Bitadress.org safety concerns

[neutrinox]

Is there any good way to see if there has been any changes to the source code of Bitaddress.org in recent months/years?

You would think a website like that would be the ideal target for three letter agencies. For example, I notice they are loading external Javascript files from Googles servers.. Isn't external Javascript a very very bad thing to do on such a site? Basically it allows Google to insert whatever Javascript they want on the page, whenever they want...

Which brings me to my last question:

Is there a better, more simple way of generating paper wallets?

[1715192771]

1715192771

[flatfly]

You can take a look at NoBrainr (see signature!) and decide if you like it. It's only 20 lines of code and as transparent as it gets.

[neutrinox]

Sounds good! I don't like then hundreds of lines I have to read at bitaddress. The more there is code --> the more there is potential danger.

[greyhawk]

Your real name is Simon. You're a furry of the fox persuasion from Caracas Venezuela. You like listening to gothic rock / dark cabaret.

The three letter agencies are the least of your problem.

[neutrinox]

Nice guess but each point was way off

It's funny to face ridicule about such safety concerns especially in the post-Snowden world.

It's also interesting to get Ad Hominems. What does it matter who I am if what I'm saying makes sense. So why don't you stick to the facts and try to defend the use of external javascript files?

[Remember remember the 5th of November]

Nice guess but each point was way off

It's funny to face ridicule about such safety concerns especially in the post-Snowden world.

It's also interesting to get Ad Hominems. What does it matter who I am if what I'm saying makes sense. So why don't you stick to the facts and try to defend the use of external javascript files?

Yeah, it'd be worse if Rainden also released some disturbing information.

[neutrinox]

Yes, let's make a big joke about security. That's the way to go with Bitcoin.

The truth is, the code at bitaddress.org could be compromised at any moment and nobody would notice it.

Feel free to assume NSA/FBI/CIA would not resort to such low forms of attack. I'd rather not assume anything. Not after learning about the methods they are using to protect the "interests" of US gov.

[Bitalo_Maciej]

You can look at project's GitHub commit history. Git commits are guarded with SHA-256, so they can't be changed after a commit is made. For added security, you can use Git's diff functionality to actually see what changed between revisions.

[Stephen Gornick]

For example, I notice they are loading external Javascript files from Googles servers.. Isn't external Javascript a very very bad thing to do on such a site?

I had been using http://www.changedetection.com to monitor the site and then manually verify and post an OK on the BitAddress forum thread.   Sure, that's not foolproof since if the site were compromised and spits out a compromised page let's say for 1 out of 10 requests, the chances are very low I'ld know for some time (i.e., a 10% chance of detecting it, 90% chance the attacker would get away with it -- for at least one day.)

Here are the steps I follow:
 - http://bitcoin.stackexchange.com/a/9115/153