i randomly received .15 btc yesterday to one of my android generated addresses. Why would I randomly get free money? this never happened to me before, is this related to the flaw?
did you google the sending address? 
Topic: [ANNOUNCE] Android key rotation - page 9. (Read 66313 times)
Regarding Electrum:
We need to look into this further but as far as I'm aware Electrum relies on python's random implementation which is usually the operating system's PRNG. This would make running Electrum on Android vulnerable to the same vectors as described in this post for other wallets.
Even If you created the seed on another platfrom it may be possible to reveal the ECDSA private key of one of the addresses by spending (signing) multiple times from one address on Android. The seed itself should be safe.
The userbase of Electrum on Android (SL4A) is small because of the cumbersome setup. Still, if you are a user and want to be safe don't spend from Android until further news are available and secure funds from addresses which you have spent from in Android and still have funds on.
We need to look into this further but as far as I'm aware Electrum relies on python's random implementation which is usually the operating system's PRNG. This would make running Electrum on Android vulnerable to the same vectors as described in this post for other wallets.
Even If you created the seed on another platfrom it may be possible to reveal the ECDSA private key of one of the addresses by spending (signing) multiple times from one address on Android. The seed itself should be safe.
The userbase of Electrum on Android (SL4A) is small because of the cumbersome setup. Still, if you are a user and want to be safe don't spend from Android until further news are available and secure funds from addresses which you have spent from in Android and still have funds on.
i randomly received .15 btc yesterday to one of my android generated addresses. Why would I randomly get free money? this never happened to me before, is this related to the flaw?
Most likely not, either someone wanted to give a present to you or something else happened. It is not very likely that you would get MORE funds through this issue! 
i randomly received .15 btc yesterday to one of my android generated addresses. Why would I randomly get free money? this never happened to me before, is this related to the flaw?
explains the price...
Ive always thought computers could not generate random numbers. I once won a large prize buying the last ticket before a lotto draw, computer random number generator was the source though I didnt complain at the time
Nothing can generate a random number. Us included. Only pseudo-random.Their phones have uranium in them
So basically, Google pulled a Sony...
So, this is the same type of attack as was Sony Playstation network hack (ECDSA random numbers not being random) - so you would expect that developers test their software for the same weakness, right?
AFAIK it is a relatively new algorithm chosen because of short signatures produced, so it might even get broken (even with working random number generators). Something should be done about that...
With Sony, they used the same number every single time. It simply wasn't random, and was a horrible, or rather, *not* an implementation of the encryption in the right manner.
With Android, the same random number apparently comes up once in a while. Still horrible considering the money involved (probably worse), but there's only a chance to get the same random number (as opposed to guaranteed with Sony).
As I get my head wrapped around this, what comes to mind is after reading the above is that if a random number is picked from a finite set of 10K elements, e.g., a duplicate is more apt to appear then choosing a random number from a finite set of 10100,000 elements. Does this make sense?
How "critical" is it? Has there been any successful attack using this weakness?
Sounds extremely critical, see links below.
How "critical" is it? Has there been any successful attack using this weakness?
Mike Hearn, you are the man now dog!
Thank god I have an iPhone
As far as apple is concerned. Bitcoin wallets don't exist for iOS. 
Security through obscurity is good, I think. Re: Electrum. I don't know how Electrum on Android does signing. It might well have a similar problem, especially if it uses OpenSSL.
At least its not running on Java, afaik. So it can't be affected by the same issues.
Re: Electrum. I don't know how Electrum on Android does signing. It might well have a similar problem, especially if it uses OpenSSL.
Just wondering, would this affect Electrum as well?
I m asking as it uses Google Scripting Layer & Python for Android
http://electrum.org/android.html
The issue appears to be in the java implementation of secureRandom that Google uses. I m asking as it uses Google Scripting Layer & Python for Android
http://electrum.org/android.html
Just wondering, would this affect Electrum as well?
