Idea to increase security of online wallets like Blockchain.info

[glitch003]

So the biggest security threat to the blockchain.info wallet, IMO, is someone somehow injecting javascript that snatches your account password. 

Should we create a way to tell if the code has been changed or been compromised?  It could be as simple as a site called blockchaininfocheck.com, and it would simply download the blockchain.info site to your browser and do an MD5 hash on the relevant javascript that handles the online wallet functionality.  It would then compare the generated MD5 to an MD5 of a known good copy of the blockchain site.  If the MD5's match, it could tell you and forward you to blockchain.info since it has been deemed safe.

This could also be developed as a browser extension/plugin.

In this way, an attacker would need to compromise the blockchain.info site AND the 3rd-party blockchaininfocheck.com site.

Does something like this already exist? 

Discuss.

[1713875681]

1713875681

[1713875681]

1713875681

[1713875681]

1713875681

[1713875681]

1713875681

[Shermo]

Like this?

https://chrome.google.com/webstore/detail/my-wallet-verifier/kcapglakfcodkajgllmkiddclghogkic

[twolifeinexile]

So the biggest security threat to the blockchain.info wallet, IMO, is someone somehow injecting javascript that snatches your account password. 

Should we create a way to tell if the code has been changed or been compromised?  It could be as simple as a site called blockchaininfocheck.com, and it would simply download the blockchain.info site to your browser and do an MD5 hash on the relevant javascript that handles the online wallet functionality.  It would then compare the generated MD5 to an MD5 of a known good copy of the blockchain site.  If the MD5's match, it could tell you and forward you to blockchain.info since it has been deemed safe.

This could also be developed as a browser extension/plugin.

In this way, an attacker would need to compromise the blockchain.info site AND the 3rd-party blockchaininfocheck.com site.

Does something like this already exist? 

Discuss.

Totally concur, we desperately need something like this.

[piuk]

It could be as simple as a site called blockchaininfocheck.com, and it would simply download the blockchain.info site to your browser and do an MD5 hash on the relevant javascript that handles the online wallet functionality. 

We have internal monitoring that does this, perhaps it would be good to show it publicly as well. The browser extension Shermo links also does a similar thing however the HTML markup itself also need sanitising which is more difficult.

A more full proof solution is : https://blockchain.info/wallet/browser-extension

[glitch003]

It could be as simple as a site called blockchaininfocheck.com, and it would simply download the blockchain.info site to your browser and do an MD5 hash on the relevant javascript that handles the online wallet functionality. 

We have internal monitoring that does this, perhaps it would be good to show it publicly as well. The browser extension Shermo links also does a similar thing however the HTML markup itself also need sanitising which is more difficult.

A more full proof solution is : https://blockchain.info/wallet/browser-extension

This is awesome, thanks!