Author

Topic: Security of using brainwallet.org for Tx's. (Read 868 times)

full member
Activity: 186
Merit: 100
August 29, 2013, 01:19:21 AM
#6
There is a bug on the site. Check fee before sending.
newbie
Activity: 37
Merit: 0
According to this: https://code.google.com/p/chromium/issues/detail?id=45580 and http://trac.webkit.org/browser/trunk/Source/WebCore/page/Crypto.cpp Chrome implements cryptographically secure random values.

I know Opera also does that and they have Firefox running its own window.crypto.random method.

I guess you are right EmperorBob however it is not a practical approach though in my case.
member
Activity: 67
Merit: 10
The library BitcoinJS doesn't seem to have a really good impementation of random number generator: https://github.com/prusnak/papercoin/issues/2

Could this make the transactions less secure?

I can't comment at how secure their seeding approach is without digging into the code, but yes, a bad rng can lead to transactions being created that leak your private key. Again, you can avoid this issue entirely by never reusing addresses.
newbie
Activity: 37
Merit: 0
The library BitcoinJS doesn't seem to have a really good impementation of random number generator: https://github.com/prusnak/papercoin/issues/2

Could this make the transactions less secure?
member
Activity: 67
Merit: 10
Also I have noticed that the original client makes new PK's for each transaction what is the benefit of doing this?

Making new addresses every time, so that each is used only once has 2 advantages:
1. Offers some level of protection against bad implementations of ECC (like we saw with the android SecureRandom bug).
2. Increases financial privacy, because it makes it hard to know which output is the actual money sent, and which is the change. If all your money is stored under one address, deanonymizing that address is much more harmful.
newbie
Activity: 37
Merit: 0
I would like to know your opinion on the security on http://brainwallet.org/#tx.
I have a downloaded a offline copy with which I create a raw tx to later submit on the network. Is this pratice secure?

Also I have noticed that the original client makes new PK's for each transaction what is the benefit of doing this?
Jump to: