I wonder if it's safe to use JavaScript generator available at bitaddress.org. Even if I'll generate it offline, how can I know if the algorithm is not using any pre-computed / pre-planned way of generating the addresses?
Asked
Active
Viewed 876 times
1 Answers
4
It is good to consider the security of a system in which you are relying.
The HTML and Javascript served is not obfuscated so the code is easily verified.
While there have been no formal security audits, at least not that I'm aware of, there are many people with strong skills in cryptography, programming, math and security that have looked at the code.
The method used to generate an address draws from other open source tools (e.g., Crypto-JS) as well as a subset of Bouncy Castle for the ECSDA ported to Javascript. In other words, BitAddress isn't doing anything that hasn't already been implemented elsewhere, it just implements them in Javascript.
Stephen Gornick
- 26,990
- 12
- 67
- 141
-
That said, unless you use a browser extension like blockchain's one, you are never really safe https://chrome.google.com/webstore/detail/my-wallet-verifier/kcapglakfcodkajgllmkiddclghogkic – o0'. Mar 29 '13 at 17:49
-
Related .. how to verify the source is authentic: http://bitcoin.stackexchange.com/a/9115/153 – Stephen Gornick Apr 04 '13 at 23:08