Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Wallet software
Merits 2 from 1 user
Re: Online Wallet: Sendbit
by
sendbit.io
on 09/05/2020, 13:50:24 UTC
⭐ Merited by cryptoworld99 (2)
Hi

I am the admin of sendbit we are independent blochain based crypto wallet with high security API. im here to clarify regarding password hashing upon form registration. Client side hasing can be enabled using java script as many members do not have java script enabled in there browser so therefore we go back to stage one and this is why i have created a secoundry pin 2FA and upcoming sms login. Now its upto users to secure there laptop/PC fron hackers and update in the sendbit security centre with 2FA pin activation and master key.

Client-side hasing is rare becuase we use SSL instead


So, the problem with client side hashing is that it effectively makes the result of the hash the password rather than the password. There is nothing to stop an attacker from bypassing the official client and simply sending the finished hash to the server directly. It provides no additional (or loss) of security during the authentication, but under the situation that hashing is designed to protect against, it offers nothing since the hash stored in the DB is actually the shared secret transmitted to the server.

Many browsers includes better real-time phishing protection. ... in the sync settings in Chrome..The biggest addition is that Chrome will now warn you when your password has been stolen as part of a data breach.


Now lets get abit deeper have you heard about bitpay they had a java script vulnerabilities in 2018 alot of private keys where stolen. As you must be aware they use copay thirdparty wallet.  https://cyware.com/news/a-bug-in-the-copay-and-bitpay-apps-enables-a-hacker-to-steal-bitcoins-cdf92aba

I do not want to go into to much conclusions.

https://sitecheck.sucuri.net/results/https/sendbit.io

List of tests performed (10/10)
 Fingerprinting the server software and technology...
 Checking for vulnerabilities of server-side software...
 Analyzing the security of HTTP cookies...
 Analyzing HTTP security headers...
 Checking for secure communication...
 Checking robots.txt file...
 Checking client access policies...
 Checking for directory listing (quick scan)...
 Checking for password auto-complete (quick scan)...
 Checking for clear-text submission of passwords (quick scan)...

Another thing i must raise if location login has changed our system will detect and alert useremail. . . We are continously working on sendbit and improving sendbit.


Any other suggestions /bugs welcome to our support email on support[at]sendbit.io . We offer attractive bounties for any critical bugs found.



Regards
Senbit.io