Bitcoin Forum
September 22, 2018, 02:41:04 AM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Has someone evaluated the security of the alternative clients?  (Read 1077 times)
Nick
Newbie
*
Offline Offline

Activity: 57
Merit: 0


View Profile
March 20, 2013, 12:24:22 AM
 #1

So I have just read this link and it made me think: There are so many factors to consider to create a reasonably safe bitcoin client that there ought to be a flawed and exploitable client sooner or later.
So, has someone evaluated the security of the most used clients (Satoshi, Electrum, Armory, blockchain-info, ...) so it's safe to assume that the generated private keys are unguessable? I'm talking about weak RNGs, reused random numbers and the like. Unfortunately I know way to little about cryptography to do it myself.

Also it would be useful if someone with more grasp of the concept could create a checklist of possible vulnerabilities to avoid when coding a bitcoin client.
1537584064
Hero Member
*
Offline Offline

Posts: 1537584064

View Profile Personal Message (Offline)

Ignore
1537584064
Reply with quote  #2

1537584064
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537584064
Hero Member
*
Offline Offline

Posts: 1537584064

View Profile Personal Message (Offline)

Ignore
1537584064
Reply with quote  #2

1537584064
Report to moderator
1537584064
Hero Member
*
Offline Offline

Posts: 1537584064

View Profile Personal Message (Offline)

Ignore
1537584064
Reply with quote  #2

1537584064
Report to moderator
1537584064
Hero Member
*
Offline Offline

Posts: 1537584064

View Profile Personal Message (Offline)

Ignore
1537584064
Reply with quote  #2

1537584064
Report to moderator
flatfly
Legendary
*
Offline Offline

Activity: 1022
Merit: 1002


View Profile
March 20, 2013, 07:43:36 PM
 #2

IIRC, BkkCoins (as well as many others) recently reviewed the whole Electrum source code before deciding
to use it.  I also go over the code from time to time.

I can't speak for the other clients, as I'm less familiar with them.

1111127SpvabYpoeDoiz5L7QPkfiSh2Q. Only donate if you have a reason to.
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1006


View Profile
March 21, 2013, 12:29:24 PM
 #3

That post about weak signatures doesn't mention that the thing creating them was a test version of some hardware and they knew that the signatures were bad, but didn't care at that point in their development. Most wallets use regular crypto libraries that get random numbers from the OS.
Khertan
Full Member
***
Offline Offline

Activity: 192
Merit: 100


View Profile WWW
March 22, 2013, 03:40:28 PM
 #4

If there are some experts too, i ll appreciate a review of BitPurse client code : http://github.com/khertan/BitPurse

Regards,

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!