brainwallet / brainwallet.github.io Goto Github PK

The Private Key field on the Generator page accepts any valid base58check string and doesn't check if it's actually a private key.

e.g. 5hLjNA4CcepPWUFWEown72yGqi1P5ra8FB7zr6Un7FgfQ2W6BgvbBYx15dtts5fNNB is valid base58check (created from the Converter page), but it's not a valid WIF private key (too long). The form accepts it, treats it as a compressed key and generates an address that's unspendable, unless you do some extra math to calculate the actual private key (key mod n)

Could you put a warning about using insecure passwords or a link to a wiki or similar prominently on the main page? The rationale being that many users are under the mistaken belief that brainwallets are a safe / sensible way to store bitcoins only to have them stolen.

I realise that brainwallet is just a tool, and it's up to users to use responsibly. However some sort of warning / guidelines to new users would be good for the bitcoin community as a whole and woulc cost very little.

Repro:

[1] Open converter tab
[2] go into decimal input mode
[3] enter "23792937474992030482"
[4] receive output of "party imagination naked core attack afraid into into into"
[5] clear input
[6] use "party imagination naked core attack afraid into into into" as poetry input

result box will contain:
399179251292435893373108242

which is not the starting decimal number.

Note: after step 6, switch to binary output and you will see the extra zeros that are being included..

https://brainwalletx.github.io/

https://github.com/brainwalletX/brainwalletX.github.io

You create an additional txout with value 0 and script "OP_RETURN data".

https://blockchain.info/tx/9cb4a5c615124f977c9bc7e3e6f236bc68b7c1ded414d68ae4d3d87e15ca3df6?show_adv=true

"Send Transaction" with the most simple transaction with 0.001 fee fails with "Bad Request".

Tested raw tx is below:

010000000147f5e7d9085fc9cd95f1054bb95ea7ea96b98f2de83e884d5aaee19b6f2cb08b000000008a4730440220450a41cddd580cf257efe0f5527aeb483a75f444f3ff5891260c839a39e2eb9d02207381a26426e7866687658d869dc8854f00d9a6a099c1b3cd57d9d21ec36de7d9014104e2902771ed79bc100e44fe69a5bbacb654d3a33ab42c6597c5aef2c695ebf888f01b4f942b166f26d0b64339ed8cf23aaf4cdebe162c395e7ce20370ada7d7cdffffffff0298280300000000001976a9145101cf3455e7fc4794178b27c0786f4b1d7ae5fa88ac705d1e00000000001976a914c19de64f3cd99907c4bb9b56a4b127910b746cfb88ac00000000

--- Kosta

Hello,

After generating a 3 out of 2 wallet I am able to store my private/public keys for each of the participants.
After generating this address I send a small amount of BTC to this address (0.0002). The amount is correctly recorded and confirmed in the blockchain and is listed as an unspent transaction.

Afterwards I create a new transaction that spends (0.0001 BTC). This transaction is successful. On the third step I sent more funds to the 3-out-of-2 wallet (0.0003). This is where the issue happens: any funds I deposit in this wallet from second transaction on are automatically spent towards various unknown addresses, and there is never any unspent transactions no matter how much I deposit there.

I have tested this with 2 wallets already. Any idea what might be the issue?

Brainwallet.org is amazing and real useful when working with raw transactions. In testnet you get to play with cool transactions, like locktime, but then you need a sequence number other than the default FF FF FF FF (UINT_MAX).

Its fine, you can change it in the hex binary easy, but it would be really nice if you could add this (at least for testnet) to the JSON display

Keep up the great work!

Hello dear developers,

I use BTC though I also use LTC and It's been a while since I've tried to find a way in sending raw transactions to the Litecoin - LTC network (blockchain).

While using bitcoins - BTC, I use to create addresses thru brainwallet.org instead of creating them by oficial client. I also use to generate raw transactions in http://brainwallet.org (offline) as well, then copy them and send to the blockchain/network at https://blockchain.info/pushtx

Is there any way to make an LTC add-on into the javascript for it to also support Litecoins wallet generation and LTC raw transactions generator in the same way as we do with BTC nowadays?

Is there anybody out there with any plans to develop that function in the near future?

Best Regards,

Financisto

Can you add the support for Ripple Secret Key?

Maybe you can find the key generation function here:
https://github.com/ripple/ripple-client

Thank you!

Instead of having a default Destination Address, it should be blank.

I just accidentally sent 0.11736 BTC to the default destination address that's in the transactions tab. After preparing a transaction to a different destination, I reloaded the browser, forgot to change the destination address to the intended destination, filled out the rest of the form and hit Send Transaction.

Accidental transaction:

https://blockchain.info/tx/329845fe369cab4c210b65882506ad03d367bd3673ad93a9eebf71976299021b

it should encode as little endian. it causes errors if you create a long script in JSON, export it as raw hex and then import back, because raw builder correctly uses little endian

Sorry

Hi, i will be nice to have an additional button to change the generator to "testnet" addresses.
I will try to change:

    var PUBLIC_KEY_VERSION = 0;
    var PRIVATE_KEY_VERSION = 0x80;

To testnet values (0x6F and 0xEF)

Hi,

I am not a lawyer, but I feel that simply stating that something "is public domain" is possibly not sufficient as a license for code. There are multiple aspects of most licenses I've seen that aren't covered. For example:

• May I re-use this code without attribution? Can I publicly claim that I am the original author of the code?
• May I sue you for damages if there is a real or perceived fault in your code?
• May I use this code for commercial purposes, may I charge people for using it?
• What rights do I have to make derivative works of this code (it looks like someone has already done exactly that at https://github.com/sarchar/brainwallet.github.com/tree/bip32)?
• May I take a copy of this code (or a derivative) and redistribute it under a different license or no license at all?

I doubt the words "public domain" even have the same legal definition in all the countries that Github is distributing your code to. Can you unambiguously tell me what "public domain" means to you? If you can, why don't you just write that explanation into the license document?

I believe that you're currently doing people an unnecessary disservice by stating that your code has a license but then in the license document being unclear about the exact terms this code is distributed under.

Please take 15 minutes to review the standard FOSS licenses, then make one commit that will save everyone from future misunderstandings.

http://choosealicense.com/

Alternatively, delete the license so that at least people can reference Github's basic terms and conditions without worrying about what your license is trying to say that isn't already covered by those terms.

Hello

There is a UI bug on http://brainwallet.org/#tx that can cause the json transaction to not update. if you change the figure next to the destination address the json transaction updates and the appropriate change is sent back to the source address. But if you change the source amount only the transaction does not update meaning you end up paying more as fees.

https://bitcointalk.org/index.php?topic=372725.0

In bitcoinjs-min.js, the randomBytes function uses Math.random, which is insecure in browsers like FireFox that seed using the current timestamp. A malicious user could bruteforce many timestamp values and predict private keys.

I talked to an Eligius admin and he said the zero-fee TXs I generated with brainwallet weren't in their mempool or even personal bitcoind, considerably after the push time. Had to double-spend them to get them to relay outside of the apparent blockchain.info black hole.

This is new behavior, because before this week, zero-fee TXs were confirming within 1 hour. I don't know if it's brainwallet, blockchain.info, switching to 0.8.1, or all of the above that's responsible for the behavior. ETA: apparently I had done all my previous TXs with old enough inputs to meet the priority limit, or be within a few confirms of it, and just this week I started breaking bad without realizing there's been a priority limit this whole time.

Maybe there needs to be a warning not to zero-fee out <24hr received coin, if the brainwallet or /pushtx code isn't modified to calculate priorirty and alert on it.

Easy16 is used in Armory Paper Backup.

How to reproduce the bug:

1. Go to "Chains" tab.
2. Click on "Electrum".
3. Enter this on the "Paper Backup" area:

muse proud machine aim adore cream enemy mean coward wood limb motion

1. Enter 1 on the "Primary Addresses".
2. Enter 10 on the "Change Addresses".

Result:

1, "12rpk1gR3NV2FC8BG5aMwZntj1ZcXCog5d", "5KY1RrpED64G6NsWPWAGSZP3mdsU8HfbC69L1a23AwMgAxtVpF4"
2, "16ibhnkAFomVCrKTTMiP8C5et7zFG3KtAW", "5Ja8Gt57dQ7Bzz63ru23rnSNz93H6rFQn4NPJxvRKPZ4zjmmiUL"
3, "16ibhnkAFomVCrKTTMiP8C5et7zFG3KtAW", "5Ja8Gt57dQ7Bzz63ru23rnSNz93H6rFQn4NPJxvRKPZ4zjmmiUL"
4, "16ibhnkAFomVCrKTTMiP8C5et7zFG3KtAW", "5Ja8Gt57dQ7Bzz63ru23rnSNz93H6rFQn4NPJxvRKPZ4zjmmiUL"
5, "16ibhnkAFomVCrKTTMiP8C5et7zFG3KtAW", "5Ja8Gt57dQ7Bzz63ru23rnSNz93H6rFQn4NPJxvRKPZ4zjmmiUL"
6, "16ibhnkAFomVCrKTTMiP8C5et7zFG3KtAW", "5Ja8Gt57dQ7Bzz63ru23rnSNz93H6rFQn4NPJxvRKPZ4zjmmiUL"
7, "16ibhnkAFomVCrKTTMiP8C5et7zFG3KtAW", "5Ja8Gt57dQ7Bzz63ru23rnSNz93H6rFQn4NPJxvRKPZ4zjmmiUL"
8, "16ibhnkAFomVCrKTTMiP8C5et7zFG3KtAW", "5Ja8Gt57dQ7Bzz63ru23rnSNz93H6rFQn4NPJxvRKPZ4zjmmiUL"
9, "16ibhnkAFomVCrKTTMiP8C5et7zFG3KtAW", "5Ja8Gt57dQ7Bzz63ru23rnSNz93H6rFQn4NPJxvRKPZ4zjmmiUL"
10, "16ibhnkAFomVCrKTTMiP8C5et7zFG3KtAW", "5Ja8Gt57dQ7Bzz63ru23rnSNz93H6rFQn4NPJxvRKPZ4zjmmiUL"
11, "16ibhnkAFomVCrKTTMiP8C5et7zFG3KtAW", "5Ja8Gt57dQ7Bzz63ru23rnSNz93H6rFQn4NPJxvRKPZ4zjmmiUL"

Problem: Addresses from 2 to 11 are the same.
If you enter 2 in the "Primary Addresses" it don't work well too:

1, "12rpk1gR3NV2FC8BG5aMwZntj1ZcXCog5d", "5KY1RrpED64G6NsWPWAGSZP3mdsU8HfbC69L1a23AwMgAxtVpF4"
2, "1MPAZ11gMBPyPwnTwfVJoXzGcRCgJ4Gi9e", "5J22aMxmvSwnnEPuLhZQy1WRoHUBJ3Ty6gSEr28kPdmovEu79Ga"
3, "16ibhnkAFomVCrKTTMiP8C5et7zFG3KtAW", "5Ja8Gt57dQ7Bzz63ru23rnSNz93H6rFQn4NPJxvRKPZ4zjmmiUL"
4, "15zNyzKcZvojyhpHNuHBrmAaGf9TiHLxMu", "5JzYNZRrqnvX2j6agkh3ir2CzRZL6rhSJkbPnDYswHiz1btUcYj"
5, "16ibhnkAFomVCrKTTMiP8C5et7zFG3KtAW", "5Ja8Gt57dQ7Bzz63ru23rnSNz93H6rFQn4NPJxvRKPZ4zjmmiUL"
6, "15zNyzKcZvojyhpHNuHBrmAaGf9TiHLxMu", "5JzYNZRrqnvX2j6agkh3ir2CzRZL6rhSJkbPnDYswHiz1btUcYj"
7, "16ibhnkAFomVCrKTTMiP8C5et7zFG3KtAW", "5Ja8Gt57dQ7Bzz63ru23rnSNz93H6rFQn4NPJxvRKPZ4zjmmiUL"
8, "15zNyzKcZvojyhpHNuHBrmAaGf9TiHLxMu", "5JzYNZRrqnvX2j6agkh3ir2CzRZL6rhSJkbPnDYswHiz1btUcYj"
9, "16ibhnkAFomVCrKTTMiP8C5et7zFG3KtAW", "5Ja8Gt57dQ7Bzz63ru23rnSNz93H6rFQn4NPJxvRKPZ4zjmmiUL"
10, "15zNyzKcZvojyhpHNuHBrmAaGf9TiHLxMu", "5JzYNZRrqnvX2j6agkh3ir2CzRZL6rhSJkbPnDYswHiz1btUcYj"
11, "16ibhnkAFomVCrKTTMiP8C5et7zFG3KtAW", "5Ja8Gt57dQ7Bzz63ru23rnSNz93H6rFQn4NPJxvRKPZ4zjmmiUL"
12, "15zNyzKcZvojyhpHNuHBrmAaGf9TiHLxMu", "5JzYNZRrqnvX2j6agkh3ir2CzRZL6rhSJkbPnDYswHiz1btUcYj"

