Verifying a legitimate version of bitaddress.org on Windows

2

How can I make sure I am accessing (online) or have downloaded (as an HTML file or from GitHub) a legitimate, trustworthy version of bitaddress.org?

In other words, how can I make sure no hacker has modified something at bitaddress.org or in the GitHub files in order to be able to capture generated keys?

I have read somewhere something about computing the "hash" and/or "verifying the signature" or something like that. I'm not at all familiar with all this.

I think the same question would apply for bitcoinpaperwallet.com, too.

User X

Posted 2017-11-29T06:58:16.520

Reputation: 185

1Are you using Windows? (To verify the hash)MCCCS 2017-11-29T12:36:01.297

Yes, I use Windows.User X 2017-11-29T13:00:09.230

Answers

1

1) Google how to verify a PGP signature

2) Import author's PGP sig (from the main Web site), use procedure from 1) to verify contents of https://www.bitaddress.org/CHANGELOG.txt.asc (and obtain SHA256 sum of the latest release, although you can get that from Github as well)

(If you trust Github and want to use an offline copy, you could skip 1) and 2) and just get the latest release from Github)

3) Download the latest release, unzip and calculate SHA256 sum of the main (bitaddress.org.htm) HTML file, compare with SHA256 sum in the URL or downloaded CHANGES.txt.asc file: sha256sum.exe bitaddress.org.html dec17c07685e1870960903d8f58090475b25af946fe95a734f88408cef4aa194 bitaddress.org.htm

If you skipped step 2), you can perform it in step 3 using the downloaded ZIP archive. For checksum, use a utility you want (or two, in case you don't trust one). One example: http://www.labtestproject.com/files/win/sha256sum/sha256sum.exe

whatever

Posted 2017-11-29T06:58:16.520

Reputation: 198

Asked: 2017-11-29T06:58:16.520

Viewed: 379 times

Active: 2017-11-29T14:16:17.920