Topic: [VIDEO] BitcoinJS talk at ISSS/Webtuesday (Read 793 times)

Thanks! I will forward this response to the forum member who first brought it to my attention.

Cheers,

The main point of the article is that if the server sent you the JavaScript, you're already trusting the server, so you might as well do the crypto stuff server side and use SSL for transmission.

Browser-based crypto is by no means our end goal, but rather a stepping stone. Here are some of the things I am working on or predicting:

Downloadable bundles. There is no reason you can't take the HTML/JS from bitcoinjs-gui, package it up as an AIR or xulrunner app and have people download and install it. It would then have the same properties as regular Bitcoin with respect to software delivery.

Software security device. If you have more than a few bitcents you can install a piece of software that moves your keys and the crypto outside of the browser. If you initiate a transaction within Webcoin or another client, the locally installed software will pop up a window showing the details of the transaction pending your final confirmation.

Building a dedicated software security device will also pave the way for:

Hardware security device. For even larger amounts no measure of software security will be sufficient. A hardware device with a display and internal signing would definitely by a major step forward.

Split key signing. Half your key is on your device, the other half is at a wallet hosting service. The service could offer any kind of verification you want: Yubikey, SMS, phone call, whatever. You'd probably set a daily limit. Under the limit you don't need any special verification. Note that you could have both keys as physical backups, so you wouldn't be dependent on the hosting service if they decide to randomly disappear one day.

Also I want to point out that the only part of BitcoinJS that this criticism affects at all is Webcoin. I know some folks are working on various native clients that use our server APIs, but could be implemented in Java, Objective-C, C#, etc.

Hi Stefan:

I mentioned you on another thread, and one of the forum members posted this http://www.matasano.com/articles/javascript-cryptography/

It was done without a hint of malice, unlike so many other things on these forums, so I am genuinely interested in knowing whether you have examined it or can comment on it.

For the record, the reason he posted it is because on the other thread I mentioned how your work was one of the best things about to come out for Bitcoin.

Cheers,

A lot of people complained about the video/audio quality for my NY Bitcoin Conference talk, so I thought I'd post... another talk in horrible audio quality.

http://www.youtube.com/watch?v=JkOdWY4ILGI

This was given before the Bitcoin Conference and is basically a longer version of the talk that I gave in New York. There is a bit of everything, from very basic Q&A about Bitcoin itself to some pretty advanced tips about developing servers with Node.js. The audience were mostly web developers and people were asking questions at several points throughout the talk.

To be completely honest, given the audio and the length, it's probably not going to be for everybody. I'd only recommend this if you're a card-carrying Node.js fan.