Problem: The address "15zNyzKcZvojyhpHNuHBrmAaGf9TiHLxMu" is repeated.

When I tried to duplicate the logic for a qr code for the provate key, I am getting an error saying:

Uncaught Error: code length overflow. (420>352)

A private Key Qr code is usuful for importing it on mobile wallets.

Hello, I had idea with my friend to put some localization into brain wallet, do you think it is possible?
I didn't made huge research, but I see words are from https://en.wiktionary.org/wiki/Wiktionary:Frequency_lists/Contemporary_poetry and they are placed in mnemonic.js

Oh I found there are word lists as well https://github.com/bitcoin/bips/tree/master/bip-0039

Thanks!

When I enter this paper backup:

muse proud machine aim adore cream enemy mean coward wood limb motion

it works ok:

1, "12rpk1gR3NV2FC8BG5aMwZntj1ZcXCog5d", "5KY1RrpED64G6NsWPWAGSZP3mdsU8HfbC69L1a23AwMgAxtVpF4"
2, "1MPAZ11gMBPyPwnTwfVJoXzGcRCgJ4Gi9e", "5J22aMxmvSwnnEPuLhZQy1WRoHUBJ3Ty6gSEr28kPdmovEu79Ga"
3, "1ABKTNeaA7uwS9GJtT9oy6rUYHCA8Z329S", "5JAQKXd4cBMaMRAAchbMWy4NyBG9xasfzUycdk2DU7TKomrA6qx"
4, "14hudeWF1v9BFKR5JXJBShPaMs5yydF81v", "5JADnGAo2oXSFvoAL7nexjxb5R2mqGwzJbyZAsGqrQY7xrAhwvG"
5, "1GH1rYPza1SH3KNn2tmWZ9hZv1eELko1Np", "5KdYmgZUKoHjEHjRJHdUbAvo6TrBtFA3mmZMWMKCJkYoN6BX6yG"
6, "16ibhnkAFomVCrKTTMiP8C5et7zFG3KtAW", "5Ja8Gt57dQ7Bzz63ru23rnSNz93H6rFQn4NPJxvRKPZ4zjmmiUL"

When I enter the same data, but enter "new line" accidentally (at the end of the line), the program make wrong addresses:

1, "19v8hmrLAW2weJBUmwwxsXuvJQZpEfT63v", "5KL3RRT8yd2Ghc99UYwMbpVRqWCCmpbkytkHRgUr6CVtQtpqKN2"
2, "1PG1sX3oU2f6Wwq1eix6jvHuz7cxKesTLs", "5J5X8yM39tjAm9Eg9c5cru3euaz7Qs5U7Dn8L9eQSASebbmJfbB"
3, "1HmCv19yyqUxZpMZ54JqvANvCzxJQNKcgK", "5HqYcX7usQpPGZ9APkfX5x8xgFSPbJ3v6UzBK9nwkJR5NFazHiT"
4, "1C6AHSLLRGcNeht68b2oTkQByh1j5eC2SF", "5Ji3R66urd34XaVDcGfMsz8uNNeK41LHkY1nPTBH8SBdZPS6o1R"
5, "1CZHNYb5DSZoAztrkfJz7cQBJWd8p6SWKZ", "5J5eiLuYQjfGoBankE88tmeNHHVfqwmuetMDWapywDa4V1ei3Qg"
6, "1PwTS6yNzhekJorEgn3y1GjN8Z7fMcFnbH", "5HuAPvzhnTVWvY82j2RFfmKTShc3C8UrDJTkDUEVt9NEUFwVMSD"

Another problem:

When I enter the paper backup, and then remove the last word, it still make the same chain.

