Bitcoin Forum
August 21, 2017, 03:06:30 AM *
News: Latest stable version of Bitcoin Core: 0.14.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: PSA:Blockchain.info paper backup stores private key unencrypted in browser cache  (Read 4395 times)
rowanf
Newbie
*
Offline Offline

Activity: 1


View Profile
March 01, 2014, 10:52:49 AM
 #1

Problem outline:
- Paper wallet backups generate a pdf which is saved unencrypted in the browsers cache.
  In Chrome for example a search of the browsers history using 'data:application/pdf' will show the cached paper backups with the private keys in plain view.
- Storing unencrypted private keys in the browsers cache leaves the wallets vulnerable to malware attacks.

Suggested actions for users:
- If you have generated a paper backup clear your browser cache. For additional security create a new wallet and transfer coins to it.
  If using blockchain.info for the new wallet, do not create a paper backup.

Suggested solution for blockchain.info:
- Generate paper wallet backups in html and do not save in the browsers cache.


Additional problems:
- The email address of security@blockchain.info listed on the blockchain.info website does not work. There appears to be no dedicated security contact point.
- I have received numerous email backups automatically without user request.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!