Pages:
Author

Topic: [ANNOUNCE] Android key rotation - page 12. (Read 66313 times)

legendary
Activity: 1722
Merit: 1217
August 11, 2013, 01:39:19 PM
#34


in case anyone is confused about the color coding.
legendary
Activity: 1400
Merit: 1013
August 11, 2013, 01:37:29 PM
#33
This vulnerability is yet another reason address reuse in Bitcoin clients must be eliminated.

Prior to this, using non-deterministic wallets was either a privacy disaster (single key model) or else a usability nightmare (random key model).

Now anything which encourages address reuse should be considered negligent.
administrator
Activity: 5222
Merit: 13032
August 11, 2013, 01:33:02 PM
#32
It's hard to get a good color due to the gradient.
sr. member
Activity: 322
Merit: 250
August 11, 2013, 01:28:14 PM
#31
I noticed it instantly, actually.  Lips sealed
I did too, just couldnt read it. Thought it was a new ad at first =P
hero member
Activity: 906
Merit: 1034
BTC: the beginning of stake-based public resources
August 11, 2013, 01:24:47 PM
#30
Interesting bug. Thanks for the info.
sr. member
Activity: 350
Merit: 250
August 11, 2013, 01:09:58 PM
#29
So basically, Google pulled a Sony...




So, this is the same type of attack as was Sony Playstation network hack (ECDSA random numbers not being random) - so you would expect that developers test their software for the same weakness, right?

AFAIK it is a relatively new algorithm chosen because of short signatures produced, so it might even get broken (even with working random number generators). Something should be done about that...
The exploit isn't in the algorithm, it's in generating a secure random number. It also wasn't the PSN hack, it was the PS3 hack.

With Sony, they used the same number every single time. It simply wasn't random, and was a horrible, or rather, *not* an implementation of the encryption in the right manner.

With Android, the same random number apparently comes up once in a while. Still horrible considering the money involved (probably worse), but there's only a chance to get the same random number (as opposed to guaranteed with Sony).
newbie
Activity: 57
Merit: 0
August 11, 2013, 01:00:31 PM
#28
So basically, Google pulled a Sony...

http://i.imgur.com/e9jUO.png


So, this is the same type of attack as was Sony Playstation network hack (ECDSA random numbers not being random) - so you would expect that developers test their software for the same weakness, right?

AFAIK it is a relatively new algorithm chosen because of short signatures produced, so it might even get broken (even with working random number generators). Something should be done about that...
legendary
Activity: 1134
Merit: 1118
August 11, 2013, 12:58:53 PM
#27
I noticed it instantly, actually.  Lips sealed
legendary
Activity: 2053
Merit: 1356
aka tonikt
August 11, 2013, 12:58:14 PM
#26
pink is a really crappy color, fwiw.
indeed - it's barely visible.
sr. member
Activity: 322
Merit: 250
August 11, 2013, 12:55:37 PM
#25
pink is a really crappy color, fwiw.
sr. member
Activity: 350
Merit: 250
August 11, 2013, 12:52:29 PM
#24
Could this be what was behind all those random 1 mBTC payments that were going around?

As they are spent, if the wallet was Android they are now multiple spends from same address possibly allowing attacker to figure out private key.
Interesting thought... it would make a bit of sense.
full member
Activity: 168
Merit: 100
August 11, 2013, 12:51:22 PM
#23
Could this be what was behind all those random 1 mBTC payments that were going around?

As they are spent, if the wallet was Android they are now multiple spends from same address possibly allowing attacker to figure out private key.
hero member
Activity: 483
Merit: 551
August 11, 2013, 12:42:11 PM
#22
I see a lot of questions here about which keys are affected and which not.

As far as Bitcoin Wallet goes, it will rotate your keys no matter how you created them and if you used them for signing. This is because there is no supported way of importing keys from other sources than itself (backup), so all keys must have been created using the flaky random number generator.