Please add BIP0038 (encrypted private keys) support. It's already been implemented at www.bitaddress.org so the javascript is already done. You can see it's a relatively short commit: pointbiz/bitaddress.org@5453778

The page to generate an offline transaction has a field for the amount of bitcoins to send, but no field for the transaction fee. It seems that the fee that gets sent is the difference between the starting amount and the sent amount. This is unexpected (or at least unclear) from a user perspective, and can lead to users sending larger fees than expected.

I did fix for proxy service here:
#70

When trying to create a transaction from the default address

PK: 935ZTXVqEatu6BaEX6CHrzpXquDKurpVXD7q1FQ1K3pt8VwmG2L

I put this into transactions and is asks me if I want to download from:

http://blockchain.info/unspent?address=myTPjxggahXyAzuMcYp5JTkbybANyLsYBW

Looking at http://blockexplorer.com/testnet/address/myTPjxggahXyAzuMcYp5JTkbybANyLsYBW

It seems active ... but maybe we need a new data source for this kind of address?

Maybe: http://test.webbtc.com/address/myTPjxggahXyAzuMcYp5JTkbybANyLsYBW

It has an option for json too ...

Repro:
[1] Start up the converter tab
[2] Enter hex for input and hex for output
[3] enter the hex number "3676456D5D4F44A" as input
[4] see the actual output is "3676456D5D4F440A"

I found this as I was implementing decimal as an input. I have the code for that but it is dependent on a fix for this issue as I believe this issue is based on the Crypto.util.hexToBytes() you are using. It is outputing inccorrect bytes. Adding leading zeros to the first byte. I will try and find time to upload my changes for adding decimal later today. I have implemented a new big number division algorithm that you could just use for all the conversions if i were to add changeable radix support.

Note: binary to binary conversion is also messed up try selecting binary -> binary and entering binary number "1000011010010010010100010010110110101100101000111000101000110"

Best not to trust the converter for mission critical conversions ATM.

�I find LTC signing and sending tx did not work, did Litecoin get complete support?

Can this be supported?

When generating an Electrum chain, the generator produces only one address, and prints that address over and over in an infinite loop. I've received the same result in Firefox and Chrome on Linux and Firefox, Chrome, and Internet Explorer on Windows. The bug was introduced in commit 9f3fea6

remove

I occasionally get people asking me to refund bitcoins sent to the old Bitcoin Faucet address, because they forgot to change the default address.

Please either add a check for the Faucet address (and refuse to send) or use something that looks like an address but fails the checksum or leave the field blank.

It is not intuitive how to set miner's fees using the current Brainwallet.org transaction generator. In fact, I have no idea how to do it. This seems pretty important! This is not the same as the prior issue about the change going to the wrong wallet address.

I have 3 TX's stuck in blockchain due to insufficient TX fees....

I will donate 1 LTC if you can add support for MARSCOIN MRS ( scrypt )

it is a "litecoin" clone i believe

site + wallet: marscoin.org

blockchain explorer: http://explore.marscoin.org

pubkey_address version: 50

i lost alot of MRS coins trying to send from PC to android wallet...
they are stuck in blockchain...

would like to try using brainwallet to resend the stuck TXs using a higher fee!

i have both the RAW TX & JSON-TX data,
but MRS isnt listed in brainwallet

please help!

or if someone could tell me how to MOD the github src
to add MRS, i'd send them 1 LTC ( if the code works properly )

please post your LTC address here
( sorry, I would send BTC, but only have "dust" )

Thanks.

