Coinpunk - Enemy of the Banks

2,302 views

Published on

A sneak preview into Coinpunk, the first fully open-source HTML5/JavaScript Bitcoin Wallet Service.

Published in: Economy & Finance, Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,302
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
10
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Coinpunk - Enemy of the Banks

  1. 1. enemy of the banks COIN PUNK Obsoleting the banking industry with HTML5 and JavaScript Kyle Drake Tuesday, October 15, 13
  2. 2. What is Coinpunk? • First open-source Bitcoin web wallet service • Designed and intended for power users and developers • Funded by a grant from the Bitcoin Foundation (and others) Tuesday, October 15, 13
  3. 3. Coinpunk “Old School” Tuesday, October 15, 13
  4. 4. Coinpunk “Old School” • Ruby application • Bitcoind (official client) JSON RPC does all heavy lifting • Implemented in 4 days • Stored all private keys on server • Works. But there’s a Serious security risk. Tuesday, October 15, 13
  5. 5. Major Bitcoin Wallet Thefts • July 2011: Bitomat “loses” database. $220,000 USD • August 2011: MyBitcoin hacked. $800,000 • August 2012: Bitcoinica hacked. $460,000 • March 2012: Linode servers trawled. $250,000 • Sept 2012: BitFloor hacked. $250,000 • April 2013: InstaWallet hacked. $4.6 million Tuesday, October 15, 13
  6. 6. We’re starting to think putting the private keys on a central server is a really bad idea. I can’t imagine why. Tuesday, October 15, 13
  7. 7. But web interfaces are easy to use. They’re lightweight. They’re universal. They make sense to non-tech users. Tuesday, October 15, 13
  8. 8. How can we provide a web interface while reducing server trust? Tuesday, October 15, 13
  9. 9. The Problem “Bitcoin wallets” that store the private keys on the server are not wallets. They are Bitcoin accounts. Tuesday, October 15, 13
  10. 10. The Solution Move the wallet encryption over to the browser. Yes, really. No, seriously! Tuesday, October 15, 13
  11. 11. Fear, Uncertainty and Doubt “DOOMED”? REALLY? Tuesday, October 15, 13
  12. 12. Tuesday, October 15, 13
  13. 13. Counterpoint http://log.nadim.cc/?p=33 Tuesday, October 15, 13
  14. 14. Tuesday, October 15, 13
  15. 15. Coinpunk “New Wave” • HTML5/JS frontend • Node.js backend • Redis • Bitcoind Tuesday, October 15, 13
  16. 16. Coinpunk “New Wave” Browser generates Bitcoin private keys, encrypts them, sends encrypted payload to server for storage/backup. Tuesday, October 15, 13
  17. 17. Coinpunk “New Wave” Browser also creates all the transactions. The server (and therefore hackers) cannot spend the user’s money. Tuesday, October 15, 13
  18. 18. Progress Tuesday, October 15, 13
  19. 19. Browser Crypto Libraries • CryptoJS • Stanford JS Crypto Lib (SJCL) • BigInteger (JSBN) • BitcoinJS-lib • RandJS https://github.com/kyledrake/randjs Tuesday, October 15, 13
  20. 20. RandJS • Uses window.crypto.getRandomValues if exists, otherwise falls back • Allows you to decide whether you’re cool with that. Tuesday, October 15, 13
  21. 21. window.crypto.getRandomValues Tuesday, October 15, 13
  22. 22. Observations • It’s all kindof slow • SJCL PBKDF2 is (a lot) faster than CryptoJS • Can’t go above 4k-5k iterations • Limited pre-rolled authenticated encryption options (sjcl.encrypt) http://tonyarcieri.com/all-the-crypto-code-youve-ever-written-is-probably-broken Tuesday, October 15, 13
  23. 23. I’m not doing Bitcoin work. Why should I care? Tuesday, October 15, 13
  24. 24. Browser-side crypto will become a lot more commonplace. Tuesday, October 15, 13
  25. 25. JS crypto libraries will become secure, standardized and fast. Tuesday, October 15, 13
  26. 26. One-way hashing of the password on the browser will be considered “best practice”. Tuesday, October 15, 13
  27. 27. THANKS! Tuesday, October 15, 13

×