Javascript cryptography

From Bitcoin Wiki
Revision as of 19:06, 20 November 2018 by Belcher (talk | contribs) (Added extra note about untested)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Javascript cryptography is when cryptographic software, especially bitcoin software, is written in javascript.

Javascript is not a suitable language for this. Such software is best avoided.

Explanation

Please don't use any javascript address generator for anything that matters.

The common libraries they have used have had a long and worrying series of mathematical flaws that cause them to occasionally generate addresses that do not match the private keys, and were completely without the sorts of test that would have detected these mistakes. Even if the errors are all fixed now, it's very easy for a webpage generator to be using an old version without anyone really noticing.

This is even before you get into the fact of how easy it is for sites to quietly substitute different JS, or the fact that HTTPS provides virtually no protection against attackers with a network position close to the server (because you can get a cert for any domain you can answer HTTP requests for...). [1]

Generally the code out there uses almost completely untested ECC code which would sometimes generate the wrong pubkeys, as well as being insecure non-constant time implementation subject to surveillance from other javascript tabs.

SF Bitcoin Devs Seminar talk

Greg Maxwell discusses javascript cryptography. (watch time: 3 min 6 sec)

https://www.youtube.com/watch?v=TYQ-3VvNCHE&t=3071

See Also

References