Bitcoin Forum
June 20, 2024, 06:16:25 AM *
News: Voting for pizza day contest
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Bitcoin Discussion > Security of using brainwallet.org for Tx's.
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Security of using brainwallet.org for Tx's.  (Read 860 times)
MrVivaldi (OP)
Newbie
*
Offline Offline

Activity: 37
Merit: 0



View Profile
August 28, 2013, 08:33:52 PM
 #1
I would like to know your opinion on the security on http://brainwallet.org/#tx.
I have a downloaded a offline copy with which I create a raw tx to later submit on the network. Is this pratice secure?

Also I have noticed that the original client makes new PK's for each transaction what is the benefit of doing this?
EmperorBob
Member
**
Offline Offline

Activity: 67
Merit: 10


View Profile
August 28, 2013, 08:55:18 PM
 #2
Quote from: MrVivaldi on August 28, 2013, 08:33:52 PM
Also I have noticed that the original client makes new PK's for each transaction what is the benefit of doing this?

Making new addresses every time, so that each is used only once has 2 advantages:
1. Offers some level of protection against bad implementations of ECC (like we saw with the android SecureRandom bug).
2. Increases financial privacy, because it makes it hard to know which output is the actual money sent, and which is the change. If all your money is stored under one address, deanonymizing that address is much more harmful.
MrVivaldi (OP)
Newbie
*
Offline Offline

Activity: 37
Merit: 0



View Profile
August 28, 2013, 09:23:16 PM
 #3
The library BitcoinJS doesn't seem to have a really good impementation of random number generator: https://github.com/prusnak/papercoin/issues/2

Could this make the transactions less secure?
EmperorBob
Member
**
Offline Offline

Activity: 67
Merit: 10


View Profile
August 28, 2013, 11:26:28 PM
 #4
Quote from: MrVivaldi on August 28, 2013, 09:23:16 PM
The library BitcoinJS doesn't seem to have a really good impementation of random number generator: https://github.com/prusnak/papercoin/issues/2

Could this make the transactions less secure?

I can't comment at how secure their seeding approach is without digging into the code, but yes, a bad rng can lead to transactions being created that leak your private key. Again, you can avoid this issue entirely by never reusing addresses.
MrVivaldi (OP)
Newbie
*
Offline Offline

Activity: 37
Merit: 0



View Profile
August 29, 2013, 12:17:17 AM
 #5
According to this: https://code.google.com/p/chromium/issues/detail?id=45580 and http://trac.webkit.org/browser/trunk/Source/WebCore/page/Crypto.cpp Chrome implements cryptographically secure random values.

I know Opera also does that and they have Firefox running its own window.crypto.random method.

I guess you are right EmperorBob however it is not a practical approach though in my case.
hathmill
Full Member
***
Offline Offline

Activity: 186
Merit: 100



View Profile
August 29, 2013, 06:19:21 AM
 #6
There is a bug on the site. Check fee before sending.
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Bitcoin Discussion > Security of using brainwallet.org for Tx's.
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!