The ssss demo page
Please do not paste your bitcoin secret keys or other sensible data into the ssss demo page.
Observe that there are several independent security issues with that:
If you want to protect sensitive data with ssss, the downloaded and locally executed binary will do what you expect.
But please avoid using the online demo for any serious purpose.
- traffic to my website is not TLS/SSL encrypted, i.e. everybody can steal the keys from the wire
- the secret value to be splitted and also the computed shares get part of the URL of the ssss demo page (via HTTP GET request). Hence,
- the secret is stored in your browser's history
- the secret is stored in your browser's cache
- the secret is stored in the logs of any proxy you are using (knowingly or not)
- the secret is stored in the logs of my webserver
- the ssss version accessible from the website is a heavily patched one
- usage of secure memory is switched off to protect against DOS attacks
- the random number generator in ssss is replaced by a weak one, to save entropy in /dev/random
Back to the demo page.