neutrinox (OP)
Full Member
Offline
Activity: 182
Merit: 100
1MCKW9AkWj3aopC1aPegcZEf2fYNrhUQVf
|
|
October 31, 2013, 05:35:10 PM |
|
Is there any good way to see if there has been any changes to the source code of Bitaddress.org in recent months/years?
You would think a website like that would be the ideal target for three letter agencies. For example, I notice they are loading external Javascript files from Googles servers.. Isn't external Javascript a very very bad thing to do on such a site? Basically it allows Google to insert whatever Javascript they want on the page, whenever they want...
Which brings me to my last question:
Is there a better, more simple way of generating paper wallets?
|
|
|
|
|
|
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, but full nodes are more resource-heavy, and they must do a lengthy initial syncing process. As a result, lightweight clients with somewhat less security are commonly used.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
flatfly
Legendary
Offline
Activity: 1078
Merit: 1016
760930
|
|
October 31, 2013, 05:54:51 PM |
|
You can take a look at NoBrainr (see signature!) and decide if you like it. It's only 20 lines of code and as transparent as it gets.
|
|
|
|
neutrinox (OP)
Full Member
Offline
Activity: 182
Merit: 100
1MCKW9AkWj3aopC1aPegcZEf2fYNrhUQVf
|
|
October 31, 2013, 05:56:46 PM |
|
Sounds good! I don't like then hundreds of lines I have to read at bitaddress. The more there is code --> the more there is potential danger.
|
|
|
|
greyhawk
|
|
October 31, 2013, 05:59:39 PM |
|
Your real name is Simon. You're a furry of the fox persuasion from Caracas Venezuela. You like listening to gothic rock / dark cabaret.
The three letter agencies are the least of your problem.
|
|
|
|
neutrinox (OP)
Full Member
Offline
Activity: 182
Merit: 100
1MCKW9AkWj3aopC1aPegcZEf2fYNrhUQVf
|
|
October 31, 2013, 06:04:21 PM |
|
Nice guess but each point was way off It's funny to face ridicule about such safety concerns especially in the post-Snowden world. It's also interesting to get Ad Hominems. What does it matter who I am if what I'm saying makes sense. So why don't you stick to the facts and try to defend the use of external javascript files?
|
|
|
|
Remember remember the 5th of November
Legendary
Offline
Activity: 1862
Merit: 1011
Reverse engineer from time to time
|
|
October 31, 2013, 06:08:56 PM |
|
Nice guess but each point was way off It's funny to face ridicule about such safety concerns especially in the post-Snowden world. It's also interesting to get Ad Hominems. What does it matter who I am if what I'm saying makes sense. So why don't you stick to the facts and try to defend the use of external javascript files? Yeah, it'd be worse if Rainden also released some disturbing information.
|
BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
|
|
|
neutrinox (OP)
Full Member
Offline
Activity: 182
Merit: 100
1MCKW9AkWj3aopC1aPegcZEf2fYNrhUQVf
|
|
October 31, 2013, 06:12:17 PM |
|
Yes, let's make a big joke about security. That's the way to go with Bitcoin.
The truth is, the code at bitaddress.org could be compromised at any moment and nobody would notice it.
Feel free to assume NSA/FBI/CIA would not resort to such low forms of attack. I'd rather not assume anything. Not after learning about the methods they are using to protect the "interests" of US gov.
|
|
|
|
Bitalo_Maciej
Member
Offline
Activity: 80
Merit: 10
Lead developer
|
|
October 31, 2013, 06:19:25 PM |
|
You can look at project's GitHub commit history. Git commits are guarded with SHA-256, so they can't be changed after a commit is made. For added security, you can use Git's diff functionality to actually see what changed between revisions.
|
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
October 31, 2013, 07:03:49 PM Last edit: October 31, 2013, 07:17:05 PM by Stephen Gornick |
|
For example, I notice they are loading external Javascript files from Googles servers.. Isn't external Javascript a very very bad thing to do on such a site?
I had been using http://www.changedetection.com to monitor the site and then manually verify and post an OK on the BitAddress forum thread. Sure, that's not foolproof since if the site were compromised and spits out a compromised page let's say for 1 out of 10 requests, the chances are very low I'ld know for some time (i.e., a 10% chance of detecting it, 90% chance the attacker would get away with it -- for at least one day.) Here are the steps I follow: - http://bitcoin.stackexchange.com/a/9115/153
|
|
|
|
|