in case anyone is confused about the color coding.
Topic: [ANNOUNCE] Android key rotation - page 12. (Read 66313 times)
in case anyone is confused about the color coding.
This vulnerability is yet another reason address reuse in Bitcoin clients must be eliminated.
Prior to this, using non-deterministic wallets was either a privacy disaster (single key model) or else a usability nightmare (random key model).
Now anything which encourages address reuse should be considered negligent.
Prior to this, using non-deterministic wallets was either a privacy disaster (single key model) or else a usability nightmare (random key model).
Now anything which encourages address reuse should be considered negligent.
It's hard to get a good color due to the gradient.
I noticed it instantly, actually. 
I did too, just couldnt read it. Thought it was a new ad at first =P 
Interesting bug. Thanks for the info.
So basically, Google pulled a Sony...
So, this is the same type of attack as was Sony Playstation network hack (ECDSA random numbers not being random) - so you would expect that developers test their software for the same weakness, right?
AFAIK it is a relatively new algorithm chosen because of short signatures produced, so it might even get broken (even with working random number generators). Something should be done about that...
With Sony, they used the same number every single time. It simply wasn't random, and was a horrible, or rather, *not* an implementation of the encryption in the right manner.
With Android, the same random number apparently comes up once in a while. Still horrible considering the money involved (probably worse), but there's only a chance to get the same random number (as opposed to guaranteed with Sony).
So, this is the same type of attack as was Sony Playstation network hack (ECDSA random numbers not being random) - so you would expect that developers test their software for the same weakness, right?
AFAIK it is a relatively new algorithm chosen because of short signatures produced, so it might even get broken (even with working random number generators). Something should be done about that...
I noticed it instantly, actually.
pink is a really crappy color, fwiw.
indeed - it's barely visible.
pink is a really crappy color, fwiw.
Could this be what was behind all those random 1 mBTC payments that were going around?
As they are spent, if the wallet was Android they are now multiple spends from same address possibly allowing attacker to figure out private key.
Interesting thought... it would make a bit of sense. As they are spent, if the wallet was Android they are now multiple spends from same address possibly allowing attacker to figure out private key.
Could this be what was behind all those random 1 mBTC payments that were going around?
As they are spent, if the wallet was Android they are now multiple spends from same address possibly allowing attacker to figure out private key.
As they are spent, if the wallet was Android they are now multiple spends from same address possibly allowing attacker to figure out private key.
I see a lot of questions here about which keys are affected and which not.
As far as Bitcoin Wallet goes, it will rotate your keys no matter how you created them and if you used them for signing. This is because there is no supported way of importing keys from other sources than itself (backup), so all keys must have been created using the flaky random number generator.
I can't tell about the other apps, but I hope they will rotate all keys as well.
As far as Bitcoin Wallet goes, it will rotate your keys no matter how you created them and if you used them for signing. This is because there is no supported way of importing keys from other sources than itself (backup), so all keys must have been created using the flaky random number generator.
I can't tell about the other apps, but I hope they will rotate all keys as well.
Could you please clarify:
1. Is this the same, or a different, issue from the one being discussed in the "Bad signatures" thread?
2. Is it absolutely and completely true that this is an Android issue, ie. hosted Blockchain.info wallets and other wallet software written in Java is not affected?
3. I generated my wallet keys off-device. Am I still vulnerable?
4. I generated my wallet keys on-device but have only received funds and not sent any, so no transactions were actually generated by the Android application. Am I still vulnerable?
5. If it turns out from any of the above two reasons that I am not vulnerable, will the update to Android Wallet specifically still rotate my wallet? There are probably a lot of wallets out there who would be greatly hurt by unnecessary transaction fees.
1. Is this the same, or a different, issue from the one being discussed in the "Bad signatures" thread?
2. Is it absolutely and completely true that this is an Android issue, ie. hosted Blockchain.info wallets and other wallet software written in Java is not affected?
3. I generated my wallet keys off-device. Am I still vulnerable?
4. I generated my wallet keys on-device but have only received funds and not sent any, so no transactions were actually generated by the Android application. Am I still vulnerable?
5. If it turns out from any of the above two reasons that I am not vulnerable, will the update to Android Wallet specifically still rotate my wallet? There are probably a lot of wallets out there who would be greatly hurt by unnecessary transaction fees.
1. It's the same issue
2. It's an Android issue, not a Java issue.
3. The key would not have an issue in this case. However if you spent money from it then there's a small chance the key may have been exposed. However someone has been monitoring the network for this and claims it only happens a few times a month worldwide, what's more, someone appears to be stealing the money when it does happen. So if you haven't already suffered a theft, you probably haven't been exposed in this way, and simply upgrading and rotating the wallet is sufficient.
4. Your key may be vulnerable.
5. All wallets will be rotated automatically. The Bitcoin Wallet app doesn't really support importing arbitrary private keys. You can do it by re-using the backup mechanism, but key imports/exports in general have all kinds of problems and if you do it, you are "on your own". It's not an official feature of the app.
So basically, Google pulled a Sony...
Could you please clarify:
1. Is this the same, or a different, issue from the one being discussed in the "Bad signatures" thread?
2. Is it absolutely and completely true that this is an Android issue, ie. hosted Blockchain.info wallets and other wallet software written in Java is not affected?
3. I generated my wallet keys off-device. Am I still vulnerable?
4. I generated my wallet keys on-device but have only received funds and not sent any, so no transactions were actually generated by the Android application. Am I still vulnerable?
5. If it turns out from any of the above two reasons that I am not vulnerable, will the update to Android Wallet specifically still rotate my wallet? There are probably a lot of wallets out there who would be greatly hurt by unnecessary transaction fees.
1. Is this the same, or a different, issue from the one being discussed in the "Bad signatures" thread?
2. Is it absolutely and completely true that this is an Android issue, ie. hosted Blockchain.info wallets and other wallet software written in Java is not affected?
3. I generated my wallet keys off-device. Am I still vulnerable?
4. I generated my wallet keys on-device but have only received funds and not sent any, so no transactions were actually generated by the Android application. Am I still vulnerable?
5. If it turns out from any of the above two reasons that I am not vulnerable, will the update to Android Wallet specifically still rotate my wallet? There are probably a lot of wallets out there who would be greatly hurt by unnecessary transaction fees.
For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected.
Don't get this...
Wallet created with Bitcoin-QT; imported to Blockchain, but created new Address in Browser - still vulnerable?
Try this:
Basically every bitcoin transaction is signed in order to prove you have the private key and can transfer the funds. There is a bug in the secure random number generator on the android phones that causes it to sometimes use the same random number to sign a transaction. If you sign two different transactions with the same private key and the same random number then it is very easy to just calculate the private key from the two signatures.
For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected.
Don't get this...
Wallet created with Bitcoin-QT; imported to Blockchain, but created new Address in Browser - still vulnerable?
Because Bitcoin transactions require random numbers to create, if you generated spends with an imported key from Android then the key itself may be compromised, but this isn't a given, see here:
http://www.reddit.com/r/Bitcoin/comments/1k51dh/bad_signatures_leading_to_558_btc_theft_so_far/cblgtut
http://www.reddit.com/r/Bitcoin/comments/1k51dh/bad_signatures_leading_to_558_btc_theft_so_far/cblgtut
Woah, I have 2 addresses with only 0.002 in them that I generated a year ago. Are they safe? What should I do?
I also imported a vanity address to blockchain.info. Is that safe? I only made one transaction out of it. I generated many other addresses through blockchain.info but never sent anything from them. Are they safe?
I also imported a vanity address to blockchain.info. Is that safe? I only made one transaction out of it. I generated many other addresses through blockchain.info but never sent anything from them. Are they safe?
Jump to: