Pages:
Author

Topic: You think you don't need to trust blockchain.info ? Think again (Read 14123 times)

hero member
Activity: 910
Merit: 1005
Since this old thread has been necro'd I might as well post an update.

Fully packaged browser extensions are now available for Chrome and Firefox, which addresses the concern in the original post:

Info:

https://blockchain.info/wallet/browser-extension

Chrome:

https://chrome.google.com/webstore/detail/blockchain/glaohkkooicollgefkkmndjcbblominl

Firefox:

https://addons.mozilla.org/en-US/firefox/addon/my-wallet/
hero member
Activity: 644
Merit: 500
P2P The Planet!
Switched over from blockchain.info wallet to an offiline wallet.

I sleep better.
legendary
Activity: 2632
Merit: 1023
I installed that javascipt checker mywallet 1.9 that tells me if the JS has had something injected into it....does this help much?Huh


This is true for all wallets that advertise in-browser cryptography.

They are all vulnerable to code-poisoning when the central server gets compromised.

To properly do javascript cryptography you need to publish a signed browser extension that therefore doesn't get served dynamically and therefore is invulnerable to server-side code-poisoning.

Basically, that means that blockchain.info, strongcoin.com, {insert client-side JS wallet here} is inherently less safe than a standalone client, and not much safer than a hosted wallet.

Thoughts welcome !
sr. member
Activity: 248
Merit: 250
This is true for all wallets that advertise in-browser cryptography.

They are all vulnerable to code-poisoning when the central server gets compromised.

To properly do javascript cryptography you need to publish a signed browser extension that therefore doesn't get served dynamically and therefore is invulnerable to server-side code-poisoning.

Basically, that means that blockchain.info, strongcoin.com, {insert client-side JS wallet here} is inherently less safe than a standalone client, and not much safer than a hosted wallet.

Thoughts welcome !

Sorry to dredge up an old conversation, especially when I obviously don't understand what is being said as well as any of the posters in this thread, but I had a question about the security issue discussed. here.

Would the dangers you discuss, server-side poisoning, dishonest site owner using any of the methods you discuss, etc., still apply in the case of someone who carried out the procedure of creating a wach-only address by logging in, disconnecting internet, creating the address in private browsing mode, printing out the paper wallet for the new address, deleting all traces in the browser, then logging in and importing the new address as a new watch only address?

I mean to say that if this procedure was done so that the address and private key were created offline and then if the user NEVER sent bitcoins out of that address, therefore never entering the private key for the transaction, would the site owner or someone who poisoined the code still be able to derive the private key in some way? I mean if a user had a watch only address in their wallet and never even entered the private key to send coins then how could the private key be captured?

Thanks for any responses!
hero member
Activity: 742
Merit: 500
FYI the entire discussion in this thread will with the arrival of hardware wallets soon be irrelevant. I hope that even blockchain.info will make use of them.
OMG YES
legendary
Activity: 1078
Merit: 1003
FYI the entire discussion in this thread will with the arrival of hardware wallets soon be irrelevant. I hope that even blockchain.info will make use of them.
sr. member
Activity: 330
Merit: 397

Basically, that means that blockchain.info, strongcoin.com, {insert client-side JS wallet here} is inherently less safe than a standalone client, and not much safer than a hosted wallet.


Even if your claims on security are completely correct, I still somewhat disagree. The single worst disaster relating to hosted Bitcoin wallets that we have had in 2012, Bitcoinica, was not due to malicious action - it was due to inaction and a bad default. Of course, the thefts did precipitate the whole debacle, but the money that was actually stolen is only about a third of the sum that account holders actually had, and the reason why the other two thirds still haven't been returned is because the money sat in Bitcoinica's wallet and so when Patrick et al simply sat on the money for two months by default that money was not accessible to users. With a Blockchain-like setup (obviously a strictly blockchain-like setup can't really be used for a Bitcoinica-like application, as it needs access to the money to operate, but that's beside the point here), the default would instead have been for users to be able to instantly access and recover their funds from a backup. It's not inaction, but active theft, that would be the threshold required for customers to actually lose any money - a threshold which, if you break and are caught, will likely lead to you going to jail.
donator
Activity: 1218
Merit: 1079
Gerald Davis
Why does blockchain's mywallet use a JS wallet and a browser plugin to verify it? Why not simply a browser plugin like lastpass? Wouldn't that be more secure?

The advantage of having the encryption and signing done in javascript is the source is available.  Can you make a browser plugin in javascript?  If so then it likely isn't any more secure but it certainly isn't any less secure.  If the browser plugin is running opaque code then it is significantly less secure than using javascript.
member
Activity: 104
Merit: 10
Why does blockchain's mywallet use a JS wallet and a browser plugin to verify it? Why not simply a browser plugin like lastpass? Wouldn't that be more secure?
legendary
Activity: 1078
Merit: 1003
When I goto https://blockchain.info/wallet/ my wallet verifier extension gives the below message?

https://chrome.google.com/webstore/detail/kcapglakfcodkajgllmkiddclghogkic

Message: "*** Serious Error - Javascript inconsistencies found. Maybe malicious - Do not Login! Please contact [email protected]"

Since I switched back to firefox I haven't seen this massage yet but when I used chrome I did see this from time to time and usually if I refreshed the site the message went away. I know there's an explanation for this but I forgot what it is..
member
Activity: 93
Merit: 10
When I goto https://blockchain.info/wallet/ my wallet verifier extension gives the below message?

https://chrome.google.com/webstore/detail/kcapglakfcodkajgllmkiddclghogkic

Message: "*** Serious Error - Javascript inconsistencies found. Maybe malicious - Do not Login! Please contact [email protected]"

Also in the reviews one of the guy was saying the permissions seemed to have changed on the extension?

What's going on?
hero member
Activity: 560
Merit: 500
I am the one who knocks
I never said you didn't need to trust them, my point was you need to trust the publisher of any client you use.  This fact is no different with a desktop or web based client.
You are correct, however the trust models are quite different for the official client versus a JS wallet.
The official client's code is extensively peer-reviewed and enables multiple different developers to check for the binary hash consistence.
A JS wallet dynamically serves code to you, it opens a LOT more possibilities.

A bitcoin developer cannot wake up one morning and decide he'll steal funds from already installed clients. A JS wallet operator has a variety of options if he wants to do that.

I would agree with the highlighted statements above.

And for my turn to somewhat spread FUD: I would venture to say that most people don't check the signatures when they download, so they are relying on others to do that for them and check for discrepancies.  Also not all clients either can or do that (Bitcoin-Qt on OSX for one).  So most are just assuming that the clients are valid when we don't really know for sure.

HOWEVER, I believe it is highly unlikely that any well known client developer (or commiter) would sneak in some back-door code to turn on at a later date.  Possibility vs probability.  Now Uncle Jimmy's S00per S3kr1t Wallet on the other I might not trust so much....
legendary
Activity: 1372
Merit: 1008
1davout
I never said you didn't need to trust them, my point was you need to trust the publisher of any client you use.  This fact is no different with a desktop or web based client.
You are correct, however the trust models are quite different for the official client versus a JS wallet.
The official client's code is extensively peer-reviewed and enables multiple different developers to check for the binary hash consistence.
A JS wallet dynamically serves code to you, it opens a LOT more possibilities.

A bitcoin developer cannot wake up one morning and decide he'll steal funds from already installed clients. A JS wallet operator has a variety of options if he wants to do that.
hero member
Activity: 560
Merit: 500
I am the one who knocks
If you think you do not need to trust the operator of a JS wallet when you use it, then you need to think again. It's not sensationalist, it's not an opinion, it's not a comparison, it's just a fact. It doesn't mean JS wallets are good, bad, better than X or worse than Y, it's just something that I wanted to remind to people who have an interest in JS wallets.

I never said you didn't need to trust them, my point was you need to trust the publisher of any client you use.  This fact is no different with a desktop or web based client.

And while your quote above is correct it is also, in my opinion, misleading.  I believe that it implies that you do not have to trust the developers of other bitcoin clients, which is of course not the case at all.
hero member
Activity: 504
Merit: 502
He said http://blockchain.info/address/1FrtkNXastDoMAaorowys27AKQERxgmZjY was Instawallet cold storage address.
I stand by my words. I don't see how spreading the balance among multiple addresses would make the security model any stronger when they're stored in the same bank safe. But that's just my 25000 BTC. Plus I really like the transparency that it provides.

What transparency?  Without publishing every account balance, and having every user publicly verify that their balance is listed in that publication, the presence of an address with a balance doesn't tell us anything.  The site operator might have skimmed 10% off the total -- how does publishing the address with 90% of the balance on prove that that hasn't happened?

After sleeping on this something else has occured to me on the topic.
[...]
But to spread FUD that is opinionated and uneducated is just irresponsible.
I'm stating precise facts. If a JS wallet operator wakes up one day and decides to steal your funds, he has a variety of options to pick from depending on whether he cares about getting caught or not, whether he has time on his hands or not etc. I think reminding this simple fact is a quite responsible attitude actually, because I believe that people tend to forget it or were never aware of it in the first place.

None of this conversation is FUD; it's an informative debate.

You've missed out one key option that JS wallets offer and hosted wallets don't: the ability to use exactly the same API as the JS does, but on a custom, unchanging binary.  Just like the blockchain.info app does.

In that case, the fully encrypted data is accessed only by the binary I obtained once and only once; would not be affected by any amount of site compromises and the encrypted wallet can be kept backed up on the device, so even in the event of a malicious site deletion (Bitcoinica anyone?) the wallet is still in my possession.  To me this is the optimum point in the convenience/security trade off.  The wost a compromised site can do is lie about new transactions being received or not received, and not forward transactions issued to its API.  It cannot steal funds from anyone.

If you think you do not need to trust the operator of a JS wallet when you use it, then you need to think again. It's not sensationalist, it's not an opinion, it's not a comparison, it's just a fact. It doesn't mean JS wallets are good, bad, better than X or worse than Y, it's just something that I wanted to remind to people who have an interest in JS wallets.

I don't think that's true; the debate and comparisons going on in this thread definitely are to decide whether JS wallets are better/more secure than a hosted wallet.  It's my opinion that they are.

That doesn't mean every instawallet-like service is a scam or even untrustworthy.
legendary
Activity: 1078
Merit: 1003
I for one appreciate you highlighting this fact since I was under the mistaken impression I didn't need to trust the operator of for example the blockchain ewallet on any level given the use of local encryption.

So thank you.
Maybe piuk should make a link to this page in more places.  https://blockchain.info/wallet/verifier

Yes absolutely. It's the first time I'm seeing it and I thought I thoroughly explored his site.
hero member
Activity: 742
Merit: 500
I for one appreciate you highlighting this fact since I was under the mistaken impression I didn't need to trust the operator of for example the blockchain ewallet on any level given the use of local encryption.

So thank you.
Maybe piuk should make a link to this page in more places.  https://blockchain.info/wallet/verifier

this is precisely why some of us like offline solutions like Armory.
Armory is a completely different use case than web clients.  I can't use armory from my phone to quickly send funds.
legendary
Activity: 1764
Merit: 1002
this is precisely why some of us like offline solutions like Armory.
legendary
Activity: 1078
Merit: 1003
I for one appreciate you highlighting this fact since I was under the mistaken impression I didn't need to trust the operator of for example the blockchain ewallet on any level given the use of local encryption.

So thank you.
legendary
Activity: 1372
Merit: 1008
1davout
He said http://blockchain.info/address/1FrtkNXastDoMAaorowys27AKQERxgmZjY was Instawallet cold storage address.
I stand by my words. I don't see how spreading the balance among multiple addresses would make the security model any stronger when they're stored in the same bank safe. But that's just my 25000 BTC. Plus I really like the transparency that it provides.

After sleeping on this something else has occured to me on the topic.
[...]
But to spread FUD that is opinionated and uneducated is just irresponsible.
I'm stating precise facts. If a JS wallet operator wakes up one day and decides to steal your funds, he has a variety of options to pick from depending on whether he cares about getting caught or not, whether he has time on his hands or not etc. I think reminding this simple fact is a quite responsible attitude actually, because I believe that people tend to forget it or were never aware of it in the first place.

Stating a fact does not imply making a judgement one way or another.

If you think you do not need to trust the operator of a JS wallet when you use it, then you need to think again. It's not sensationalist, it's not an opinion, it's not a comparison, it's just a fact. It doesn't mean JS wallets are good, bad, better than X or worse than Y, it's just something that I wanted to remind to people who have an interest in JS wallets.
Pages:
Jump to: