Closed brighton36 closed 8 years ago
ghost
commented
8 years ago I brought up the same point when in fact this DID happen, when chat wasn't adequately secured against XSS and mXSS and someone created a javascript patch to drain accounts.
I talked to some known HW developers in the space and they were definitely interested.
Therefore, ACK.
unsystemizer
commented
8 years ago @goodtaster I think Chris is talking about the possibility to replace CW code on the server and logs passphrase keystrokes. I don't know if that could have been done through the chat script (since it was removed, I can't make a good guess).
Since 2nd half of last year all CW files are checksummed, and one could verify them to compare (assuming the attacker doesn't have highest permissions, but just controls the xcpd account), which is not a bad tool for simple checkups. But at the moment there's no solution in case the server gets owned.
brighton36
commented
8 years ago @unsystemizer - I'm pretty sure goodtaster gets it. But I think you do as well. Put most simply: Storing private keys on a desktop computer is dangerous, and these hardware wallets will give our users the ability to completely remove all of these threats.
As for the checksum - that's great, but users still have to trust server operators. Another threat might come from malware installed on their local Windows desktop.
It would be nice to tell users that they don't have any risk whatsoever when determining whether to use the official counterwallet servers, coindaddy's servers, or even (pick any boogeyman here) MtGox's counterwallet servers.
robby-d
commented
8 years ago trezor, ledger etc support is welcome, especially if someone can submit a PR. in the meantime, we do have armory support for offline asset storage. closing this ticket in favor of tickets for specific hardware devices (e.g. #2)
One thing that's always bothered me about counterwallet, is that a trivial javascript patch could conceivably be loaded on a counterwallet server, that would capture and report keys to an attacker
It hasn't happened yet, but someday it will. I believe the best solution to this problem will inevitably involve querying a hardware wallet through javascript, and delegating all signing operations (along with public key enumeration) to that device.
I don't believe there's currently any kind of javascript HAL library to manage these devices for a web app, but I do believe we could get support from one or more manufacturers for something like that, if we were interested. It may be incumbent on us to stub that library out for them to implement.
Thoughts?