Javascript cryptography

From Bitcoin Wiki
Revision as of 20:15, 24 October 2018 by Belcher (talk | contribs) (Create page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Javascript cryptography is when cryptographic software, especially bitcoin software, is written in javascript.

Javascript is not a suitable language for this. Such software is best avoided.


Please don't use any javascript address generator for anything that matters.

The common libraries they have used have had a long and worrying series of mathematical flaws that cause them to occasionally generate addresses that do not match the private keys, and were completely without the sorts of test that would have detected these mistakes. Even if the errors are all fixed now, it's very easy for a webpage generator to be using an old version without anyone really noticing.

This is even before you get into the fact of how easy it is for sites to quietly substitute different JS, or the fact that HTTPS provides virtually no protection against attackers with a network position close to the server (because you can get a cert for any domain you can answer HTTP requests for...). [1]

See Also