issue HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bitaddress.org.