Steps to reproduce:

• Pick a private key (5KJvsngHeMpm884wtkJNzQGaCErckhHJBGFsvd3VyK5qMZXj3hS)
• Navigate to http://www.bit2factor.org/
• Select "Generate & Encrypt Private Key" and encrypt private key with password "test".
• Paste encrypted key into brainwallet converter (6PRQ7ivF6WDwzdtp2jkuHMkHqCQCY2CsSPipKiuSjrM6NbKLc3i1EU2tpn)
• Make sure base58 -> base58 is selected.
• Watch how address is completely mangled.

I'm not at all sure why this is but if there's some kind of restriction on the kind of base58 that is allowed maybe this should be made more clear.

When generating an Electrum chain from mnemonic using defaults for all fields, the 6th tuple displays an invalid private key starting with 'y' instead of '5'.

Normally, this does not occur and valid private keys are displayed.

bitcoinjs-lib has moved on since 0.13. As a model project, it would be great to keep up with the latest. I do realise the APIs have changed significantly since but the end result should actually be less code in brainwallet itself.

Sent my BTC to an address generated randomly by Brainwallet. This was not meant to happen.

How can i recall these coins? Will it bounce back to my wallet?

Any help would be appreciated. I can't lose these coins.

Compressed pubkeys are better for the network and result in txn with higher priority and lower fees, so they should be the default.

http://world.std.com/~reinhold/diceware.html for really secure passphrase seeds.

When generating electrum chains, exponents shorter than 32 bytes doesn't get padded, so the resulting private keys are wrong.

To confirm this bug, generate a chain from the following paper mnemonic:
"meet companion pen treat fruit anymore yeah sneak stubborn kept mist shook".

On line #3 the private key will be wrong. (Oh nice and writing #3 incidentally also linked to a closed issue regarding the exact same thing, where you couldn't reproduce it last time =)).

Of course I have the fix.. :)
I'm not familiar with GitHub, and guessing that I probably wouldn't be able to commit anyway (and I shouldn't), I'll just leave this here:

in js/electrum.js - after line 25 (var newPriv...), insert:
for(;newPriv.length<32;) newPriv.unshift(0x00);

It doesn't look like the code for $('#txSign').attr('disabled', false); exists anymore.

I can't find any code path or UI manner to enable the Re-Sign button

Test Case:

• Load brainwallet.org
• Select TEST for Testnet
• Click Transaction tab
• Type JSON transaction in Transaction box
• Note no JSON error... good
• Click Private Key textbox, enter private key
• Note address properly forms... good....
• Note Re-Sign button still grey... bad...

Also tried c9c9f16
at this revision, the Re-Sign button does enable when the private-key is input (good), but clicking the Re-Sign button blanks all the fields (bad)

Hi,
I'm new with bitcoin and like to use Brainwallet to manually create transactions.
My issue is I don't get this to work offline as I don't get the right results when manually typing the Transactions history.
Only way to get it succesfully is to do it online by using "Get history from BlockChain Info"...However, here if I enter the address of my wallet to the prompt after clicking the button if will download the history, but Source Address remains as default value and did not update. It is also not possible to edit Source Address as it is gray and locked.
So really the only way to get the form to work is to be online to first give the Private Key after which the form automatically asks if to download history from BlockChain Info....and this just makes me feel bad.

Am I doing something wrong here or is this the way the form now works? Obviously you can download the transaction history without the private key so why is it needed as first input on the form and other main inputs are locked? All I want is to create the transaction manually offline and not to type private key to the form when being online. Is this possible or am I just "too fresh user" to understand these topics correctly?

Thanks for your time and support. Hope this is even remotely useful for you in developing your product.

BR, Tom

This is an enhancement. Ability to add more than 1 destination address in transactions section. You may be able to do it via the JSON textarea but I personally haven't figured it out. A user friendly way of adding multiple destination addresses would definitely be nice. Thanks.

Greetings author.

I like to find a way to ensure the users can get it right.

The public key part is 137 in Decimal but the private key is in 133 in decimal according to Clamcoin's source code while other follows the +128 shifting, exponent is still same,with no errors. Thank you.

fixed by 2765e39

Any time I try to send a transaction with a compressed key I get a "Warning! Source address does not match private key." and I'm unable to create the transaction.