back to article When SecureRandom()... isn't: JavaScript fingered for poking cash-spilling holes in Bitcoin wallets

Concerns about a flawed crypto library that could allow Bitcoin theft have been revived following a post to a Bitcoin mailing list last week. David Gerard, a UK-based Unix admin and blockchain technology watcher, raised concerns in a blog post on Thursday. "The popular JavaScript SecureRandom() library … isn’t securely random …

  1. Dan 55 Silver badge

    Anyone implementing a crypto library in JavaScript is building a castle in a swamp anyway. There's no way you can sign code and it's too easy to fiddle with functions and the DOM in the browser.

    1. fobobob

      If you build enough castles on top of each other in the swamp, eventually one will stand. After that, you can focus on, um.. tracts of land.

      1. kain preacher Silver badge

        If this is in Florida you will either eventually have a sink hole or a storm will blow down that castle.

      2. Adrian 4 Silver badge


        Some day, all this will be yours.

  2. Sorry that handle is already taken. Silver badge


    The entire cryptocurrency community really is the worst.

  3. Snowy

    Audit it all

    If your going to write "Secure" code it would be a good idea to Audit all the code that includes any others people's code you are using (and libraries) is also secure?

    1. Voyna i Mor Silver badge

      Re: Audit it all

      There's a little German poem that summarises some aspects of modern software development.

      Der Lattenzaun (The Slat Fence)

      Es war einmal ein Lattenzaun,

      mit Zwischenraum, hindurchzuschaun.

      Ein Architekt, der dieses sah,

      stand eines Abends plötzlich da -

      und nahm den Zwischenraum heraus

      und baute draus ein großes Haus.

      Der Zaun indessen stand ganz dumm,

      mit Latten ohne was herum,

      Ein Anblick gräßlich und gemein.

      Drum zog ihn der Senat auch ein.

      Der Architekt jedoch entfloh

      nach Afri- od- Ameriko.

      (Christian Morgenstern)

      The key part is about a fence made of posts with spaces in between. An architect who saw this came by suddenly one evening and took the spaces in between, and built a big house from them.

      An awful lot of the Internet is made up from the spaces in between the uprights, which means good luck with auditing all the code.

      At the end of the poem after the unfortunate consequences, the architect flies away to American (or Africa) leaving others to sort out the mess.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019