Since its invention, a recurring question for cryptocurrency holders has been how to best secure their digital assets. This question of security carries the greatest weight when one understands the stakes of holding unprotected cryptocurrency — vulnerability to hackers.
Since 2011, software developers have kept this problem at the back of their minds. One such innovator, Peter Kroll, recently joined Rob Mitchell on Episode #56 of The Bitcoin Game to discuss the background of his ventures and the technical details of his most lauded project in cryptocurrency security.
BitAddress and the Paper Wallet
Kroll’s primary contribution to the field of cryptocurrency-based security has been his invention of the first paper wallet at Bitaddress.org. Having launched the original website anonymously in 2011, he was able to hone a system of security that addresses several of the most prominent flaws of cryptocurrency security.
Kroll’s website solves several core problems in a remarkably elegant way. To begin with, the HTML code for the website itself does not need an internet connection to execute after its page has been loaded. This means someone can perform the entire process of generating a new wallet without being vulnerable to a cyberattack across the internet.
The program then adds a human-component circumvention, asking users to move their computer mice in erratic patterns, to eliminate the problem that coded systems are unable to generate truly random numbers. Using intervals decided by pseudorandom numbers and other factors, the program captures the exact pixel that the mouse cursor was on at any given moment and uses the number of this pixel to generate the hash for a bitcoin wallet.
Kroll explained that this strategy has been useful since the early days. For many browsers, he explained, “there wasn’t a secure random number generator, meaning it’s not secure for cryptographic purposes.”
Although pieces of hardware had complex pseudorandom number generators, they were “seeded with a timestamp that’s not unique enough, so you need to add some human-based randomness.”
The common seeds found on certain pieces of hardware made them categorically vulnerable to similar forms of cyberattack. This concern ended up being validated for Kroll when it was revealed that “the Android platform had a weakness in its secure random number generator, and Google didn’t fix that on old models; they only fixed it on models moving forward.” His strategy of mixing hardware randomness with user-generated randomness adds a layer of security that is not flawed in a categorical way.