Bitcoin Forum
April 21, 2018, 01:58:45 AM *
News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
   Home   Help Search Donate Login Register  
Pages: [1]
Author Topic: Has someone evaluated the security of the alternative clients?  (Read 1068 times)
Jr. Member
Offline Offline

Activity: 57
Merit: 0

View Profile
March 20, 2013, 12:24:22 AM

So I have just read this link and it made me think: There are so many factors to consider to create a reasonably safe bitcoin client that there ought to be a flawed and exploitable client sooner or later.
So, has someone evaluated the security of the most used clients (Satoshi, Electrum, Armory, blockchain-info, ...) so it's safe to assume that the generated private keys are unguessable? I'm talking about weak RNGs, reused random numbers and the like. Unfortunately I know way to little about cryptography to do it myself.

Also it would be useful if someone with more grasp of the concept could create a checklist of possible vulnerabilities to avoid when coding a bitcoin client.

Hero Member
Offline Offline

Posts: 1524275925

View Profile Personal Message (Offline)

Reply with quote  #2

Report to moderator
Some PGP public keys you should import: theymos, Wladimir, Gregory, Pieter
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Offline Offline

Activity: 1022
Merit: 1002

View Profile
March 20, 2013, 07:43:36 PM

IIRC, BkkCoins (as well as many others) recently reviewed the whole Electrum source code before deciding
to use it.  I also go over the code from time to time.

I can't speak for the other clients, as I'm less familiar with them.

1111127SpvabYpoeDoiz5L7QPkfiSh2Q. Only donate if you have a reason to.
Mike Hearn
Offline Offline

Activity: 1526
Merit: 1000

View Profile
March 21, 2013, 12:29:24 PM

That post about weak signatures doesn't mention that the thing creating them was a test version of some hardware and they knew that the signatures were bad, but didn't care at that point in their development. Most wallets use regular crypto libraries that get random numbers from the OS.
Full Member
Offline Offline

Activity: 192
Merit: 100

View Profile WWW
March 22, 2013, 03:40:28 PM

If there are some experts too, i ll appreciate a review of BitPurse client code :


Pages: [1]
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!