Security considerations

[schlamar]

Everybody says MEW is safe, because it doesn't store keys, so it doesn't make sense to hack it. But no one (?) considered the following scenario: MEW gets hacked and the code is modified so that private keys are stored or sent somewhere else. Even the developers could turn rogue and do this without anybody noticing (see #21).

And if your answer is "MEW is auditable", that is not really the case! It contains minified JS which isn't auditable at all. This minified JS could do anything, including a backdoor uploading private keys to someone. So even running MEW offline doesn't guarantee integrity. (Somewhere I have read you can check outgoing network traffic, but well, if this is your private key, it's already to late).

Additionally, every upstream dependency could turn rogue (angular, jquery, ...). I'm not sure if and how you check the integrity of these dependencies. At least there is nothing documented in your security faq.

[tayvano]

But no one (?)

LOL, I suppose if "no one" doesn't include "everyone who works or has ever worked on MEW or anyone who is mildly interested in security"

MEW gets hacked and the code is modified so that private keys are stored or sent somewhere else

Yes. This is a risk. There are a few risks in this vein that we have thought about a lot a lot and consult with security experts to mitigate them, build tools to prevent them or at least make us aware ASAP, etc. etc. etc. We take personal security, integrity of the source, integrity of what is being served on myetherwallet.com very seriously and, while you may not be checking every commit and constantly watching every line of code on myetherwallet.com, we are.

"MEW is auditable", that is not really the case! It contains minified JS which isn't auditable at all.

The source is auditable. The bulk of the JS served on MEW is auditable and not minified: https://www.myetherwallet.com/js/etherwallet-master.js

The static JS is minified but, as you can see here, hasn't been updated in 7 months: https://github.com/kvhnuke/etherwallet/tree/mercury/dist/js

The easiest way to check to see if its sending keys is via the network tab in dev tools or another tool like Little Snitch to see what gets sent where. This is how we detect phishing websites. Via an empty private key.

So even running MEW offline doesn't guarantee integrity.

It may not guarantee integrity, but if you are offline aka not connected to the internet, I would be very interested in how any script is sending the private keys to the attacker(s)

Additionally, every upstream dependency could turn rogue (angular, jquery, ...)

There's a real risk that's hard to mitigate, especially with the npm system. Currently solved by not updating / very carefully and manually updating necessary deps. In the future, we will be mitigating this risk in a more robust way that actually allows us to update things. Thank goodness.

Your best bet is:

• Get a Ledger

• Get a TREZOR

• Use MetaMask (although this transfers risk to MetaMask / Chrome Extension store)

• Only use the send offline page via an airgapped computer when generating and accessing private keys with a lot of funds. Here's a guide: https://steemit.com/cryptocurrency/@tomshwom/tomshwom-s-advanced-crypto-security-guide-part-3-creating-a-secure-wallet

Obviously, a hardware wallet is going to be way easier than the above link.

[schlamar]

The static JS is minified but, as you can see here, hasn't been updated in 7 months

But there is no guarantee that the file from the repo will make it into the release. The file in the .tar.gz or live on myetherwallet.com could be tampered with.

But thanks for the clarification. I'm glad that you put serious effort into these problems. Before your comment it looked like you take security too lightly (from my POV).

I think these security considerations are not clearly communicated to the average user. These points should appear in your knowledge base and in the intro.

A lot of people saying that MEW is 100% safe, which is definitely not the case (e.g. https://bitcointalk.org/index.php?topic=2354811).

Points which could be improved:

• Make it clear that myetherwallet.com could be compromised and that it is not 100% safe
• Make the note of using a hardware wallet (or the offline version) for extra safety more prominent
• Better describe the offline version. I'm not sure if the average user understands that the downloaded version should run on a computer without internet access. Additionally, "airgapped" is difficult to understand for non native English speakers, so you might tend to ignore that word...
• Add security details for advanced users to the knowledge base (basically this thread)

[tayvano]

You are part of the 1% these days, my friend.

I understand your points and I wish that communicating these were a larger priority, but literally we're so much lower than this. So much. As in, we can't get people to not click malicious links and enter they key on a site with a url of fakemyetherwalletisgoingtofuckyouinthebutt[.]com. Ideally, there would be NO private keys on myetherwallet.com and if I could go back in time I would do that.

If you want to help us perfect the copy for the discouragement of PKs in general and have it apply to malicious code injects vs phishing sites, your comments are welcome here ---> MyEtherWallet/MyEtherWallet#557

[tayvano]

(to clarify: any comments or ideas you have on that issue are welcome, but specifically surrounding messaging as that is what you ended your comment with so that's what was in the forefront of my mind 😉)

[twMat]

@tayvano - forgive a noob but does this:

Use MetaMask (although this transfers risk to MetaMask / Chrome Extension store)

...mean that you recommend the MetaMask chrome ext before the MyEtherWallet chrome ext, with regards to security?

And BTW, why is the MEW chrome extension not among the recommended at the MEW website in that top orange´ish field?

[tayvano]

Because we havent updated the chrome extension to force downloading the keystore files when generating a new wallet, or update currencies across the site, and before the phishers existed we saw fuckloads of loss from people not properly saving their keys.

Add'l metamask is better and better maintained.

[twMat]

@tayvano - thanx!