Pages:
Author

Topic: [ANNOUNCE] Android key rotation - page 11. (Read 66313 times)

legendary
Activity: 1795
Merit: 1208
This is not OK.
August 11, 2013, 02:18:35 PM
#54
Oopsie!
I've extracted all mah money... Waiting for update.
hero member
Activity: 668
Merit: 501
August 11, 2013, 02:17:34 PM
#53
If you are using Mycelium Wallet, a fix has been published to the play store (still pending review) and to mycelium.com

if you download it from mycelium.com, you can check the sha1sum

Code:
dba000cad4cbf94a7b4c621f57482322c0a96678  mbw-v0.6.5.apk

There will be a wizard guiding you through the process in an upcoming version, but for now, you can simply download version 0.6.5 (or greater) and move the keys to newly generated addresses.

  • generate a new key
  • backup this key (to sdcard or similar)
  • manually send funds to the new secure address.
  • move your empty old key to the Archive category

Please take care. The most likely chance of lost bitcoins is the loss of private keys. Don't use our wallet without a backup of the keys.
newbie
Activity: 50
Merit: 0
August 11, 2013, 02:17:16 PM
#52
Reading through the entire thread, I am still not clear on this. If I logged into and made transactions using the blockchain.info website through my Android device's web browser, does this affect me? I have never used the blockchain.info app.
STT
legendary
Activity: 4102
Merit: 1454
August 11, 2013, 02:15:13 PM
#51
Ive always thought computers could not generate random numbers.    I once won a large prize buying the last ticket before a lotto draw, computer random number generator was the source though I didnt complain at the time
sr. member
Activity: 322
Merit: 250
August 11, 2013, 02:13:52 PM
#50
i'm confused--are all blockchain.info wallets vulnerable?  (even if you dont have an android phone)
Here are the rollout statuses of each wallet I'm aware of:

blockchain.info wallet: An update was released today that adds a new key using a fixed RNG, so you can manually rotate now. Another update will follow in the coming days that will automatically re-send all coins controlled by the previous keys to the new one.

Please note that apps where you don't control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated or controlled by you at all.

Basic rule of thumb - if you'd lose the money if the phone/tablet were destroyed (assuming no backups), and that device is an Android device, then you need to upgrade ASAP.

For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected.


hero member
Activity: 672
Merit: 500
August 11, 2013, 02:13:28 PM
#49
i'm confused--are all blockchain.info wallets vulnerable?  (even if you dont have an android phone)

No, just those generated by an Android phone.
hero member
Activity: 615
Merit: 500
August 11, 2013, 02:12:42 PM
#48
i'm confused--are all blockchain.info wallets vulnerable?  (even if you dont have an android phone)
full member
Activity: 238
Merit: 100
KUPO!
August 11, 2013, 02:09:40 PM
#47
Pretty annoying for those people who imported vanity addresses into their android devices
legendary
Activity: 1526
Merit: 1134
August 11, 2013, 02:08:13 PM
#46
Transactions that re-use K values seem to result in a theft a few hours later. So, if your money hasn't been stolen and the key was not weakly generated, it's probably OK.

Yes it will incur the usual min tx fee.
sr. member
Activity: 441
Merit: 250
August 11, 2013, 02:06:43 PM
#45
Mike Hearn, Goonie, thanks for answering my questions.

So if I understand this correctly, if you generated your key an Android, OR if you generated a transaction on Android, one should consider that key insecure. Correct?

Will the wallet rotation on the Android Bitcoin Wallet incur a transaction fee?
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
August 11, 2013, 01:59:42 PM
#44
Not really.  This is a problem with a specific implementation of a specific secure random number generator (android).
If addresses are never reused, it doesn't matter if individual private keys are compromised after the fact.
The point is that with a proper RNG reuse is safe.

