From 135ea4e5fa05bc61213251113846c851c8a6feb0 Mon Sep 17 00:00:00 2001 From: Saivann Date: Fri, 14 Nov 2014 13:23:29 -0500 Subject: [PATCH 1/3] Update transparency scores for hardware wallets --- _translations/en.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/_translations/en.yml b/_translations/en.yml index c5e0f960..c6ed7ec3 100644 --- a/_translations/en.yml +++ b/_translations/en.yml @@ -156,8 +156,12 @@ en: checkfailvalidationcentralizedtxt: "This wallet relies on a centralized service by default. This means a third party must be trusted to not hide or simulate payments." checkgoodtransparencydeterministic: "Complete transparency" checkgoodtransparencydeterministictxt: "This wallet is open-source and built deterministically. This means any developer in the world can audit the code and make sure the final software isn't hiding any secrets." - checkpasstransparencyopensource: "Good transparency" + checkpasstransparencyopensource: "Basic transparency" checkpasstransparencyopensourcetxt: "The developers of this wallet publish the source code for the client. This means any developer in the world can audit the code. However, you still need to trust developers of this wallet when installing or updating the final software because it was not built deterministically like Bitcoin Core." + checkpasstransparencyopensourcehardware: "Basic transparency" + checkpasstransparencyopensourcehardwaretxt: "The source code for this wallet is public. This means any developer in the world can audit the code. However, you still need to trust developers of this wallet because the device cannot be verified to be generating secure random seeds and to be using the same source code. Updating your device's firmware, generating your own secure random seed or using multi-signature can make it harder to steal your bitcoins." + checkpasstransparencyopenspechardware: "Basic transparency" + checkpasstransparencyopenspechardwaretxt: "The specification for this wallet is public. This means any developer in the world can do blackbox testing. However, you still need to trust developers of this wallet because the device cannot be verified to be generating secure random seeds and the source code cannot be audited. Updating your device's firmware, generating your own secure random seed or using multi-signature can make it harder to steal your bitcoins." checkfailtransparencyclosedsource: "No transparency" checkfailtransparencyclosedsourcetxt: "This wallet is not open-source. This means it is not possible to audit the code and make sure the final software isn't hiding dangerous code or doing anything you wouldn't agree to." checkfailtransparencyremote: "Remote app" From 0a0f67fdecb6cb4d4bfd08aaa4cd677e5b1c264e Mon Sep 17 00:00:00 2001 From: Saivann Date: Fri, 14 Nov 2014 13:52:50 -0500 Subject: [PATCH 2/3] Avoid mentioning that the app is open-source in the "New app" score --- _translations/en.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_translations/en.yml b/_translations/en.yml index c6ed7ec3..3237b519 100644 --- a/_translations/en.yml +++ b/_translations/en.yml @@ -167,7 +167,7 @@ en: checkfailtransparencyremote: "Remote app" checkfailtransparencyremotetxt: "This wallet is loaded from a remote location. This means that whenever you use your wallet, you need to trust the developers not to steal or lose your bitcoins in an incident on their site. Using a browser extension or mobile app, if available, can reduce that risk." checkfailtransparencynew: "New app" - checkfailtransparencynewtxt: "The developers of this wallet publish the source code for the client. However, this wallet has not been tested and publicly reviewed by a significant number of people. This means this app might be more at risk of hiding dangerous code or doing something you wouldn't agree to." + checkfailtransparencynewtxt: "This wallet has not been tested and publicly reviewed by a significant number of people. This means this app might be more at risk of hiding dangerous code or doing something you wouldn't agree to." checkgoodenvironmenthardware: "Very secure environment" checkgoodenvironmenthardwaretxt: "This wallet is loaded from a secure specialized environment provided by the device. This provides very strong protection against computer vulnerabilities and malware since no software can be installed on this environment." checkpassenvironmentmobile: "Secure environment" From d71fab627f6201cf3ef1b96eae77e50c8888be14 Mon Sep 17 00:00:00 2001 From: Saivann Date: Sun, 16 Nov 2014 02:14:13 -0500 Subject: [PATCH 3/3] Make it clearer that auditing the RNG of a hardware wallet depends on verifying that the device uses the right source code --- _translations/en.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_translations/en.yml b/_translations/en.yml index 3237b519..9e6f6625 100644 --- a/_translations/en.yml +++ b/_translations/en.yml @@ -159,7 +159,7 @@ en: checkpasstransparencyopensource: "Basic transparency" checkpasstransparencyopensourcetxt: "The developers of this wallet publish the source code for the client. This means any developer in the world can audit the code. However, you still need to trust developers of this wallet when installing or updating the final software because it was not built deterministically like Bitcoin Core." checkpasstransparencyopensourcehardware: "Basic transparency" - checkpasstransparencyopensourcehardwaretxt: "The source code for this wallet is public. This means any developer in the world can audit the code. However, you still need to trust developers of this wallet because the device cannot be verified to be generating secure random seeds and to be using the same source code. Updating your device's firmware, generating your own secure random seed or using multi-signature can make it harder to steal your bitcoins." + checkpasstransparencyopensourcehardwaretxt: "The source code for this wallet is public. This means any developer in the world can audit the code. However, you still need to trust developers of this wallet because the device cannot be verified to be using the same source code to generate secure random seeds and for other operations. Updating your device's firmware, generating your own secure random seed or using multi-signature can make it harder to steal your bitcoins." checkpasstransparencyopenspechardware: "Basic transparency" checkpasstransparencyopenspechardwaretxt: "The specification for this wallet is public. This means any developer in the world can do blackbox testing. However, you still need to trust developers of this wallet because the device cannot be verified to be generating secure random seeds and the source code cannot be audited. Updating your device's firmware, generating your own secure random seed or using multi-signature can make it harder to steal your bitcoins." checkfailtransparencyclosedsource: "No transparency"