Bitcoin Forum
December 16, 2017, 11:45:02 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Has someone evaluated the security of the alternative clients?  (Read 1068 times)
Nick
Jr. Member
*
Offline Offline

Activity: 57


View Profile
March 20, 2013, 12:24:22 AM
 #1

So I have just read this link and it made me think: There are so many factors to consider to create a reasonably safe bitcoin client that there ought to be a flawed and exploitable client sooner or later.
So, has someone evaluated the security of the most used clients (Satoshi, Electrum, Armory, blockchain-info, ...) so it's safe to assume that the generated private keys are unguessable? I'm talking about weak RNGs, reused random numbers and the like. Unfortunately I know way to little about cryptography to do it myself.

Also it would be useful if someone with more grasp of the concept could create a checklist of possible vulnerabilities to avoid when coding a bitcoin client.

0d0bb056a3593ce7585321bbcbf6318048f18cedc312530f80ebf3cabf4bc984
1513467902
Hero Member
*
Offline Offline

Posts: 1513467902

View Profile Personal Message (Offline)

Ignore
1513467902
Reply with quote  #2

1513467902
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513467902
Hero Member
*
Offline Offline

Posts: 1513467902

View Profile Personal Message (Offline)

Ignore
1513467902
Reply with quote  #2

1513467902
Report to moderator
1513467902
Hero Member
*
Offline Offline

Posts: 1513467902

View Profile Personal Message (Offline)

Ignore
1513467902
Reply with quote  #2

1513467902
Report to moderator
1513467902
Hero Member
*
Offline Offline

Posts: 1513467902

View Profile Personal Message (Offline)

Ignore
1513467902
Reply with quote  #2

1513467902
Report to moderator
flatfly
Legendary
*
Offline Offline

Activity: 1008


View Profile
March 20, 2013, 07:43:36 PM
 #2

IIRC, BkkCoins (as well as many others) recently reviewed the whole Electrum source code before deciding
to use it.  I also go over the code from time to time.

I can't speak for the other clients, as I'm less familiar with them.

1111127SpvabYpoeDoiz5L7QPkfiSh2Q. Only donate if you have a reason to.
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526


View Profile
March 21, 2013, 12:29:24 PM
 #3

That post about weak signatures doesn't mention that the thing creating them was a test version of some hardware and they knew that the signatures were bad, but didn't care at that point in their development. Most wallets use regular crypto libraries that get random numbers from the OS.
Khertan
Full Member
***
Offline Offline

Activity: 193


View Profile WWW
March 22, 2013, 03:40:28 PM
 #4

If there are some experts too, i ll appreciate a review of BitPurse client code : http://github.com/khertan/BitPurse

Regards,

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!