A Browser Based Cryptocurrency Client [real devs only please]

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: GCInc. on November 19, 2013, 01:43:06 PM

Quote from: Come-from-Beyond on November 19, 2013, 09:55:01 AM

I do have skills and a team, but I support only innovative projects. Bitcoin webwallet doesn't look innovative enough.

I'm not sure we're talking about the same thing, but I was thinking no webwallet, no external servers for anything else than blockchain storage. Local wallet integrated to the web browser. Maybe not innovative but what a step towards cryptocurrency mass adoption!

you certainly could improve the basic web wallet experience by:

1) keeping ECC keys in the HTML5 Web Store

2) forming and signing the TXs in the browser using Javascript.

-bm

GCInc.

hero member

Activity: 566

Merit: 500

Quote from: Come-from-Beyond on November 19, 2013, 09:55:01 AM

I do have skills and a team, but I support only innovative projects. Bitcoin webwallet doesn't look innovative enough.

I'm not sure we're talking about the same thing, but I was thinking no webwallet, no external servers for anything else than blockchain storage. Local wallet integrated to the web browser. Maybe not innovative but what a step towards cryptocurrency mass adoption!

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: Sukrim on November 19, 2013, 06:05:01 AM

It seems you want to connect clients to each other using WebRTC - why exactly?

To get rid of servers I suppose.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: GCInc. on November 19, 2013, 05:49:43 AM

This is interesting, related to some client side js crypto on which I'm currently getting project work done. Are there plans for prototype development of a browser based wallet? Come-from-Beyond do you have the skills required or do you have a team?

I do have skills and a team, but I support only innovative projects. Bitcoin webwallet doesn't look innovative enough.

Sukrim

legendary

Activity: 2618

Merit: 1007

Ripple does this since about 1 year now - maybe have a look at their client too. The crypto used is similar, the server software is different from bitcoind. https://github.com/ripple/ripple-client, https://github.com/ripple/ripple-lib

Basically it is an SPV client in JavaScript that signs transactions locally and only communicates to its server via Websockets to get updates and to push (locally) signed transactions.

It seems you want to connect clients to each other using WebRTC - why exactly?

GCInc.

hero member

Activity: 566

Merit: 500

This is interesting, related to some client side js crypto on which I'm currently getting project work done. Are there plans for prototype development of a browser based wallet? Come-from-Beyond do you have the skills required or do you have a team?

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: bluemeanie1 on November 15, 2013, 03:45:44 PM

what you're suggesting?

(\__/)
(='.'=)
(")_(") secret phrase
------------------------------> [Browser] = FileSystem + WebRTC + some JS Crypto libraries

The browser signs transactions using the secret phrase and sends to some random peers. The list of peers is obtained via asking the user and sharing with other peers. A few peers not shielded by NAT is enough to build a network.

Protection:
- Virtual keyboard or mobile phone + microphone against key loggers
- Other computer or mobile phone for 2FA

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: Come-from-Beyond on November 15, 2013, 03:25:36 PM

Quote from: bluemeanie1 on November 15, 2013, 03:21:18 PM

not hammering this down, I think it's a good idea. But to give it the proper security term, it's 2 factor auth.

1st factor: the 'Masterkey' numerical non-mnemonic artifact
2nd factor: hashed passphrase to produce subkeys

Adding 2FA u add a big hole in the security. Nothing should be stored, especially outside.

what you're suggesting?

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: bluemeanie1 on November 15, 2013, 03:21:18 PM

not hammering this down, I think it's a good idea. But to give it the proper security term, it's 2 factor auth.

1st factor: the 'Masterkey' numerical non-mnemonic artifact
2nd factor: hashed passphrase to produce subkeys

Adding 2FA u add a big hole in the security. Nothing should be stored, especially outside.

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: Come-from-Beyond on November 15, 2013, 03:17:36 PM

Quote from: bluemeanie1 on November 15, 2013, 03:09:52 PM

again so if the Masterkey [1] is on the server(publicized) your point of weakness is the privacy of your password.

while password based security is more or less standard, it's not considered to be very strong and if that were the security model I don't think this system would offer much because, web wallets offer a similar security model (not as good though as what you are suggesting).

so in 'New Way' you cannot compromise the Bitcoin account without somehow gaining access to the wallet.dat that resides in the Browser(and no where else). You can easily add two factor auth by using the hash system you describe.

[1] don't like ideas that begin with 'Master' these days.

Masterkey is a secret key, no need to publicize it. U don't need wallet.dat at all if u generate addresses the way I proposed.

not hammering this down, I think it's a good idea. But to give it the proper security term, it's 2 factor auth.

1st factor: the 'Masterkey' numerical non-mnemonic artifact
2nd factor: hashed passphrase to produce subkeys

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: bluemeanie1 on November 15, 2013, 03:09:52 PM

again so if the Masterkey [1] is on the server(publicized) your point of weakness is the privacy of your password.

while password based security is more or less standard, it's not considered to be very strong and if that were the security model I don't think this system would offer much because, web wallets offer a similar security model (not as good though as what you are suggesting).

so in 'New Way' you cannot compromise the Bitcoin account without somehow gaining access to the wallet.dat that resides in the Browser(and no where else). You can easily add two factor auth by using the hash system you describe.

[1] don't like ideas that begin with 'Master' these days.

Masterkey is a secret key, no need to publicize it. U don't need wallet.dat at all if u generate addresses the way I proposed.

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: jago25_98 on November 15, 2013, 03:03:00 PM

I'm sure blockchain.info's wallet unique selling point was to host as much as possible client side as a response to the MyWallet debacle.
Worth a look?
https://github.com/zootreeves/blockchain.info/blob/master/wallet.js

not fully versed in how their architecture works. I did see that browser based vanity generator which was perhaps the most advanced use of client-side crypto I've seen in the Bitcoin world. Whoever did that does know a thing or two about Crypto. Feel free to credit him/her in this thread if you know.

Quote from: jago25_98 on November 15, 2013, 03:03:00 PM

I've sent piuk a PM to let him know.

-j

btw, love the decentralised exchange ideas

thank you sir. If you want to be involved and you're not technical I can put you in touch with our community leader. This isn't a bluemeanie thing really, it's a community thing.

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: Come-from-Beyond on November 15, 2013, 03:04:23 PM

Quote from: bluemeanie1 on November 15, 2013, 02:59:28 PM

I see so it's 2 factor auth.

so for your idea: the master key is in the browser store? is it unique to a user? to a set of accounts?

I don't see the 2nd factor there. It's like good ole password auth (before username began to be used).

Nothing is stored in the browser. User has to remember the phrase.

again so if the Masterkey [1] is on the server(publicized) your point of weakness is the privacy of your password.

while password based security is more or less standard, it's not considered to be very strong and if that were the security model I don't think this system would offer much because, web wallets offer a similar security model (not as good though as what you are suggesting).

so in 'New Way' you cannot compromise the Bitcoin account without somehow gaining access to the wallet.dat that resides in the Browser(and no where else). You can easily add two factor auth by using the hash system you describe.

[1] don't like ideas that begin with 'Master' these days.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: bluemeanie1 on November 15, 2013, 02:59:28 PM

I see so it's 2 factor auth.

so for your idea: the master key is in the browser store? is it unique to a user? to a set of accounts?

I don't see the 2nd factor there. It's like good ole password auth (before username began to be used).

Nothing is stored in the browser. User has to remember the phrase.

jago25_98

hero member

Activity: 900

Merit: 1000

Crypto Geek

I'm sure blockchain.info's wallet unique selling point was to host as much as possible client side as a response to the MyWallet debacle.
Worth a look?
https://github.com/zootreeves/blockchain.info/blob/master/wallet.js

I've sent piuk a PM to let him know.

-j

btw, love the decentralised exchange ideas

Quote from: bluemeanie1 on November 15, 2013, 02:17:30 PM

Quote from: jago25_98 on November 15, 2013, 08:00:54 AM

Stating the obvious here,
but Mandrik from the client side blockchain.info might have a comment or 2 regarding browser security. Might be worth a PM once you have some more concrete ideas

thanks, but I think blockchain.info is a traditional web app? Haven't used it much really. He may have valuable advice, but the architecture I'm suggesting has few counterparts, here is one: https://chrome.google.com/webstore/detail/mymail-crypt-for-gmail/jcaobjhdnlpmopmjhijplpjhlplfkhba

Im somewhat versed in web app security.

thanks, bm

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: Come-from-Beyond on November 15, 2013, 02:53:40 PM

Quote from: bluemeanie1 on November 15, 2013, 02:49:05 PM

and if someone cracks or steals the secret phrase? youre basically back to password authentication.

much less of a security problem if the phrase never leaves your own pc for sure, and might offer the right security characteristics for this architecture.

That's what I offer:

1. Ask for the secret phrase
2. Hash it with SHA-256 to get a master key
3. Generate Nth ECC private key as SHA256(master_key, N)

The secret phrase, the master key and the private keys don't need to be transfered nor saved. All that u need is to sign transactions using JavaScript.

I see so it's 2 factor auth.

so for your idea: the master key is in the browser store? is it unique to a user? to a set of accounts?

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: bluemeanie1 on November 15, 2013, 02:49:05 PM

and if someone cracks or steals the secret phrase? youre basically back to password authentication.

much less of a security problem if the phrase never leaves your own pc for sure, and might offer the right security characteristics for this architecture.

That's what I offer:

1. Ask for the secret phrase
2. Hash it with SHA-256 to get a master key
3. Generate Nth ECC private key as SHA256(master_key, N)

The secret phrase, the master key and the private keys don't need to be transfered nor saved. All that u need is to sign transactions using JavaScript.

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: Come-from-Beyond on November 15, 2013, 02:45:09 PM

Quote from: bluemeanie1 on November 15, 2013, 02:39:50 PM

that's 'brand X', the web wallet. Im proposing the scenario on the right.

A secret phrase is enough to reconstruct thousands of ECC keys.

and if someone cracks or steals the secret phrase? youre basically back to password authentication.

much less of a security problem if the phrase never leaves your own pc for sure, and might offer the right security characteristics for this architecture.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: bluemeanie1 on November 15, 2013, 02:39:50 PM

that's 'brand X', the web wallet. Im proposing the scenario on the right.

A secret phrase is enough to reconstruct thousands of ECC keys.

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: Come-from-Beyond on November 15, 2013, 02:36:43 PM

Why do u need to store ECC keys? Use a secret phrase asked upon login to get a master key. Other keys can be derived from the master.

PS: What that server in the picture for?

that's 'brand X', the web wallet. Im proposing the scenario on the right.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Why do u need to store ECC keys? Use a secret phrase asked upon login to get a master key. Other keys can be derived from the master.

PS: What that server in the picture for?

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

here is a handy image I just made:

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: jago25_98 on November 15, 2013, 08:00:54 AM

Stating the obvious here,
but Mandrik from the client side blockchain.info might have a comment or 2 regarding browser security. Might be worth a PM once you have some more concrete ideas

thanks, but I think blockchain.info is a traditional web app? Haven't used it much really. He may have valuable advice, but the architecture I'm suggesting has few counterparts, here is one: https://chrome.google.com/webstore/detail/mymail-crypt-for-gmail/jcaobjhdnlpmopmjhijplpjhlplfkhba

Im somewhat versed in web app security.

thanks, bm

jago25_98

hero member

Activity: 900

Merit: 1000

Crypto Geek

Stating the obvious here,
but Mandrik from the client side blockchain.info might have a comment or 2 regarding browser security. Might be worth a PM once you have some more concrete ideas

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: eb3full on November 15, 2013, 12:10:44 AM

Quote from: bluemeanie1 on November 14, 2013, 06:47:34 PM

There are a few extra security considerations, but you are in control of your keys and generally conforms to the same security model as the regular Bitcoin client.

Other browser plugins or browser exploits would make it incredibly unsafe even if the client itself was secure. It's a step backward to hand the browser any control over authentication of transactions.

But a step forward in deployment costs.

eb3full

vip

Activity: 198

Merit: 101

Quote from: bluemeanie1 on November 14, 2013, 06:47:34 PM

There are a few extra security considerations, but you are in control of your keys and generally conforms to the same security model as the regular Bitcoin client.

Other browser plugins or browser exploits would make it incredibly unsafe even if the client itself was secure. It's a step backward to hand the browser any control over authentication of transactions.

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: eb3full on November 14, 2013, 06:19:29 PM

You could probably compile OpenSSL (or maybe entire portions of bitcoind) into javascript using emscripten.

that sounds pretty ambitious.

the stanford library I posted appears to have all the basic Crypto functions you need to use Bitcoin..

http://www-cs-students.stanford.edu/~tjw/jsbn/

Quote from: eb3full on November 14, 2013, 06:19:29 PM

I still personally believe any browser-based wallets are flawed unless the signing is occurring on a physical device in control of the user. All of the technologies needed for a browser-based wallet (WebRTC etc.) are there though.

just to be clear, I am suggesting that the signing and key management happen IN THE BROWSER. This is possible given the technologies I described in the OP. This is not a "web wallet", instead a "browser based wallet". There are a few extra security considerations, but you are in control of your keys and generally conforms to the same security model as the regular Bitcoin client.

eb3full

vip

Activity: 198

Merit: 101

You could probably compile OpenSSL (or maybe entire portions of bitcoind) into javascript using emscripten. I still personally believe any browser-based wallets are flawed unless the signing is occurring on a physical device in control of the user. All of the technologies needed for a browser-based wallet (WebRTC etc.) are there though.

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: moderate on November 14, 2013, 05:12:35 PM

Quote from: bluemeanie1 on November 14, 2013, 05:10:25 PM

Quote from: moderate on November 14, 2013, 04:56:52 PM

Quote from: bluemeanie1 on November 14, 2013, 04:52:25 PM

Quote from: Come-from-Beyond on November 14, 2013, 04:50:18 PM

Quote from: moderate on November 14, 2013, 04:21:40 PM

I can only hope that at some point you will realize this has nothing to do with cryptography.

I didn't notice this.

Yes, I do know that p2p has nothing to do with cryptography. But it's essential for decentralized cryptocurrency.

he's just got some bone to pick, I would ignore him.

You can ignore me as much as you please, just don't fuck the users with this broken tool you are planning. Hope you read the previous link.

a Browser based Cryptocurrency client would have similar security considerations.

Do you even understand why cryptocat moved to a plugin model ? Gosh, you are hopeless. I'm leaving you alone now.

if you have such a rich background in javascript based crypto browser security, why don't you tell us who you are so we can review your past accomplishments?

moderate

member

Activity: 98

Merit: 10

nearly dead

Quote from: bluemeanie1 on November 14, 2013, 05:10:25 PM

Quote from: moderate on November 14, 2013, 04:56:52 PM

Quote from: bluemeanie1 on November 14, 2013, 04:52:25 PM

Quote from: Come-from-Beyond on November 14, 2013, 04:50:18 PM

Quote from: moderate on November 14, 2013, 04:21:40 PM

I can only hope that at some point you will realize this has nothing to do with cryptography.

I didn't notice this.

Yes, I do know that p2p has nothing to do with cryptography. But it's essential for decentralized cryptocurrency.

he's just got some bone to pick, I would ignore him.

You can ignore me as much as you please, just don't fuck the users with this broken tool you are planning. Hope you read the previous link.

a Browser based Cryptocurrency client would have similar security considerations.

Do you even understand why cryptocat moved to a plugin model ? Gosh, you are hopeless. I'm leaving you alone now.

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: moderate on November 14, 2013, 04:56:52 PM

Quote from: bluemeanie1 on November 14, 2013, 04:52:25 PM

Quote from: Come-from-Beyond on November 14, 2013, 04:50:18 PM

Quote from: moderate on November 14, 2013, 04:21:40 PM

I can only hope that at some point you will realize this has nothing to do with cryptography.

I didn't notice this.

Yes, I do know that p2p has nothing to do with cryptography. But it's essential for decentralized cryptocurrency.

he's just got some bone to pick, I would ignore him.

You can ignore me as much as you please, just don't fuck the users with this broken tool you are planning. Hope you read the previous link.

this project offers client side encryption for Gmail and it works completely in the web browser: https://chrome.google.com/webstore/detail/mymail-crypt-for-gmail/jcaobjhdnlpmopmjhijplpjhlplfkhba

a Browser based Cryptocurrency client would have similar security considerations.

keep trolling...

moderate

member

Activity: 98

Merit: 10

nearly dead

Quote from: bluemeanie1 on November 14, 2013, 04:52:25 PM

Quote from: Come-from-Beyond on November 14, 2013, 04:50:18 PM

Quote from: moderate on November 14, 2013, 04:21:40 PM

I can only hope that at some point you will realize this has nothing to do with cryptography.

I didn't notice this.

Yes, I do know that p2p has nothing to do with cryptography. But it's essential for decentralized cryptocurrency.

he's just got some bone to pick, I would ignore him.

You can ignore me as much as you please, just don't fuck the users with this broken tool you are planning. Hope you read the previous link.

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: Come-from-Beyond on November 14, 2013, 04:50:18 PM

Quote from: moderate on November 14, 2013, 04:21:40 PM

I can only hope that at some point you will realize this has nothing to do with cryptography.

I didn't notice this.

Yes, I do know that p2p has nothing to do with cryptography. But it's essential for decentralized cryptocurrency.

he's just got some bone to pick, I would ignore him.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: moderate on November 14, 2013, 04:21:40 PM

I can only hope that at some point you will realize this has nothing to do with cryptography.

I didn't notice this.

Yes, I do know that p2p has nothing to do with cryptography. But it's essential for decentralized cryptocurrency.

moderate

member

Activity: 98

Merit: 10

nearly dead

Quote from: bluemeanie1 on November 14, 2013, 04:34:55 PM

Quote from: moderate on November 14, 2013, 04:21:40 PM

Quote from: Come-from-Beyond on November 14, 2013, 04:10:19 PM

Quote from: bluemeanie1 on November 14, 2013, 03:37:06 PM

I would double check all your assumptions here. The problem of connecting two people behind NAT is non-trivial. I think what this article is talking about is a simple Browser API for connecting to other people who are connected to the server. You haven't taken the server out of the equation, although you might hide some of the complexities of this arrangement.

http://webrtchacks.com/an-intro-to-webrtcs-natfirewall-problem/

I can only hope that at some point you will realize this has nothing to do with cryptography.

Seems that the javascript crypto space is inhabited by various individuals hacking out their own ideas and not much organization or collaboration, which is strange because browser-based crypto is very commonly requested by the development community.

Start reading here http://www.matasano.com/articles/javascript-cryptography/

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: moderate on November 14, 2013, 04:21:40 PM

Quote from: Come-from-Beyond on November 14, 2013, 04:10:19 PM

Quote from: bluemeanie1 on November 14, 2013, 03:37:06 PM

I would double check all your assumptions here. The problem of connecting two people behind NAT is non-trivial. I think what this article is talking about is a simple Browser API for connecting to other people who are connected to the server. You haven't taken the server out of the equation, although you might hide some of the complexities of this arrangement.

http://webrtchacks.com/an-intro-to-webrtcs-natfirewall-problem/

I can only hope that at some point you will realize this has nothing to do with cryptography.

Crypto is part of the problem, interacting with the p2p network is another.

Seems that the javascript crypto space is inhabited by various individuals hacking out their own ideas and not much organization or collaboration, which is strange because browser-based crypto is very commonly requested by the development community.

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: Come-from-Beyond on November 14, 2013, 04:28:29 PM

Quote from: bluemeanie1 on November 14, 2013, 04:22:25 PM

have you worked much with WebRTC?

Not much, just played a little. This tech is still too raw.

I was looking at this also: http://www.pjsip.org/pjnath/docs/html/

it's a Java library that uses the same set of protocols for NAT traversal as WebRTC.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: bluemeanie1 on November 14, 2013, 04:22:25 PM

have you worked much with WebRTC?

Not much, just played a little. This tech is still too raw.

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: Come-from-Beyond on November 14, 2013, 04:10:19 PM

Quote from: bluemeanie1 on November 14, 2013, 03:37:06 PM

I would double check all your assumptions here. The problem of connecting two people behind NAT is non-trivial. I think what this article is talking about is a simple Browser API for connecting to other people who are connected to the server. You haven't taken the server out of the equation, although you might hide some of the complexities of this arrangement.

http://webrtchacks.com/an-intro-to-webrtcs-natfirewall-problem/

that is very interesting, thanks. I might actually use this in my project.

have you worked much with WebRTC?

moderate

member

Activity: 98

Merit: 10

nearly dead

Quote from: Come-from-Beyond on November 14, 2013, 04:10:19 PM

Quote from: bluemeanie1 on November 14, 2013, 03:37:06 PM

I would double check all your assumptions here. The problem of connecting two people behind NAT is non-trivial. I think what this article is talking about is a simple Browser API for connecting to other people who are connected to the server. You haven't taken the server out of the equation, although you might hide some of the complexities of this arrangement.

http://webrtchacks.com/an-intro-to-webrtcs-natfirewall-problem/

I can only hope that at some point you will realize this has nothing to do with cryptography.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: bluemeanie1 on November 14, 2013, 03:37:06 PM

I would double check all your assumptions here. The problem of connecting two people behind NAT is non-trivial. I think what this article is talking about is a simple Browser API for connecting to other people who are connected to the server. You haven't taken the server out of the equation, although you might hide some of the complexities of this arrangement.

http://webrtchacks.com/an-intro-to-webrtcs-natfirewall-problem/

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: Come-from-Beyond on November 14, 2013, 03:32:17 PM

Quote from: moderate on November 14, 2013, 03:04:59 PM

The only thing I can take from that is that you seriously confusing WebRTC with something else. The website is at http://www.webrtc.org/ the first paragraph is: WebRTC is a free, open project that enables web browsers with Real-Time Communications (RTC) capabilities via simple Javascript APIs.

Anyone interested in using crypto knows that webrtc has no role into this.

No, that's u who confuses WebRTC with something else. Look at the beginning of this article - http://www.pubnub.com/blog/making-peer-data-connections-in-the-browser-with-webrtc/.

Quote

Sending data between two users in today’s browser world is a tough process with JavaScript. Most developers rely on using a server as the middle man to send data to another user. This means setting up server technology that can handle this, as well as paying for scaling and bandwidth for all of your users. The fix for this problem is taking the shortest route between two users; commonly known as the WebRTC Peer Connection. The WebRTC Peer Connection makes a direct connection between two browsers so they can pass data between them.

I would double check all your assumptions here. The problem of connecting two people behind NAT is non-trivial. I think what this article is talking about is a simple Browser API for connecting to other people who are connected to the server. You haven't taken the server out of the equation, although you might hide some of the complexities of this arrangement.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: moderate on November 14, 2013, 03:04:59 PM

The only thing I can take from that is that you seriously confusing WebRTC with something else. The website is at http://www.webrtc.org/ the first paragraph is: WebRTC is a free, open project that enables web browsers with Real-Time Communications (RTC) capabilities via simple Javascript APIs.

Anyone interested in using crypto knows that webrtc has no role into this.

No, that's u who confuses WebRTC with something else. Look at the beginning of this article - http://www.pubnub.com/blog/making-peer-data-connections-in-the-browser-with-webrtc/.

Quote

Sending data between two users in today’s browser world is a tough process with JavaScript. Most developers rely on using a server as the middle man to send data to another user. This means setting up server technology that can handle this, as well as paying for scaling and bandwidth for all of your users. The fix for this problem is taking the shortest route between two users; commonly known as the WebRTC Peer Connection. The WebRTC Peer Connection makes a direct connection between two browsers so they can pass data between them.

moderate

member

Activity: 98

Merit: 10

nearly dead

Quote from: Come-from-Beyond on November 14, 2013, 02:52:07 PM

Quote from: moderate on November 14, 2013, 01:55:51 PM

Quote from: bluemeanie1 on November 14, 2013, 01:50:21 PM

Quote from: Come-from-Beyond on November 14, 2013, 01:42:38 PM

Quote from: bluemeanie1 on November 14, 2013, 01:31:37 PM

Does anyone have any thoughts on this? Possible? Impossible? Impractical? Just plain dumb? Brilliant? ... just thought I would gather some general input on this idea.

Possible. Add http://www.w3.org/TR/webrtc/ to the list.

interesting.

Interesting and useless for the purposes of this topic. Browsers won't even implement websockets properly in an uniform way (which is also pretty close to pointless here, do you want an interesting link for that too?), webrtc will take a good amount of years to become a standard.

No need to become a standard. Anyone interested in using crypto can download a browser that supports WebRTC if their soft doesn't support it already.

The only thing I can take from that is that you seriously confusing WebRTC with something else. The website is at http://www.webrtc.org/ the first paragraph is: WebRTC is a free, open project that enables web browsers with Real-Time Communications (RTC) capabilities via simple Javascript APIs.

Anyone interested in using crypto knows that webrtc has no role into this.

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: Come-from-Beyond on November 14, 2013, 02:52:07 PM

Quote from: moderate on November 14, 2013, 01:55:51 PM

Quote from: bluemeanie1 on November 14, 2013, 01:50:21 PM

Quote from: Come-from-Beyond on November 14, 2013, 01:42:38 PM

Quote from: bluemeanie1 on November 14, 2013, 01:31:37 PM

Does anyone have any thoughts on this? Possible? Impossible? Impractical? Just plain dumb? Brilliant? ... just thought I would gather some general input on this idea.

Possible. Add http://www.w3.org/TR/webrtc/ to the list.

interesting.

Interesting and useless for the purposes of this topic. Browsers won't even implement websockets properly in an uniform way (which is also pretty close to pointless here, do you want an interesting link for that too?), webrtc will take a good amount of years to become a standard.

No need to become a standard. Anyone interested in using crypto can download a browser that supports WebRTC if their soft doesn't support it already.

right, if you could do this for one major browser that would be a big accomplishment. HTML5 is pretty solid at this point, so I dont think theres much wiggly things there.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: moderate on November 14, 2013, 01:55:51 PM

Quote from: bluemeanie1 on November 14, 2013, 01:50:21 PM

Quote from: Come-from-Beyond on November 14, 2013, 01:42:38 PM

Quote from: bluemeanie1 on November 14, 2013, 01:31:37 PM

Does anyone have any thoughts on this? Possible? Impossible? Impractical? Just plain dumb? Brilliant? ... just thought I would gather some general input on this idea.

Possible. Add http://www.w3.org/TR/webrtc/ to the list.

interesting.

Interesting and useless for the purposes of this topic. Browsers won't even implement websockets properly in an uniform way (which is also pretty close to pointless here, do you want an interesting link for that too?), webrtc will take a good amount of years to become a standard.

No need to become a standard. Anyone interested in using crypto can download a browser that supports WebRTC if their soft doesn't support it already.

moderate

member

Activity: 98

Merit: 10

nearly dead

Quote from: bluemeanie1 on November 14, 2013, 02:08:03 PM

Quote from: moderate on November 14, 2013, 02:02:33 PM

Quote from: bluemeanie1 on November 14, 2013, 01:57:50 PM

Quote from: moderate on November 14, 2013, 01:52:29 PM

Quote from: bluemeanie1 on November 14, 2013, 01:49:30 PM

Quote from: moderate on November 14, 2013, 01:42:29 PM

This is not new, you missed it by some years now. It is also slow and unaudited.

do you have a link to what you're referring to?

I don't have to, the own link you posted is from 2009.

in other words, you dont have a link- you just wanted to try and start a fight.

http://www-cs-students.stanford.edu/~tjw/jsbn/

Last modified: Tue Sep 15 23:30:00 PST 2009

Good job.

you linked another library for JS based javascipt. um, thanks?

You linked that lib, gosh.. Are you claiming that I am you and I posted your original post ?

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: moderate on November 14, 2013, 02:02:33 PM

Quote from: bluemeanie1 on November 14, 2013, 01:57:50 PM

Quote from: moderate on November 14, 2013, 01:52:29 PM

Quote from: bluemeanie1 on November 14, 2013, 01:49:30 PM

Quote from: moderate on November 14, 2013, 01:42:29 PM

This is not new, you missed it by some years now. It is also slow and unaudited.

do you have a link to what you're referring to?

I don't have to, the own link you posted is from 2009.

in other words, you dont have a link- you just wanted to try and start a fight.

http://www-cs-students.stanford.edu/~tjw/jsbn/

Last modified: Tue Sep 15 23:30:00 PST 2009

Good job.

you linked another library for JS based javascipt. um, thanks?

has nothing to do with your sordid claim above, but not sure how being a complete jerk on this thread is paying off for you?

moderate

member

Activity: 98

Merit: 10

nearly dead

Quote from: bluemeanie1 on November 14, 2013, 01:57:50 PM

Quote from: moderate on November 14, 2013, 01:52:29 PM

Quote from: bluemeanie1 on November 14, 2013, 01:49:30 PM

Quote from: moderate on November 14, 2013, 01:42:29 PM

This is not new, you missed it by some years now. It is also slow and unaudited.

do you have a link to what you're referring to?

I don't have to, the own link you posted is from 2009.

in other words, you dont have a link- you just wanted to try and start a fight.

http://www-cs-students.stanford.edu/~tjw/jsbn/

Last modified: Tue Sep 15 23:30:00 PST 2009

Good job.

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: moderate on November 14, 2013, 01:52:29 PM

Quote from: bluemeanie1 on November 14, 2013, 01:49:30 PM

Quote from: moderate on November 14, 2013, 01:42:29 PM

This is not new, you missed it by some years now. It is also slow and unaudited.

do you have a link to what you're referring to?

I don't have to, the own link you posted is from 2009.

in other words, you dont have a link- you just wanted to try and start a fight.

moderate

member

Activity: 98

Merit: 10

nearly dead

Quote from: bluemeanie1 on November 14, 2013, 01:50:21 PM

Quote from: Come-from-Beyond on November 14, 2013, 01:42:38 PM

Quote from: bluemeanie1 on November 14, 2013, 01:31:37 PM

Does anyone have any thoughts on this? Possible? Impossible? Impractical? Just plain dumb? Brilliant? ... just thought I would gather some general input on this idea.

Possible. Add http://www.w3.org/TR/webrtc/ to the list.

interesting.

Interesting and useless for the purposes of this topic. Browsers won't even implement websockets properly in an uniform way (which is also pretty close to pointless here, do you want an interesting link for that too?), webrtc will take a good amount of years to become a standard.

moderate

member

Activity: 98

Merit: 10

nearly dead

Quote from: bluemeanie1 on November 14, 2013, 01:49:30 PM

Quote from: moderate on November 14, 2013, 01:42:29 PM

This is not new, you missed it by some years now. It is also slow and unaudited.

do you have a link to what you're referring to?

I don't have to, the own link you posted is from 2009.

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: Come-from-Beyond on November 14, 2013, 01:42:38 PM

Quote from: bluemeanie1 on November 14, 2013, 01:31:37 PM

Does anyone have any thoughts on this? Possible? Impossible? Impractical? Just plain dumb? Brilliant? ... just thought I would gather some general input on this idea.

Possible. Add http://www.w3.org/TR/webrtc/ to the list.

interesting.

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Quote from: moderate on November 14, 2013, 01:42:29 PM

This is not new, you missed it by some years now. It is also slow and unaudited.

do you have a link to what you're referring to?

I researched this quite heavily about a year ago and it would have been very difficult at that point to develop a browser based crypto currency client. NodeJS-based is a different story.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: bluemeanie1 on November 14, 2013, 01:31:37 PM

Does anyone have any thoughts on this? Possible? Impossible? Impractical? Just plain dumb? Brilliant? ... just thought I would gather some general input on this idea.

Possible. Add http://www.w3.org/TR/webrtc/ to the list.

moderate

member

Activity: 98

Merit: 10

nearly dead

This is not new, you missed it by some years now. It is also slow and unaudited.

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

some other similar libraries:

// this one actually has a digital currency application built with it.

http://openpgpjs.org/

http://code.google.com/p/crypto-js/

// this one boasts SHA-256 capability

http://caligatio.github.io/jsSHA/

seems the efforts in this space are divided and there are no obvious technology standards.

-bm

bluemeanie1

sr. member

Activity: 280

Merit: 257

bluemeanie

Hello,

Seems there is a new possible platform emerging for cryptocurrency, using the Browser for the client.

This library claims it can do ECC pub/private key encryption in the browser: http://www-cs-students.stanford.edu/~tjw/jsbn/

Using HTML5, you can store the keys in the browser database: http://www.html5rocks.com/en/features/storage

There are also some file system access functions as well: http://www.html5rocks.com/en/tutorials/file/filesystem/ . Thus you could have a wallet.dat file in your regular file system. The problem of key storage has a lot of complex security considerations and is probably the most difficult aspect of doing this correctly.

It could potentially be used as a Bitcoin SPV client, although my interest is something slightly different. I have not really confirmed this fully.

Does anyone have any thoughts on this? Possible? Impossible? Impractical? Just plain dumb? Brilliant? ... just thought I would gather some general input on this idea.

thanks, -bm

Topic: A Browser Based Cryptocurrency Client [real devs only please] (Read 2636 times)