Hacker News new | past | comments | ask | show | jobs | submit login

I hate dinging hobby projects, but then it's Bitcoin and people seem to be actually trusting hobby projects with non-trivial fractions of their (extremely notional) net worth, so I'll just point out that transferring a public/private key pair which allows people to spend money together over HTTP is not a security best practice.



>I hate dinging hobby projects

I don't think you should feel even a hint of remorse, crypto and money are both very serious things. A project with crypto and money at its center is in my mind basically exempt from any margin for error normally associated with a hobby project.


This appears to generate the wallet in your browser, so the key is never sent over HTTP.

That said, I still have difficulty trusting hobby crypto.


That's true, but the code that generates the wallet is still sent over HTTP, so there is an opportunity for an attacker to insert malicious code. It would be a lot better if this was served over HTTPS, but then you still need to trust the author.


You can still download the code (as ZIP archive from github) and run it locally.


You're back! Good to have you here again.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: