Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Service Announcements
Re: Check out my awesome site for generating secure OfflineAddress.com
by
mikewoods
on 20/01/2014, 19:37:05 UTC
Quote from: canton on January 20, 2014, 04:46:30 PM

Can I persuade you to change your recommendation to downloading a ZIP file from github and validating the hash? And actively *discourage* visitors from trusting HTML loaded from a live website? Yours is the only paper wallet site recommending this approach, and I can't figure out why.

There's no reason for a visitor to believe that they derive much additional security from disconnecting from the Internet after loading the offlineaddress.com code live. As you well understand, if the RNG is compromised in the HTML they receive, it doesn't matter whether or not the visitor is still online when they generate wallets.

Your recommendation seems doubly problematic when:

1) You don't force HTTPS on your server.

2) You don't provide a mechanism for a visitor to validate the integrity of the HTML they're receiving from your website against some signed codebase of your own.

In short, you're advocating blind faith in the security of your web server. The only argument I've heard you make in support of this is that it's unrealistic to expect visitors to download a ZIP file from github and run the HTML locally. I'm really alarmed by this. I like your concern about RNGs, but I'm wary of your lack of concern about website security. You've got a nice site, good software, and strong promotion -- but you're advocating a standard of security that's much more relaxed than anyone else doing this. Why is this?

I appreciate your concerns.

Recommendation for downloading zip from GitHub will be added once code base isn't growing too fast.  Cool

If RNG is compromised users will still be secure because all random date is user-provided.

Instructing users to primary check hashes is not appealing to broad audience (you know how hard it is to check hashes or signatures on Windows machines  Shocked).
Discouraging users from using loaded HTML doesn't make sense to me - there is no purpose in having website saying you shouldn't use it.

1) I'm working on this, HTTPS will be added within a week or so.

2) I provide GitHub commit ID, and hashes will be added soon.

In short: yes, there are few things that should be added (like HTTPS and hash validation), and I'm working on it.
I'm concerned about both web security and RNGs.  Grin