I can't tell about the other apps, but I hope they will rotate all keys as well.
legendary
Activity: 1526
Merit: 1134
August 11, 2013, 12:41:04 PM
#21
Could you please clarify:

1. Is this the same, or a different, issue from the one being discussed in the "Bad signatures" thread?

2. Is it absolutely and completely true that this is an Android issue, ie. hosted Blockchain.info wallets and other wallet software written in Java is not affected?

3. I generated my wallet keys off-device. Am I still vulnerable?

4. I generated my wallet keys on-device but have only received funds and not sent any, so no transactions were actually generated by the Android application. Am I still vulnerable?

5. If it turns out from any of the above two reasons that I am not vulnerable, will the update to Android Wallet specifically still rotate my wallet? There are probably a lot of wallets out there who would be greatly hurt by unnecessary transaction fees.

1. It's the same issue

2. It's an Android issue, not a Java issue.

3. The key would not have an issue in this case. However if you spent money from it then there's a small chance the key may have been exposed. However someone has been monitoring the network for this and claims it only happens a few times a month worldwide, what's more, someone appears to be stealing the money when it does happen. So if you haven't already suffered a theft, you probably haven't been exposed in this way, and simply upgrading and rotating the wallet is sufficient.

4. Your key may be vulnerable.

5. All wallets will be rotated automatically. The Bitcoin Wallet app doesn't really support importing arbitrary private keys. You can do it by re-using the backup mechanism, but key imports/exports in general have all kinds of problems and if you do it, you are "on your own". It's not an official feature of the app.
sr. member
Activity: 350
Merit: 250
August 11, 2013, 12:33:40 PM
#20
So basically, Google pulled a Sony...

sr. member
Activity: 441
Merit: 250
August 11, 2013, 12:32:09 PM
#19
Could you please clarify:

1. Is this the same, or a different, issue from the one being discussed in the "Bad signatures" thread?

2. Is it absolutely and completely true that this is an Android issue, ie. hosted Blockchain.info wallets and other wallet software written in Java is not affected?

3. I generated my wallet keys off-device. Am I still vulnerable?

4. I generated my wallet keys on-device but have only received funds and not sent any, so no transactions were actually generated by the Android application. Am I still vulnerable?

5. If it turns out from any of the above two reasons that I am not vulnerable, will the update to Android Wallet specifically still rotate my wallet? There are probably a lot of wallets out there who would be greatly hurt by unnecessary transaction fees.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
August 11, 2013, 12:29:34 PM
#18
For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected.

Don't get this...
Wallet created with Bitcoin-QT; imported to Blockchain, but created new Address in Browser - still vulnerable?
No matter when or where created if you SPENT BTC from an address using a wallet on an android device then the private key may be known.

Try this:

Basically every bitcoin transaction is signed in order to prove you have the private key and can transfer the funds.  There is a bug in the secure random number generator on the android phones that causes it to sometimes use the same random number to sign a transaction.  If you sign two different transactions with the same private key and the same random number then it is very easy to just calculate the private key from the two signatures.
hero member
Activity: 826
Merit: 1000
°^°
August 11, 2013, 12:21:59 PM
#17
For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected.

Don't get this...
Wallet created with Bitcoin-QT; imported to Blockchain, but created new Address in Browser - still vulnerable?
legendary
Activity: 1526
Merit: 1134
August 11, 2013, 12:21:51 PM
#16
Because Bitcoin transactions require random numbers to create, if you generated spends with an imported key from Android then the key itself may be compromised, but this isn't a given, see here:

http://www.reddit.com/r/Bitcoin/comments/1k51dh/bad_signatures_leading_to_558_btc_theft_so_far/cblgtut

legendary
Activity: 858
Merit: 1000
August 11, 2013, 12:21:39 PM
#15
Woah, I have 2 addresses with only 0.002 in them that I generated a year ago. Are they safe? What should I do?

I also imported a vanity address to blockchain.info. Is that safe? I only made one transaction out of it. I generated many other addresses through blockchain.info but never sent anything from them. Are they safe?
Pages:
Jump to: