Idea to increase security of online wallets like Blockchain.info

glitch003

full member

Activity: 219

Merit: 101

Quote from: piuk on April 04, 2013, 05:15:53 PM

Quote from: glitch003 on April 04, 2013, 12:36:30 PM

It could be as simple as a site called blockchaininfocheck.com, and it would simply download the blockchain.info site to your browser and do an MD5 hash on the relevant javascript that handles the online wallet functionality.

We have internal monitoring that does this, perhaps it would be good to show it publicly as well. The browser extension Shermo links also does a similar thing however the HTML markup itself also need sanitising which is more difficult.

A more full proof solution is : https://blockchain.info/wallet/browser-extension

This is awesome, thanks!

piuk

hero member

Activity: 910

Merit: 1005

Quote from: glitch003 on April 04, 2013, 12:36:30 PM

It could be as simple as a site called blockchaininfocheck.com, and it would simply download the blockchain.info site to your browser and do an MD5 hash on the relevant javascript that handles the online wallet functionality.

We have internal monitoring that does this, perhaps it would be good to show it publicly as well. The browser extension Shermo links also does a similar thing however the HTML markup itself also need sanitising which is more difficult.

A more full proof solution is : https://blockchain.info/wallet/browser-extension

twolifeinexile

full member

Activity: 154

Merit: 100

Quote from: glitch003 on April 04, 2013, 12:36:30 PM

So the biggest security threat to the blockchain.info wallet, IMO, is someone somehow injecting javascript that snatches your account password.

Should we create a way to tell if the code has been changed or been compromised? It could be as simple as a site called blockchaininfocheck.com, and it would simply download the blockchain.info site to your browser and do an MD5 hash on the relevant javascript that handles the online wallet functionality. It would then compare the generated MD5 to an MD5 of a known good copy of the blockchain site. If the MD5's match, it could tell you and forward you to blockchain.info since it has been deemed safe.

This could also be developed as a browser extension/plugin.

In this way, an attacker would need to compromise the blockchain.info site AND the 3rd-party blockchaininfocheck.com site.

Does something like this already exist?

Discuss.

Totally concur, we desperately need something like this.

Shermo

sr. member

Activity: 272

Merit: 250

Like this?

https://chrome.google.com/webstore/detail/my-wallet-verifier/kcapglakfcodkajgllmkiddclghogkic

glitch003

full member

Activity: 219

Merit: 101

So the biggest security threat to the blockchain.info wallet, IMO, is someone somehow injecting javascript that snatches your account password.

Should we create a way to tell if the code has been changed or been compromised? It could be as simple as a site called blockchaininfocheck.com, and it would simply download the blockchain.info site to your browser and do an MD5 hash on the relevant javascript that handles the online wallet functionality. It would then compare the generated MD5 to an MD5 of a known good copy of the blockchain site. If the MD5's match, it could tell you and forward you to blockchain.info since it has been deemed safe.

This could also be developed as a browser extension/plugin.

In this way, an attacker would need to compromise the blockchain.info site AND the 3rd-party blockchaininfocheck.com site.

Does something like this already exist?

Discuss.

Topic: Idea to increase security of online wallets like Blockchain.info (Read 697 times)