Oopsie!
I've extracted all mah money... Waiting for update.
Topic: [ANNOUNCE] Android key rotation - page 11. (Read 66313 times)
If you are using Mycelium Wallet, a fix has been published to the play store (still pending review) and to mycelium.com
if you download it from mycelium.com, you can check the sha1sum
There will be a wizard guiding you through the process in an upcoming version, but for now, you can simply download version 0.6.5 (or greater) and move the keys to newly generated addresses.
Please take care. The most likely chance of lost bitcoins is the loss of private keys. Don't use our wallet without a backup of the keys.
if you download it from mycelium.com, you can check the sha1sum
Code:
dba000cad4cbf94a7b4c621f57482322c0a96678 mbw-v0.6.5.apk
There will be a wizard guiding you through the process in an upcoming version, but for now, you can simply download version 0.6.5 (or greater) and move the keys to newly generated addresses.
- generate a new key
- backup this key (to sdcard or similar)
- manually send funds to the new secure address.
- move your empty old key to the Archive category
Please take care. The most likely chance of lost bitcoins is the loss of private keys. Don't use our wallet without a backup of the keys.
Reading through the entire thread, I am still not clear on this. If I logged into and made transactions using the blockchain.info website through my Android device's web browser, does this affect me? I have never used the blockchain.info app.
Ive always thought computers could not generate random numbers. I once won a large prize buying the last ticket before a lotto draw, computer random number generator was the source though I didnt complain at the time
i'm confused--are all blockchain.info wallets vulnerable? (even if you dont have an android phone)
Here are the rollout statuses of each wallet I'm aware of:
blockchain.info wallet: An update was released today that adds a new key using a fixed RNG, so you can manually rotate now. Another update will follow in the coming days that will automatically re-send all coins controlled by the previous keys to the new one.
Please note that apps where you don't control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated or controlled by you at all.
Basic rule of thumb - if you'd lose the money if the phone/tablet were destroyed (assuming no backups), and that device is an Android device, then you need to upgrade ASAP.
For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected.
blockchain.info wallet: An update was released today that adds a new key using a fixed RNG, so you can manually rotate now. Another update will follow in the coming days that will automatically re-send all coins controlled by the previous keys to the new one.
Please note that apps where you don't control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated or controlled by you at all.
Basic rule of thumb - if you'd lose the money if the phone/tablet were destroyed (assuming no backups), and that device is an Android device, then you need to upgrade ASAP.
For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected.
i'm confused--are all blockchain.info wallets vulnerable? (even if you dont have an android phone)
No, just those generated by an Android phone.
i'm confused--are all blockchain.info wallets vulnerable? (even if you dont have an android phone)
Pretty annoying for those people who imported vanity addresses into their android devices
Transactions that re-use K values seem to result in a theft a few hours later. So, if your money hasn't been stolen and the key was not weakly generated, it's probably OK.
Yes it will incur the usual min tx fee.
Yes it will incur the usual min tx fee.
Mike Hearn, Goonie, thanks for answering my questions.
So if I understand this correctly, if you generated your key an Android, OR if you generated a transaction on Android, one should consider that key insecure. Correct?
Will the wallet rotation on the Android Bitcoin Wallet incur a transaction fee?
So if I understand this correctly, if you generated your key an Android, OR if you generated a transaction on Android, one should consider that key insecure. Correct?
Will the wallet rotation on the Android Bitcoin Wallet incur a transaction fee?
Not really. This is a problem with a specific implementation of a specific secure random number generator (android).
If addresses are never reused, it doesn't matter if individual private keys are compromised after the fact.With a bad RNG no address is safe because it leads to bad signatures AND bad private keys.
The new bitcoinj release that will be announced shortly has some initial code for BIP32. It's definitely something I want to integrate. It's difficult on mobile devices because they don't have any swapfile, so you can't just use as much memory as you want. You have to define a key window in which money can be received. Coins sent to keys that fall outside that window won't show up which is obviously very problematic. All in all, it's delicate and will require some careful experimentation and testing to make it work.
This is very risky... I was thinking about installing a wallet on my phone but it's too early to do that now.
This vulnerability is yet another reason address reuse in Bitcoin clients must be eliminated.
Prior to this, using non-deterministic wallets was either a privacy disaster (single key model) or else a usability nightmare (random key model).
Now anything which encourages address reuse should be considered negligent.
Not really. This is a problem with a specific implementation of a specific secure random number generator (android).Prior to this, using non-deterministic wallets was either a privacy disaster (single key model) or else a usability nightmare (random key model).
Now anything which encourages address reuse should be considered negligent.
Single-address-per-transaction policy is better for privacy, and also protects from a class of security issues AFAIK. IMHO it is kind of supporting that BItcoinJ dev team hasn't been very keen on implementing proper multi-address support. But then again, it is open source, if you don't like it develop a batch... Myself I don't use BitcoinJ but other solutions.
But that has nothing to do with deterministic wallets. Non deterministic wallets do not require address re-use.
The reason that clients reuse addresses is because random key wallets are unsuitable for general use.Requiring users to update their backups after every n transactions results in permanently lost funds.
The solution is to implement BIP32.
Not really. This is a problem with a specific implementation of a specific secure random number generator (android).
If addresses are never reused, it doesn't matter if individual private keys are compromised after the fact. 
This vulnerability is yet another reason address reuse in Bitcoin clients must be eliminated.
Prior to this, using non-deterministic wallets was either a privacy disaster (single key model) or else a usability nightmare (random key model).
Now anything which encourages address reuse should be considered negligent.
Not really. This is a problem with a specific implementation of a specific secure random number generator (android).Prior to this, using non-deterministic wallets was either a privacy disaster (single key model) or else a usability nightmare (random key model).
Now anything which encourages address reuse should be considered negligent.
Yes really. Payment addresses should not be re-used after money is spent. If you do not re-use the address then you can not fall victim to this if your random generator is not as random as it should be.
But that has nothing to do with deterministic wallets. Non deterministic wallets do not require address re-use.
This vulnerability is yet another reason address reuse in Bitcoin clients must be eliminated.
Prior to this, using non-deterministic wallets was either a privacy disaster (single key model) or else a usability nightmare (random key model).
Now anything which encourages address reuse should be considered negligent.
You must be joking.Prior to this, using non-deterministic wallets was either a privacy disaster (single key model) or else a usability nightmare (random key model).
Now anything which encourages address reuse should be considered negligent.
If you cannot use the same private key again, to sign a different stuff, then it is not even a digital signature application - you can as well start using random and their hashes, or something..
Of course it must work multiple times - just like PGP/RSA has been working, ever since it was invented.
And nobody says that you using the same PGP key twice "should be considered negligent" - it would just defeat the purpose of a digital signature
in case anyone is confused about the color coding.
I withdrew all my BTC from vulnerable addresses.
This image reminds me how my crazy (in hindsight) mother did the same with her cash from the bank on Sept 11.
This vulnerability is yet another reason address reuse in Bitcoin clients must be eliminated.
Prior to this, using non-deterministic wallets was either a privacy disaster (single key model) or else a usability nightmare (random key model).
Now anything which encourages address reuse should be considered negligent.
Not really. This is a problem with a specific implementation of a specific secure random number generator (android). Prior to this, using non-deterministic wallets was either a privacy disaster (single key model) or else a usability nightmare (random key model).
Now anything which encourages address reuse should be considered negligent.
Jump to: