Bitcoin Forum
December 02, 2016, 08:17:20 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: [VIDEO] BitcoinJS talk at ISSS/Webtuesday  (Read 623 times)
Stefan Thomas
Full Member
***
Offline Offline

Activity: 235


AKA: Justmoon


View Profile WWW
August 30, 2011, 05:18:53 PM
 #1

A lot of people complained about the video/audio quality for my NY Bitcoin Conference talk, so I thought I'd post... another talk in horrible audio quality. Cheesy

http://www.youtube.com/watch?v=JkOdWY4ILGI

This was given before the Bitcoin Conference and is basically a longer version of the talk that I gave in New York. There is a bit of everything, from very basic Q&A about Bitcoin itself to some pretty advanced tips about developing servers with Node.js. The audience were mostly web developers and people were asking questions at several points throughout the talk.

To be completely honest, given the audio and the length, it's probably not going to be for everybody. I'd only recommend this if you're a card-carrying Node.js fan. Smiley

Twitter: @justmoon
PGP: D16E 7B04 42B9 F02E 0660  C094 C947 3700 A4B0 8BF3
1480709840
Hero Member
*
Offline Offline

Posts: 1480709840

View Profile Personal Message (Offline)

Ignore
1480709840
Reply with quote  #2

1480709840
Report to moderator
1480709840
Hero Member
*
Offline Offline

Posts: 1480709840

View Profile Personal Message (Offline)

Ignore
1480709840
Reply with quote  #2

1480709840
Report to moderator
1480709840
Hero Member
*
Offline Offline

Posts: 1480709840

View Profile Personal Message (Offline)

Ignore
1480709840
Reply with quote  #2

1480709840
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480709840
Hero Member
*
Offline Offline

Posts: 1480709840

View Profile Personal Message (Offline)

Ignore
1480709840
Reply with quote  #2

1480709840
Report to moderator
Piper67
Legendary
*
Offline Offline

Activity: 1008



View Profile
August 30, 2011, 05:21:33 PM
 #2

Hi Stefan:

I mentioned you on another thread, and one of the forum members posted this http://www.matasano.com/articles/javascript-cryptography/

It was done without a hint of malice, unlike so many other things on these forums, so I am genuinely interested in knowing whether you have examined it or can comment on it.

For the record, the reason he posted it is because on the other thread I mentioned how your work was one of the best things about to come out for Bitcoin.

Cheers,
Stefan Thomas
Full Member
***
Offline Offline

Activity: 235


AKA: Justmoon


View Profile WWW
August 30, 2011, 06:32:43 PM
 #3

I mentioned you on another thread, and one of the forum members posted this http://www.matasano.com/articles/javascript-cryptography/

The main point of the article is that if the server sent you the JavaScript, you're already trusting the server, so you might as well do the crypto stuff server side and use SSL for transmission.

Browser-based crypto is by no means our end goal, but rather a stepping stone. Here are some of the things I am working on or predicting:

Downloadable bundles. There is no reason you can't take the HTML/JS from bitcoinjs-gui, package it up as an AIR or xulrunner app and have people download and install it. It would then have the same properties as regular Bitcoin with respect to software delivery.

Software security device. If you have more than a few bitcents you can install a piece of software that moves your keys and the crypto outside of the browser. If you initiate a transaction within Webcoin or another client, the locally installed software will pop up a window showing the details of the transaction pending your final confirmation.

Building a dedicated software security device will also pave the way for:

Hardware security device. For even larger amounts no measure of software security will be sufficient. A hardware device with a display and internal signing would definitely by a major step forward.

Split key signing. Half your key is on your device, the other half is at a wallet hosting service. The service could offer any kind of verification you want: Yubikey, SMS, phone call, whatever. You'd probably set a daily limit. Under the limit you don't need any special verification. Note that you could have both keys as physical backups, so you wouldn't be dependent on the hosting service if they decide to randomly disappear one day.

Also I want to point out that the only part of BitcoinJS that this criticism affects at all is Webcoin. I know some folks are working on various native clients that use our server APIs, but could be implemented in Java, Objective-C, C#, etc.

Twitter: @justmoon
PGP: D16E 7B04 42B9 F02E 0660  C094 C947 3700 A4B0 8BF3
Piper67
Legendary
*
Offline Offline

Activity: 1008



View Profile
August 30, 2011, 06:42:18 PM
 #4

I mentioned you on another thread, and one of the forum members posted this http://www.matasano.com/articles/javascript-cryptography/

The main point of the article is that if the server sent you the JavaScript, you're already trusting the server, so you might as well do the crypto stuff server side and use SSL for transmission.

Browser-based crypto is by no means our end goal, but rather a stepping stone. Here are some of the things I am working on or predicting:

Downloadable bundles. There is no reason you can't take the HTML/JS from bitcoinjs-gui, package it up as an AIR or xulrunner app and have people download and install it. It would then have the same properties as regular Bitcoin with respect to software delivery.

Software security device. If you have more than a few bitcents you can install a piece of software that moves your keys and the crypto outside of the browser. If you initiate a transaction within Webcoin or another client, the locally installed software will pop up a window showing the details of the transaction pending your final confirmation.

Building a dedicated software security device will also pave the way for:

Hardware security device. For even larger amounts no measure of software security will be sufficient. A hardware device with a display and internal signing would definitely by a major step forward.

Split key signing. Half your key is on your device, the other half is at a wallet hosting service. The service could offer any kind of verification you want: Yubikey, SMS, phone call, whatever. You'd probably set a daily limit. Under the limit you don't need any special verification. Note that you could have both keys as physical backups, so you wouldn't be dependent on the hosting service if they decide to randomly disappear one day.

Also I want to point out that the only part of BitcoinJS that this criticism affects at all is Webcoin. I know some folks are working on various native clients that use our server APIs, but could be implemented in Java, Objective-C, C#, etc.

Thanks! I will forward this response to the forum member who first brought it to my attention.

Cheers,
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!