The security fail blockchain won’t tell you about

The model is usually presented as the best available to store money easily. It’s nicely summed-up in its description:

The amazing part is the encryption is all done within your browser, before it is saved on our servers, so not even we have access to your account!

Which is a bit misleading: if the wallet code is served dynamically, it can also be dynamically and selectively changed in order to leak keys.[1]

It goes further when one realizes that uses the DDoS-mitigation service of CloudFlare. It is a trade-off, in exchange for protection, you have to give up a great deal of security.[2]

Because it has to terminate the TLS tunnel, CloudFlare gets to see and alter all the traffic flowing both ways.

That can not only be used to alter the data on-the-fly, but more importantly to sniff signed transactions and AES-encrypted wallet blobs.

In other words, CloudFlare can, without ever being detected:

  • know which wallets are fat and ripe, and apply offline brute-force key cracking techniques on their specific AES blobs[3],
  • de-anonymize Bitcoin addresses by mapping them to the IPs from which signed transactions originate.

It’s ok though, the NSA doesn’t care.


[1] The way this is usually dismissed is by arguing that clients can run a client-side code verifier, which is theoretically true.

[2] See: The CloudFlare MITM

[3] Think your password is strong? Think again.

3 thoughts on “The security fail blockchain won’t tell you about

  1. pankkake

    You can indeed have their client-side code verifier, but if ONCE you don’t use it, you can get screwed.

    There are more secure models like Electrum if you do not want the blockchain.

    1. David FRANCOIS Post author

      You also need to make sure that their verifier does not validate the code against a CF-shielded source.

  2. Pingback: Why It’s Over For Litecoin | When Bitcoin Met Pete

Leave a Reply

Your email address will not be published. Required fields are marked *