README: add extra suggestions for best practice
This commit is contained in:
parent
b273deb265
commit
e514bc7364
1 changed files with 9 additions and 5 deletions
14
README.md
14
README.md
|
@ -55,14 +55,18 @@ Unfortunately, this isn't a silver bullet.
|
||||||
Often, Javascript itself is working against us by bypassing these counter-measures.
|
Often, Javascript itself is working against us by bypassing these counter-measures.
|
||||||
|
|
||||||
Problems in [`Buffer (UInt8Array)`](https://github.com/feross/buffer), for example, can trivially result in catastrophic fund loss without any warning.
|
Problems in [`Buffer (UInt8Array)`](https://github.com/feross/buffer), for example, can trivially result in catastrophic fund loss without any warning.
|
||||||
It can do this through undermining your random number generation, accidentally producing a duplicate `k` value, sending Bitcoin to a malformed output script, or any of a million different ways.
|
It can do this through undermining your random number generation, [accidentally producing a duplicate `k` value](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L14), sending Bitcoin to a malformed output script, or any of a million different ways.
|
||||||
Running tests in your target environment is important and a recommended step to verify continuously.
|
Running tests in your target environment is important and a recommended step to verify continuously.
|
||||||
|
|
||||||
Finally, **adhere to best practice**. We aren't an authorative source for best practice, but, at the very least:
|
Finally, **adhere to best practice**.
|
||||||
|
We are not an authorative source of best practice, but, at the very least:
|
||||||
|
|
||||||
* Don't re-use addresses. Privacy is important, but, .... TODO
|
* [Don't re-use addresses](https://en.bitcoin.it/wiki/Address_reuse).
|
||||||
* Don't share BIP32 extended public keys. They are a liability, and [as shown in our examples](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L68), it only takes 1 mistake until **catastrophic failure**.
|
* Don't share BIP32 extended public keys ('xpubs'). [They are a liability](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L68), and it only takes 1 misplaced private key (or a buggy implementation!) and you are vulnerable to **catastrophic fund loss**.
|
||||||
* TODO, anythign else of importance here?
|
* [Don't use `Math.random`](https://security.stackexchange.com/questions/181580/why-is-math-random-not-designed-to-be-cryptographically-secure) - in any way - don't.
|
||||||
|
* Enforce that users always verify (manually) a freshly-decoded human-readable version of their intended transaction before broadcast.
|
||||||
|
* Don't *ask* users to generate mnemonics, or 'brain wallets', humans are terrible random number generators.
|
||||||
|
* Lastly, if you can, use [Typescript](https://www.typescriptlang.org/) or similar.
|
||||||
|
|
||||||
|
|
||||||
### Browser
|
### Browser
|
||||||
|
|
Loading…
Reference in a new issue