Bitcoin Forum
April 27, 2024, 04:16:45 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Wallet software > Has someone evaluated the security of the alternative clients?
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Has someone evaluated the security of the alternative clients?  (Read 1190 times)
Nick (OP)
Newbie
*
Offline Offline

Activity: 57
Merit: 0


View Profile
March 20, 2013, 12:24:22 AM
 #1
So I have just read this link and it made me think: There are so many factors to consider to create a reasonably safe bitcoin client that there ought to be a flawed and exploitable client sooner or later.
So, has someone evaluated the security of the most used clients (Satoshi, Electrum, Armory, blockchain-info, ...) so it's safe to assume that the generated private keys are unguessable? I'm talking about weak RNGs, reused random numbers and the like. Unfortunately I know way to little about cryptography to do it myself.

Also it would be useful if someone with more grasp of the concept could create a checklist of possible vulnerabilities to avoid when coding a bitcoin client.
"Bitcoin: mining our own business since 2009" -- Pieter Wuille
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1714191405
Hero Member
*
Offline Offline

Posts: 1714191405

View Profile Personal Message (Offline)

Ignore
1714191405
1714191405
Reply with quote  #2
1714191405
Report to moderator
flatfly
Legendary
*
Offline Offline

Activity: 1078
Merit: 1011

760930


View Profile
March 20, 2013, 07:43:36 PM
 #2
IIRC, BkkCoins (as well as many others) recently reviewed the whole Electrum source code before deciding
to use it.  I also go over the code from time to time.

I can't speak for the other clients, as I'm less familiar with them.
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1128


View Profile
March 21, 2013, 12:29:24 PM
 #3
That post about weak signatures doesn't mention that the thing creating them was a test version of some hardware and they knew that the signatures were bad, but didn't care at that point in their development. Most wallets use regular crypto libraries that get random numbers from the OS.
Khertan
Full Member
***
Offline Offline

Activity: 193
Merit: 100


View Profile WWW
March 22, 2013, 03:40:28 PM
 #4
If there are some experts too, i ll appreciate a review of BitPurse client code : http://github.com/khertan/BitPurse

Regards,
bitcoin:1Khertan7mpfbabM531QTsnDXBdK7sDYxL -- BitPurse Bitcoin Client for n9 : http://khertan.net/projects/bitpurse
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Wallet software > Has someone evaluated the security of the alternative clients?
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!