With a bad RNG no address is safe because it leads to bad signatures AND bad private keys.
legendary
Activity: 1526
Merit: 1134
August 11, 2013, 01:58:19 PM
#43
The new bitcoinj release that will be announced shortly has some initial code for BIP32. It's definitely something I want to integrate. It's difficult on mobile devices because they don't have any swapfile, so you can't just use as much memory as you want. You have to define a key window in which money can be received. Coins sent to keys that fall outside that window won't show up which is obviously very problematic. All in all, it's delicate and will require some careful experimentation and testing to make it work.
newbie
Activity: 57
Merit: 0
August 11, 2013, 01:55:48 PM
#42
This is very risky... I was thinking about installing a wallet on my phone but it's too early to do that now.
hero member
Activity: 812
Merit: 1006
August 11, 2013, 01:53:47 PM
#41
This vulnerability is yet another reason address reuse in Bitcoin clients must be eliminated.

Prior to this, using non-deterministic wallets was either a privacy disaster (single key model) or else a usability nightmare (random key model).

Now anything which encourages address reuse should be considered negligent.
Not really.  This is a problem with a specific implementation of a specific secure random number generator (android).

Single-address-per-transaction policy is better for privacy, and also protects from a class of security issues AFAIK. IMHO it is kind of supporting that BItcoinJ dev team hasn't been very keen on implementing proper multi-address support. But then again, it is open source, if you don't like it develop a batch... Myself I don't use BitcoinJ but other solutions.
legendary
Activity: 1400
Merit: 1013
August 11, 2013, 01:51:30 PM
#40
But that has nothing to do with deterministic wallets. Non deterministic wallets do not require address re-use.
The reason that clients reuse addresses is because random key wallets are unsuitable for general use.

Requiring users to update their backups after every n transactions results in permanently lost funds.

The solution is to implement BIP32.
legendary
Activity: 1400
Merit: 1013
August 11, 2013, 01:48:25 PM
#39
Not really.  This is a problem with a specific implementation of a specific secure random number generator (android).
If addresses are never reused, it doesn't matter if individual private keys are compromised after the fact.
full member
Activity: 168
Merit: 100
August 11, 2013, 01:47:14 PM
#38
This vulnerability is yet another reason address reuse in Bitcoin clients must be eliminated.

Prior to this, using non-deterministic wallets was either a privacy disaster (single key model) or else a usability nightmare (random key model).

Now anything which encourages address reuse should be considered negligent.
Not really.  This is a problem with a specific implementation of a specific secure random number generator (android).

Yes really. Payment addresses should not be re-used after money is spent. If you do not re-use the address then you can not fall victim to this if your random generator is not as random as it should be.

But that has nothing to do with deterministic wallets. Non deterministic wallets do not require address re-use.
legendary
Activity: 2053
Merit: 1356
aka tonikt
August 11, 2013, 01:45:00 PM
#37
This vulnerability is yet another reason address reuse in Bitcoin clients must be eliminated.

Prior to this, using non-deterministic wallets was either a privacy disaster (single key model) or else a usability nightmare (random key model).

Now anything which encourages address reuse should be considered negligent.
You must be joking.
If you cannot use the same private key again, to sign a different stuff, then it is not even a digital signature application - you can as well start using random and their hashes, or something..

Of course it must work multiple times - just like PGP/RSA has been working, ever since it was invented.
And nobody says that you using the same PGP key twice "should be considered negligent" - it would just defeat the purpose of a digital signature Smiley
sr. member
Activity: 322
Merit: 250
August 11, 2013, 01:43:03 PM
#36

in case anyone is confused about the color coding.

I withdrew all my BTC from vulnerable addresses.

This image reminds me how my crazy (in hindsight) mother did the same with her cash from the bank on Sept 11.
 
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
August 11, 2013, 01:42:16 PM
#35
This vulnerability is yet another reason address reuse in Bitcoin clients must be eliminated.

Prior to this, using non-deterministic wallets was either a privacy disaster (single key model) or else a usability nightmare (random key model).

Now anything which encourages address reuse should be considered negligent.
Not really.  This is a problem with a specific implementation of a specific secure random number generator (android).
Pages:
Jump to: