From d4ab05badabb6b874f84b599b6fca0db3ee66608 Mon Sep 17 00:00:00 2001 From: Jonathan Underwood Date: Thu, 16 Dec 2021 02:04:16 +0900 Subject: [PATCH 1/4] Use CSPRNG for private keys --- js/coin.js | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/js/coin.js b/js/coin.js index 84a1149..c3ce337 100644 --- a/js/coin.js +++ b/js/coin.js @@ -42,9 +42,24 @@ }; } + /* generate crypto secure random numbers (should exist on most browsers) */ + coinjs.randomBytesSafe = function(count){ + var cry = window.crypto || window.msCrypto; + if (!cry) return ''; + var buf = new Uint8Array(count); + cry.getRandomValues(buf); + var s = ''; + for (var i = 0; i < buf.length; i++) { + var h = buf[i].toString(16); + s += h.length === 1 ? '0' + h : h; + } + return s; + } + /* generate a new random private key */ coinjs.newPrivkey = function(){ var x = window.location; + x += coinjs.randomBytesSafe(32); x += (window.screen.height * window.screen.width * window.screen.colorDepth); x += coinjs.random(64); x += (window.screen.availHeight * window.screen.availWidth * window.screen.pixelDepth); From f20a32101badd2a935506374518420f2b117a039 Mon Sep 17 00:00:00 2001 From: Jonathan Underwood Date: Thu, 16 Dec 2021 02:08:57 +0900 Subject: [PATCH 2/4] Use existing helper for toHex --- js/coin.js | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/js/coin.js b/js/coin.js index c3ce337..a909a90 100644 --- a/js/coin.js +++ b/js/coin.js @@ -48,12 +48,7 @@ if (!cry) return ''; var buf = new Uint8Array(count); cry.getRandomValues(buf); - var s = ''; - for (var i = 0; i < buf.length; i++) { - var h = buf[i].toString(16); - s += h.length === 1 ? '0' + h : h; - } - return s; + return Crypto.util.bytesToHex(buf); } /* generate a new random private key */ From 9bac24f1773097fba282668bad4d13a951f787b6 Mon Sep 17 00:00:00 2001 From: Jonathan Underwood Date: Fri, 17 Dec 2021 08:42:37 +0900 Subject: [PATCH 3/4] Show warning message if web crypto is not available --- index.html | 1 + js/coin.js | 10 +++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/index.html b/index.html index a5c5fa4..79e74f1 100644 --- a/index.html +++ b/index.html @@ -90,6 +90,7 @@
+
diff --git a/js/coin.js b/js/coin.js index a909a90..1bf16e4 100644 --- a/js/coin.js +++ b/js/coin.js @@ -45,7 +45,15 @@ /* generate crypto secure random numbers (should exist on most browsers) */ coinjs.randomBytesSafe = function(count){ var cry = window.crypto || window.msCrypto; - if (!cry) return ''; + if (!cry) { + /* Display warning message for 30 seconds */ + $("#cryptoRandomStatus").removeClass("hidden"); + setTimeout(function(){ + $("#cryptoRandomStatus").addClass("hidden"); + }, 30000); + + return ''; + } var buf = new Uint8Array(count); cry.getRandomValues(buf); return Crypto.util.bytesToHex(buf); From 308c0d5470b4baa1696c8f25d012a9a58344c908 Mon Sep 17 00:00:00 2001 From: Jonathan Underwood Date: Fri, 17 Dec 2021 08:48:36 +0900 Subject: [PATCH 4/4] Don't use JQuery in coin.js --- js/coin.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/js/coin.js b/js/coin.js index 1bf16e4..db2272b 100644 --- a/js/coin.js +++ b/js/coin.js @@ -47,9 +47,9 @@ var cry = window.crypto || window.msCrypto; if (!cry) { /* Display warning message for 30 seconds */ - $("#cryptoRandomStatus").removeClass("hidden"); + document.getElementById('cryptoRandomStatus').classList.remove("hidden"); setTimeout(function(){ - $("#cryptoRandomStatus").addClass("hidden"); + document.getElementById('cryptoRandomStatus').classList.add("hidden"); }, 30000); return '';