8 checks

Live Security
Audit

Don't take our word for it — check for yourself. Hit the button below and watch your browser run 8 real security checks, right here, right now.

Every test runs locally on your device. Nothing is faked, nothing is sent to a server. Green means good. Red means something needs attention.

What is this?

When you use AddrLab, a private key is created on your device. That key controls your wallet or token — so it's critical that the process is secure. This page runs 8 automated checksto prove that everything works as promised: your key is generated locally, the randomness is real, and nothing is sent to the internet. Think of it as a health check for your browser's security.

Web Crypto API

Native Ed25519 support in your browser

This is the technology that creates your keys. If your browser supports it natively, address generation is up to 125x faster than alternatives.

Random Number Generator

Cryptographically secure random number generator

Your private key is essentially a giant random number. If the randomness is weak or predictable, someone could guess your key. This test makes sure the random generator works correctly.

Randomness Quality

Statistical test on 10,000 random bytes

We generate 10,000 random numbers and check if they're evenly distributed — like rolling a fair dice thousands of times. If some numbers come up way more often, something is wrong.

Zero Network Traffic

No data leaves your browser during key generation

The most important check: we verify that absolutely nothing is sent to the internet while keys are being generated. Your private key should never leave your device.

Security Headers

Content Security Policy restricts data exfiltration

Even if malicious code were injected, these browser-level rules block it from sending data anywhere. Think of it as a firewall built into the website itself.

Worker Isolation

Key generation runs in isolated background threads

Your keys are created in separate "workers" — isolated mini-programs that run in the background. They can't access the main page and can't be tampered with by browser extensions.

Code Integrity

SHA-256 fingerprint matches the published build

We compute a unique fingerprint (hash) of the code running on this page and compare it to the one published on GitHub. If they match, the code hasn't been tampered with.

Key Generation Test

Generate and validate an actual Ed25519 keypair

The final proof: we create a real key, sign a message with it, then verify the signature. If this works, your browser can securely generate Solana addresses.

Build Integrity

Worker Fingerprint

The code that generates your keys has a unique fingerprint — like a digital seal. If anyone changed even a single character of the code, this fingerprint would look completely different.

You can compare it with the one published on GitHub to make sure the code running here is exactly what's in the open-source repository.

SHA-256 Fingerprint

Loading...

How to verify this yourself (for developers)

1. Clone the repo: git clone https://github.com/addrlab/addrv2

2. Build the worker: npm run build:worker

3. Compare the hash in public/worker-hash.json with the one above