Javascript cryptography: Difference between revisions
Add link to gmaxwell's discussion of javascript crypto |
m Added extra note about untested |
||
Line 10: | Line 10: | ||
This is even before you get into the fact of how easy it is for sites to quietly substitute different JS, or the fact that HTTPS provides virtually no protection against attackers with a network position close to the server (because you can get a cert for any domain you can answer HTTP requests for...). <ref>https://www.reddit.com/r/Bitcoin/comments/6ss91w/seriously_how_are_you_all_generating_your_private/dlf4uhr/</ref> | This is even before you get into the fact of how easy it is for sites to quietly substitute different JS, or the fact that HTTPS provides virtually no protection against attackers with a network position close to the server (because you can get a cert for any domain you can answer HTTP requests for...). <ref>https://www.reddit.com/r/Bitcoin/comments/6ss91w/seriously_how_are_you_all_generating_your_private/dlf4uhr/</ref> | ||
Generally the code out there uses almost completely untested ECC code which would sometimes generate the wrong pubkeys, as well as being insecure non-constant time implementation subject to surveillance from other javascript tabs. | |||
== SF Bitcoin Devs Seminar talk== | == SF Bitcoin Devs Seminar talk== |
Latest revision as of 19:06, 20 November 2018
Javascript cryptography is when cryptographic software, especially bitcoin software, is written in javascript.
Javascript is not a suitable language for this. Such software is best avoided.
Explanation
Please don't use any javascript address generator for anything that matters.
The common libraries they have used have had a long and worrying series of mathematical flaws that cause them to occasionally generate addresses that do not match the private keys, and were completely without the sorts of test that would have detected these mistakes. Even if the errors are all fixed now, it's very easy for a webpage generator to be using an old version without anyone really noticing.
This is even before you get into the fact of how easy it is for sites to quietly substitute different JS, or the fact that HTTPS provides virtually no protection against attackers with a network position close to the server (because you can get a cert for any domain you can answer HTTP requests for...). [1]
Generally the code out there uses almost completely untested ECC code which would sometimes generate the wrong pubkeys, as well as being insecure non-constant time implementation subject to surveillance from other javascript tabs.
SF Bitcoin Devs Seminar talk
Greg Maxwell discusses javascript cryptography. (watch time: 3 min 6 sec)
https://www.youtube.com/watch?v=TYQ-3VvNCHE&t=3071