[ANNOUNCE] Android key rotation - page 3.

Rannasha

hero member

Activity: 728

Merit: 500

Quote from: allbiznessman on August 19, 2013, 11:08:40 AM

So, does this only affect Android wallets (Private Keys) generated by the Android wallet apps, or would my BTC address which I already had and then added to the blockchain wallet app also be affected? I hope not, cause I like keeping the same address for Public use, and then moving the BTC into my private addresses, never revealing public keys or addresses.

It only affects addresses/keys that are generated on Android.

allbiznessman

member

Activity: 74

Merit: 10

SudoSuRootDev... AKA... AllBiznessMan

So, does this only affect Android wallets (Private Keys) generated by the Android wallet apps, or would my BTC address which I already had and then added to the blockchain wallet app also be affected? I hope not, cause I like keeping the same address for Public use, and then moving the BTC into my private addresses, never revealing public keys or addresses.

justusranvier

legendary

Activity: 1400

Merit: 1009

Quote from: niko on August 16, 2013, 12:14:18 AM

Good luck patching Android with third parties between Google and your phone.

It bet Cyanogenmod users get access to the patches first.

niko

hero member

Activity: 756

Merit: 501

There is more to Bitcoin than bitcoins.

Quote from: Lauda on August 15, 2013, 07:10:37 PM

Quote from: TippingPoint on August 14, 2013, 08:14:47 PM

Quote from: stereotype on August 14, 2013, 05:05:21 PM

Quote from: P_Shep on August 14, 2013, 03:02:52 PM

dismantle a smoke detector

Or a bowl of brazil nuts

Formerly known as ...

the hero of?

Quit generating randomness, and get back to the topic. I read in the news that Google has acknowledged the problem, and recommends developers use dev/(u)rand. Good luck patching Android with third parties between Google and your phone.

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

Quote from: TippingPoint on August 14, 2013, 08:14:47 PM

Quote from: stereotype on August 14, 2013, 05:05:21 PM

Quote from: P_Shep on August 14, 2013, 03:02:52 PM

dismantle a smoke detector

Or a bowl of brazil nuts

Formerly known as ...

the hero of?

TippingPoint

legendary

Activity: 905

Merit: 1000

Quote from: stereotype on August 14, 2013, 05:05:21 PM

Quote from: P_Shep on August 14, 2013, 03:02:52 PM

Quote from: casascius on August 14, 2013, 01:27:18 PM

Quote from: ReCat on August 14, 2013, 11:43:07 AM

You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data.

(Unless if you distrust the laws of physics Cheesy

)

I would have, but at the time, I was fresh out of radioactive material. Maybe next time.

dismantle a smoke detector

Or a bowl of brazil nuts

Formerly known as ...

ralree

hero member

Activity: 518

Merit: 500

Manateeeeeeees

Quote from: casascius on August 14, 2013, 01:27:18 PM

Quote from: ReCat on August 14, 2013, 11:43:07 AM

You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data.

(Unless if you distrust the laws of physics Cheesy

)

I would have, but at the time, I was fresh out of radioactive material. Maybe next time.

Actually, you can just push a transistor into avalanche - it only take a few discrete components:

http://holdenc.altervista.org/avalanche/

stereotype

legendary

Activity: 1554

Merit: 1000

Quote from: P_Shep on August 14, 2013, 03:02:52 PM

Quote from: casascius on August 14, 2013, 01:27:18 PM

Quote from: ReCat on August 14, 2013, 11:43:07 AM

You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data.

(Unless if you distrust the laws of physics Cheesy

)

I would have, but at the time, I was fresh out of radioactive material. Maybe next time.

dismantle a smoke detector

Or a bowl of brazil nuts

P_Shep

legendary

Activity: 1795

Merit: 1198

This is not OK.

Quote from: casascius on August 14, 2013, 01:27:18 PM

Quote from: ReCat on August 14, 2013, 11:43:07 AM

You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data.

(Unless if you distrust the laws of physics Cheesy

)

I would have, but at the time, I was fresh out of radioactive material. Maybe next time.

dismantle a smoke detector

justusranvier

legendary

Activity: 1400

Merit: 1009

Quote from: casascius on August 14, 2013, 01:27:18 PM

I would have, but at the time, I was fresh out of radioactive material. Maybe next time.

Pick up some banana from the grocery store next time.

phatsphere

hero member

Activity: 763

Merit: 500

Quote from: casascius on August 14, 2013, 01:27:18 PM

Quote from: ReCat on August 14, 2013, 11:43:07 AM

You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data.

