Topic: Security of using brainwallet.org for Tx's. (Read 856 times)
There is a bug on the site. Check fee before sending.
According to this: https://code.google.com/p/chromium/issues/detail?id=45580 and http://trac.webkit.org/browser/trunk/Source/WebCore/page/Crypto.cpp Chrome implements cryptographically secure random values.
I know Opera also does that and they have Firefox running its own window.crypto.random method.
I guess you are right EmperorBob however it is not a practical approach though in my case.
I know Opera also does that and they have Firefox running its own window.crypto.random method.
I guess you are right EmperorBob however it is not a practical approach though in my case.
The library BitcoinJS doesn't seem to have a really good impementation of random number generator: https://github.com/prusnak/papercoin/issues/2
Could this make the transactions less secure?
Could this make the transactions less secure?
I can't comment at how secure their seeding approach is without digging into the code, but yes, a bad rng can lead to transactions being created that leak your private key. Again, you can avoid this issue entirely by never reusing addresses.
The library BitcoinJS doesn't seem to have a really good impementation of random number generator: https://github.com/prusnak/papercoin/issues/2
Could this make the transactions less secure?
Could this make the transactions less secure?
Also I have noticed that the original client makes new PK's for each transaction what is the benefit of doing this?
Making new addresses every time, so that each is used only once has 2 advantages:
1. Offers some level of protection against bad implementations of ECC (like we saw with the android SecureRandom bug).
2. Increases financial privacy, because it makes it hard to know which output is the actual money sent, and which is the change. If all your money is stored under one address, deanonymizing that address is much more harmful.
I would like to know your opinion on the security on http://brainwallet.org/#tx.
I have a downloaded a offline copy with which I create a raw tx to later submit on the network. Is this pratice secure?
Also I have noticed that the original client makes new PK's for each transaction what is the benefit of doing this?
I have a downloaded a offline copy with which I create a raw tx to later submit on the network. Is this pratice secure?
Also I have noticed that the original client makes new PK's for each transaction what is the benefit of doing this?
Jump to: