back to article When SecureRandom()... isn't: JavaScript fingered for poking cash-spilling holes in Bitcoin wallets

Concerns about a flawed crypto library that could allow Bitcoin theft have been revived following a post to a Bitcoin mailing list last week. David Gerard, a UK-based Unix admin and blockchain technology watcher, raised concerns in a blog post on Thursday. "The popular JavaScript SecureRandom() library … isn’t securely random …

Silver badge

Anyone implementing a crypto library in JavaScript is building a castle in a swamp anyway. There's no way you can sign code and it's too easy to fiddle with functions and the DOM in the browser.

13
0
Bronze badge

If you build enough castles on top of each other in the swamp, eventually one will stand. After that, you can focus on, um.. tracts of land.

2
1
Silver badge

If this is in Florida you will either eventually have a sink hole or a storm will blow down that castle.

2
0
Silver badge

@fobobob

Some day, all this will be yours.

0
0
Silver badge

lol

The entire cryptocurrency community really is the worst.

2
1
Facepalm

Audit it all

If your going to write "Secure" code it would be a good idea to Audit all the code that includes any others people's code you are using (and libraries) is also secure?

0
0
Silver badge

Re: Audit it all

There's a little German poem that summarises some aspects of modern software development.

Der Lattenzaun (The Slat Fence)

Es war einmal ein Lattenzaun,

mit Zwischenraum, hindurchzuschaun.

Ein Architekt, der dieses sah,

stand eines Abends plötzlich da -

und nahm den Zwischenraum heraus

und baute draus ein großes Haus.

Der Zaun indessen stand ganz dumm,

mit Latten ohne was herum,

Ein Anblick gräßlich und gemein.

Drum zog ihn der Senat auch ein.

Der Architekt jedoch entfloh

nach Afri- od- Ameriko.

(Christian Morgenstern)

The key part is about a fence made of posts with spaces in between. An architect who saw this came by suddenly one evening and took the spaces in between, and built a big house from them.

An awful lot of the Internet is made up from the spaces in between the uprights, which means good luck with auditing all the code.

At the end of the poem after the unfortunate consequences, the architect flies away to American (or Africa) leaving others to sort out the mess.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018