(Unless if you distrust the laws of physics Cheesy

)

I would have, but at the time, I was fresh out of radioactive material. Maybe next time.

instead of *radio*active material, you can use *radio*waves. just tune in a lower kHz frequency where a lot of noise from the earth's atmosphere is audible. that's one of the sources providers like random.org use. i guess it's pretty easy to get this running and then pulling the bytes from the A/D converter of your soundcard.

casascius

vip

Activity: 1386

Merit: 1136

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

Quote from: ReCat on August 14, 2013, 11:43:07 AM

You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data.

(Unless if you distrust the laws of physics Cheesy

)

I would have, but at the time, I was fresh out of radioactive material. Maybe next time.

niko

hero member

Activity: 756

Merit: 501

There is more to Bitcoin than bitcoins.

Quote from: ReCat on August 14, 2013, 11:43:07 AM

Quote from: casascius on August 13, 2013, 08:39:35 AM

Quote from: phatsphere on August 13, 2013, 08:33:08 AM

@casascius: do you know about this page: http://www.random.org/bytes/ ? that could also be a source, which could replace the mouse-moving-timestamp thing because it comes from an external source.

Sure, though I have every reason to believe their bytes are truly random, for security purposes, I don't. When I generate keys, the machine doesn't have internet access anyway, so I suppose it's just an alternative (sub)string to paste as a response to the "keyboard mash" if I want to copy it in with a flash drive etc.

You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data.

(Unless if you distrust the laws of physics Cheesy

)

You may be missing the point here. There is more than enough entropy available in a phone or a PC. The problem is with human errors when coding and otherwise implementing the RNG. In this case, lazy Google employees who copy-pasted broken Apache code without reviewing it, and didn't even bother fixing it or rewriting the documentation when some of the flaws were made public half a year ago.
Building your own hardware, by yourself, will likely lead to more errors.

molecular

donator

Activity: 2772

Merit: 1019

Quote from: Tommy76 on August 14, 2013, 07:38:33 AM

Quote from: Lauda on August 13, 2013, 04:29:40 PM

Quote from: Huangww on August 13, 2013, 11:10:14 AM

very quick。

It would be a huge problem if it wasn't quick enough.

So, I think it's a huge problem, check the date of this post:
http://www.nilsschneider.net/2013/01/28/recovering-bitcoin-private-keys.html

This was known for even longer. The news was discovery of weakness in apache harmony RNG used by android.

ReCat

sr. member

Activity: 406

Merit: 250

Quote from: casascius on August 13, 2013, 08:39:35 AM

Quote from: phatsphere on August 13, 2013, 08:33:08 AM

@casascius: do you know about this page: http://www.random.org/bytes/ ? that could also be a source, which could replace the mouse-moving-timestamp thing because it comes from an external source.

Sure, though I have every reason to believe their bytes are truly random, for security purposes, I don't. When I generate keys, the machine doesn't have internet access anyway, so I suppose it's just an alternative (sub)string to paste as a response to the "keyboard mash" if I want to copy it in with a flash drive etc.

You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data.

(Unless if you distrust the laws of physics Cheesy

)

niko

hero member

Activity: 756

Merit: 501

There is more to Bitcoin than bitcoins.

Quote from: Tommy76 on August 14, 2013, 07:38:33 AM

Quote from: Lauda on August 13, 2013, 04:29:40 PM

Quote from: Huangww on August 13, 2013, 11:10:14 AM

very quick。

It would be a huge problem if it wasn't quick enough.

So, I think it's a huge problem, check the date of this post:
http://www.nilsschneider.net/2013/01/28/recovering-bitcoin-private-keys.html

Quote from: Mike Hearn on August 14, 2013, 08:36:52 AM

That post is unrelated to issues on Android.

It definitely is related to the exploit. And this one is also related, and was presented to the public almost half a year ago. Granted, it appears that android securerandom is broken beyond what is described in the RSA 2013 paper.

Jan

legendary

Activity: 1043

Merit: 1002

Quote from: Tommy76 on August 14, 2013, 07:38:33 AM

Quote from: Lauda on August 13, 2013, 04:29:40 PM

Quote from: Huangww on August 13, 2013, 11:10:14 AM

very quick。

It would be a huge problem if it wasn't quick enough.

So, I think it's a huge problem, check the date of this post:
http://www.nilsschneider.net/2013/01/28/recovering-bitcoin-private-keys.html

What this blog post doesn't tell is that in this particular instance the repeated use of the same K value was on purpose.
When making unit tests it is often desirable to be able to create results that can be repeated. By reusing the same K value you get the same signature, which is valuable during development. I know the developer in for this instance, and no, it is not me.

Mike Hearn

legendary

Activity: 1526

Merit: 1129