Javascript cryptography: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
Belcher (talk | contribs)
Create page
 
Belcher (talk | contribs)
m Added extra note about untested
 
(One intermediate revision by the same user not shown)
Line 10: Line 10:


This is even before you get into the fact of how easy it is for sites to quietly substitute different JS, or the fact that HTTPS provides virtually no protection against attackers with a network position close to the server (because you can get a cert for any domain you can answer HTTP requests for...). <ref>https://www.reddit.com/r/Bitcoin/comments/6ss91w/seriously_how_are_you_all_generating_your_private/dlf4uhr/</ref>
This is even before you get into the fact of how easy it is for sites to quietly substitute different JS, or the fact that HTTPS provides virtually no protection against attackers with a network position close to the server (because you can get a cert for any domain you can answer HTTP requests for...). <ref>https://www.reddit.com/r/Bitcoin/comments/6ss91w/seriously_how_are_you_all_generating_your_private/dlf4uhr/</ref>
Generally the code out there uses almost completely untested ECC code which would sometimes generate the wrong pubkeys, as well as being insecure non-constant time implementation subject to surveillance from other javascript tabs.
== SF Bitcoin Devs Seminar talk==
Greg Maxwell discusses javascript cryptography. (watch time: 3 min 6 sec)
https://www.youtube.com/watch?v=TYQ-3VvNCHE&t=3071


== See Also ==
== See Also ==

Latest revision as of 19:06, 20 November 2018

Javascript cryptography is when cryptographic software, especially bitcoin software, is written in javascript.

Javascript is not a suitable language for this. Such software is best avoided.

Explanation

Please don't use any javascript address generator for anything that matters.

The common libraries they have used have had a long and worrying series of mathematical flaws that cause them to occasionally generate addresses that do not match the private keys, and were completely without the sorts of test that would have detected these mistakes. Even if the errors are all fixed now, it's very easy for a webpage generator to be using an old version without anyone really noticing.

This is even before you get into the fact of how easy it is for sites to quietly substitute different JS, or the fact that HTTPS provides virtually no protection against attackers with a network position close to the server (because you can get a cert for any domain you can answer HTTP requests for...). [1]

Generally the code out there uses almost completely untested ECC code which would sometimes generate the wrong pubkeys, as well as being insecure non-constant time implementation subject to surveillance from other javascript tabs.

SF Bitcoin Devs Seminar talk

Greg Maxwell discusses javascript cryptography. (watch time: 3 min 6 sec)

https://www.youtube.com/watch?v=TYQ-3VvNCHE&t=3071

See Also

References