Pages:
Author

Topic: [ANNOUNCE] Android key rotation - page 3. (Read 66313 times)

hero member
Activity: 728
Merit: 500
August 19, 2013, 10:21:17 AM
So, does this only affect Android wallets (Private Keys) generated by the Android wallet apps, or would my BTC address which I already had and then added to the blockchain wallet app also be affected? I hope not, cause I like keeping the same address for Public use, and then moving the BTC into my private addresses, never revealing public keys or addresses.

It only affects addresses/keys that are generated on Android.
member
Activity: 74
Merit: 10
SudoSuRootDev... AKA... AllBiznessMan
August 19, 2013, 10:08:40 AM
So, does this only affect Android wallets (Private Keys) generated by the Android wallet apps, or would my BTC address which I already had and then added to the blockchain wallet app also be affected? I hope not, cause I like keeping the same address for Public use, and then moving the BTC into my private addresses, never revealing public keys or addresses.
legendary
Activity: 1400
Merit: 1013
August 15, 2013, 11:15:30 PM
Good luck patching Android with third parties between Google and your phone.
It bet Cyanogenmod users get access to the patches first.
hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
August 15, 2013, 11:14:18 PM
Quit generating randomness, and get back to the topic. I read in the news that Google has acknowledged the problem, and recommends developers use dev/(u)rand. Good luck patching Android with third parties between Google and your phone.
legendary
Activity: 2674
Merit: 3000
Terminated.
legendary
Activity: 905
Merit: 1000
August 14, 2013, 07:14:47 PM
You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data.

(Unless if you distrust the laws of physics  Cheesy )

I would have, but at the time, I was fresh out of radioactive material. Maybe next time.

dismantle a smoke detector

Or a bowl of brazil nuts

Formerly known as ...
hero member
Activity: 518
Merit: 500
Manateeeeeeees
August 14, 2013, 07:03:32 PM
You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data.

(Unless if you distrust the laws of physics  Cheesy )

I would have, but at the time, I was fresh out of radioactive material. Maybe next time.

Actually, you can just push a transistor into avalanche - it only take a few discrete components:

http://holdenc.altervista.org/avalanche/
legendary
Activity: 1554
Merit: 1000
August 14, 2013, 04:05:21 PM
You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data.

(Unless if you distrust the laws of physics  Cheesy )

I would have, but at the time, I was fresh out of radioactive material. Maybe next time.

dismantle a smoke detector

Or a bowl of brazil nuts
legendary
Activity: 1795
Merit: 1208
This is not OK.
August 14, 2013, 02:02:52 PM
You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data.

(Unless if you distrust the laws of physics  Cheesy )

I would have, but at the time, I was fresh out of radioactive material. Maybe next time.

dismantle a smoke detector
legendary
Activity: 1400
Merit: 1013
August 14, 2013, 01:21:46 PM
I would have, but at the time, I was fresh out of radioactive material. Maybe next time.
Pick up some banana from the grocery store next time.
hero member
Activity: 763
Merit: 500
August 14, 2013, 12:54:57 PM
You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data.

(Unless if you distrust the laws of physics  Cheesy )

I would have, but at the time, I was fresh out of radioactive material. Maybe next time.
instead of *radio*active material, you can use *radio*waves. just tune in a lower kHz frequency where a lot of noise from the earth's atmosphere is audible. that's one of the sources providers like random.org use. i guess it's pretty easy to get this running and then pulling the bytes from the A/D converter of your soundcard.
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
August 14, 2013, 12:27:18 PM
You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data.

(Unless if you distrust the laws of physics  Cheesy )

I would have, but at the time, I was fresh out of radioactive material. Maybe next time.
hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
August 14, 2013, 11:50:30 AM
@casascius: do you know about this page: http://www.random.org/bytes/ ? that could also be a source, which could replace the mouse-moving-timestamp thing because it comes from an external source.

Sure, though I have every reason to believe their bytes are truly random, for security purposes, I don't.  When I generate keys, the machine doesn't have internet access anyway, so I suppose it's just an alternative (sub)string to paste as a response to the "keyboard mash" if I want to copy it in with a flash drive etc.

You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data.

(Unless if you distrust the laws of physics  Cheesy )
You may be missing the point here. There is more than enough entropy available in a phone or a PC. The problem is with human errors when coding and otherwise implementing the RNG. In this case, lazy Google employees who copy-pasted broken Apache code without reviewing it, and didn't even bother fixing it or rewriting the documentation when some of the flaws were made public half a year ago.
Building your own hardware, by yourself, will likely lead to more errors.
donator
Activity: 2772
Merit: 1019
August 14, 2013, 11:36:42 AM
very quick。
It would be a huge problem if it wasn't quick enough.

So, I think it's a huge problem, check the date of this post:
http://www.nilsschneider.net/2013/01/28/recovering-bitcoin-private-keys.html

This was known for even longer. The news was discovery of weakness in apache harmony RNG used by android.
sr. member
Activity: 406
Merit: 250
August 14, 2013, 10:43:07 AM
@casascius: do you know about this page: http://www.random.org/bytes/ ? that could also be a source, which could replace the mouse-moving-timestamp thing because it comes from an external source.

Sure, though I have every reason to believe their bytes are truly random, for security purposes, I don't.  When I generate keys, the machine doesn't have internet access anyway, so I suppose it's just an alternative (sub)string to paste as a response to the "keyboard mash" if I want to copy it in with a flash drive etc.

You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data.

(Unless if you distrust the laws of physics  Cheesy )
hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
August 14, 2013, 10:33:25 AM
very quick。
It would be a huge problem if it wasn't quick enough.

So, I think it's a huge problem, check the date of this post:
http://www.nilsschneider.net/2013/01/28/recovering-bitcoin-private-keys.html

That post is unrelated to issues on Android.

It definitely is related to the exploit. And this one is also related, and was presented to the public almost half a year ago. Granted, it appears that android securerandom is broken beyond what is described in the RSA 2013 paper.


Jan
legendary
Activity: 1043
Merit: 1002
August 14, 2013, 07:46:10 AM
very quick。
It would be a huge problem if it wasn't quick enough.

So, I think it's a huge problem, check the date of this post:
http://www.nilsschneider.net/2013/01/28/recovering-bitcoin-private-keys.html

What this blog post doesn't tell is that in this particular instance the repeated use of the same K value was on purpose.
When making unit tests it is often desirable to be able to create results that can be repeated. By reusing the same K value you get the same signature, which is valuable during development. I know the developer in for this instance, and no, it is not me.
legendary
Activity: 1526
Merit: 1134
August 14, 2013, 07:36:52 AM
That post is unrelated to issues on Android.
member
Activity: 101
Merit: 10
August 14, 2013, 06:38:33 AM
very quick。
It would be a huge problem if it wasn't quick enough.

So, I think it's a huge problem, check the date of this post:
http://www.nilsschneider.net/2013/01/28/recovering-bitcoin-private-keys.html
sr. member
Activity: 252
Merit: 250
August 14, 2013, 05:30:58 AM
pseudo random number generation used in security systems is nothing more than *security through obscurity*
Pages:
Jump to: