Author

Topic: Has someone evaluated the security of the alternative clients? (Read 1212 times)

full member
Activity: 193
Merit: 100
If there are some experts too, i ll appreciate a review of BitPurse client code : http://github.com/khertan/BitPurse

Regards,
legendary
Activity: 1526
Merit: 1134
That post about weak signatures doesn't mention that the thing creating them was a test version of some hardware and they knew that the signatures were bad, but didn't care at that point in their development. Most wallets use regular crypto libraries that get random numbers from the OS.
legendary
Activity: 1092
Merit: 1016
090930
IIRC, BkkCoins (as well as many others) recently reviewed the whole Electrum source code before deciding
to use it.  I also go over the code from time to time.

I can't speak for the other clients, as I'm less familiar with them.
jr. member
Activity: 57
Merit: 1
So I have just read this link and it made me think: There are so many factors to consider to create a reasonably safe bitcoin client that there ought to be a flawed and exploitable client sooner or later.
So, has someone evaluated the security of the most used clients (Satoshi, Electrum, Armory, blockchain-info, ...) so it's safe to assume that the generated private keys are unguessable? I'm talking about weak RNGs, reused random numbers and the like. Unfortunately I know way to little about cryptography to do it myself.

Also it would be useful if someone with more grasp of the concept could create a checklist of possible vulnerabilities to avoid when coding a bitcoin client.
Jump to: