All DearMEW articles are based on real user questions, edited for privacy, clarity, and flow.
I had read on some Telegram channels that the MEW website generates keys server-side, and that only by downloading the paper wallet generator and running it offline will I be able to generate keys client-side. Is this true?
Incredulous but Concerned
Dear Incredulous but Concerned,
You are right to question what you see on social media and Telegram channels, because too often, the authoritative advice proffered there is not backed by technological expertise or sufficient knowledge about the subject (that is, if it’s not an outright scam).
That being said, the crypto space is still rather young, and even experts can disagree on topics related to technological protocols, best practices, and terminology. Irresponsibly spread misinformation can only add to the uncertainty already experienced by many crypto users on a daily basis. Whenever possible, it’s best to get the facts from the official source – so kudos to you for doing just that!
We can assure you that MEW wallet generation is absolutely always client-side.
The codebase for our online and offline builds is the same. Whether you are using the online web interface or running MEW offline, the same process is used to generate your keys. Specifically, we are using https://github.com/ethereumjs/ethereumjs-wallet library, which uses ‘window.crypto’ built into the browser to generate cryptographically secure random bytes. No servers are involved in this generation process.
This brings us to our unwavering endeavor to inform users that, unlike a bank, we don’t collect or store any user information. The keys are generated within your browser, the mnemonic phrase, keystore file, and/or password is only ever seen by you, and we never, ever have access to your wallet.
This means that we can’t mess with your funds, but it also means that we can’t change any settings or restore access information. (We feel so strongly about this, we wrote a whole article about all the ways we are not like a bank. You can read it here.)
By the way, if you use our MEW wallet app, the keys are generated on your mobile device – also entirely client-side, giving you full control over your funds. To find out more about the way MEW wallet app encrypts and protects your information, see this mobile security article.
Hopefully all this answers your question, and you can carry the flame of true knowledge back to the Telegram group where your confidence was unduly shaken in the first place!
Always client-sidedly yours,