Post on 17-Aug-2014
description
enemy of the banks
COIN PUNK
Kyle Drake
Obsoleting the banking industry with HTML5 and JavaScript
Tuesday, October 15, 13
What is Coinpunk?• First open-source Bitcoin web wallet
service
• Designed and intended for power users and developers
• Funded by a grant from the Bitcoin Foundation (and others)
Tuesday, October 15, 13
Coinpunk “Old School”
Tuesday, October 15, 13
• Ruby application
• Bitcoind (official client) JSON RPC does all heavy lifting
• Implemented in 4 days
• Stored all private keys on server
• Works. But there’s a Serious security risk.
Coinpunk “Old School”
Tuesday, October 15, 13
• July 2011: Bitomat “loses” database. $220,000 USD
• August 2011: MyBitcoin hacked. $800,000
• August 2012: Bitcoinica hacked. $460,000
• March 2012: Linode servers trawled. $250,000
• Sept 2012: BitFloor hacked. $250,000
• April 2013: InstaWallet hacked. $4.6 million
Major Bitcoin Wallet Thefts
Tuesday, October 15, 13
We’re starting to think putting the private keys on a central server is a really bad idea. I can’t imagine why.
Tuesday, October 15, 13
But web interfaces are easy to use. They’re lightweight. They’re universal. They make sense to non-tech users.
Tuesday, October 15, 13
How can we provide a web interface while reducing server trust?
Tuesday, October 15, 13
“Bitcoin wallets” that store the private keys on the server are not wallets.
They are Bitcoin accounts.
The Problem
Tuesday, October 15, 13
The Solution
Move the wallet encryption over to the browser.Yes, really.No, seriously!
Tuesday, October 15, 13
Fear, Uncertainty and Doubt
“DOOMED”? REALLY?Tuesday, October 15, 13
Tuesday, October 15, 13
Counterpoint
http://log.nadim.cc/?p=33Tuesday, October 15, 13
Tuesday, October 15, 13
Coinpunk “New Wave”
• HTML5/JS frontend• Node.js backend• Redis• Bitcoind
Tuesday, October 15, 13
Coinpunk “New Wave”
Browser generates Bitcoin private keys, encrypts them, sends encrypted payload to server for storage/backup.
Tuesday, October 15, 13
Coinpunk “New Wave”
Browser also creates all the transactions. The server (and therefore hackers) cannot spend the user’s money.
Tuesday, October 15, 13
Progress
Tuesday, October 15, 13
Browser Crypto Libraries• CryptoJS
• Stanford JS Crypto Lib (SJCL)
• BigInteger (JSBN)
• BitcoinJS-lib
• RandJS
https://github.com/kyledrake/randjs
Tuesday, October 15, 13
RandJS• Uses
window.crypto.getRandomValues if exists, otherwise falls back
• Allows you to decide whether you’re cool with that.
Tuesday, October 15, 13
window.crypto.getRandomValues
Tuesday, October 15, 13
Observations• It’s all kindof slow
• SJCL PBKDF2 is (a lot) faster than CryptoJS
• Can’t go above 4k-5k iterations
• Limited pre-rolled authenticated encryption options (sjcl.encrypt)
http://tonyarcieri.com/all-the-crypto-code-youve-ever-written-is-probably-broken
Tuesday, October 15, 13
I’m not doing Bitcoin work.Why should I care?
Tuesday, October 15, 13
Browser-side crypto will become a lot more commonplace.
Tuesday, October 15, 13
JS crypto libraries will become secure, standardized and fast.
Tuesday, October 15, 13
One-way hashing of the password on the browser will be considered “best practice”.
Tuesday, October 15, 13