Bitcoin Forum
November 20, 2018, 04:44:34 PM *
News: Latest Bitcoin Core release: 0.17.0 [Torrent].
   Home   Help Search Login Register More  
Pages: [1]
Author Topic: paper backup stores private key unencrypted in browser cache  (Read 4478 times)
Offline Offline

Activity: 1
Merit: 0

View Profile
March 01, 2014, 10:52:49 AM

Problem outline:
- Paper wallet backups generate a pdf which is saved unencrypted in the browsers cache.
  In Chrome for example a search of the browsers history using 'data:application/pdf' will show the cached paper backups with the private keys in plain view.
- Storing unencrypted private keys in the browsers cache leaves the wallets vulnerable to malware attacks.

Suggested actions for users:
- If you have generated a paper backup clear your browser cache. For additional security create a new wallet and transfer coins to it.
  If using for the new wallet, do not create a paper backup.

Suggested solution for
- Generate paper wallet backups in html and do not save in the browsers cache.

Additional problems:
- The email address of listed on the website does not work. There appears to be no dedicated security contact point.
- I have received numerous email backups automatically without user request.
Pages: [1]
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!