I m asking as it uses Google Scripting Layer & Python for Android
http://electrum.org/android.html
I m asking as it uses Google Scripting Layer & Python for Android
http://electrum.org/android.html
2. It's an Android issue, not a Java issue.
Also, could we please get a link to the relevant Android bug tracker item?
It's a bit frustrating to piece together rumors in order to know what actually happened here.
Nothing can generate a random number. Us included. Only pseudo-random.
That is an opinion...
Fact is... any number which is not sequential and read from a list, is random. Might not be "as random as you would like", but it is still random. Even pseudo-random selection is non-sequential and not read from a list. (Unless you start at the beginning, start at the same seed/list or the seed is the same seed/list as another seed. Which is the repeat of a list.)
But I digress...
The problem is that these devices and programs, made by programmers with little knowledge, failed to understand the devices they were working with. That is what happens when you just copy-n-paste code and don't actually KNOW what it is doing.
One year... This has been known about android since the first program "solitaire" which used random numbers to shuffle, released before the phone was even physically made, in the emulator.
Oh, and the comment about "Glad I have an i-phone"... LOL... Might want to look at all the exploits your phone has, before you open your mouth. You are worse-off than the android phone, because you are naive and oblivious to the reality of the flaws of the device in your hands. Yay, you don't have THIS FLAW... You have your own, and no-one is fixing shit for you, unless you pay them for the app to secure the flaws.
Quote
If you are receiving miniscule amounts, then it doesn't matter. You can use common sense. The site isn't scam.
Ah thanks, I was hoping that, it also helps to confirm my limited understanding of this stuff. 
I guess, or understand, that 'receive' addresses can be safely used more than once?
Receive addresses should be used exactly one time, then never again.If you reuse addresses for receiving bitcoins you have no financial privacy, and you're vulnerable to issues like this.
However, it has been convenient to gather occasional small amounts from the (get free bitcoins) site http://netlookup.se/free-bitcoins/247552
Just to be very clear here, I now should not offer the same receive address more than once then?
tia
(edit)
I note that this site mentioned above works on the basis of a receive address being used repeatedly.... Is it a scam site? or is it just doing rather bad things?
If you are receiving miniscule amounts, then it doesn't matter. You can use common sense. The site isn't scam.
totally agree
Anyways, fee handling and transaction priorization is a big mess in my opinion still in Bitcoin, especially in the reference client that everyone seems to use unreflected without even thinking about the settings.
About receiving coins at the same address:
In the end it means that you potentially loose privacy (e.g. the free bitcoins site could link your IP to your address, then you sell a obile phone on the web and let them pay to the same address - now the free bitcoin site can see that you received some more coins + the buyer of the phone sees that you probably used this site). Security wise it means that once you send something from your address, you expose the public key belonging to that address. In this case, the signature generated with it is weakening security - there is also the possibility of a breach of ECDSA keys in general. As long as nothing has been transfered off an address, it is as safe as possible from a current security standpoint.
Well what do you expect? The minimum I always pay is 0.0006 or 0.0005 on the -Qt client. Non-fee transactions usually means hours to days waiting for confirmations.
I wouldn't mind actually waiting some time if that meant my transaction was free. I didn't want or plan to transfer these funds in the first place and I don't mind them being stuck for some time in limbo. Once the TX is out there, it would be hard to double spend it anyways.I cant find any wallet other than bitcoin-qt that lets you put a 0.00 tx fee. Surprising to see people in here wondering about fees. it's a penny. Go sell something on PayPal and tell me about fees.
Schildbach allowed this (0 fees) too some time ago so I consider it a regression. If I use PayPal, I pay for a service that goes beyond simple money transfer (I get fraud protection etc.).I second this. While mining with deepbit, their tx fees are not included. One payment sat for almost 4 days before being picked up by eligius pool. Just send the penny.
This is just stupidity on deepbit's end - they could always include their payouts for free in their own blocks and I suggested something like that (pools accepting each other's payouts for free) long time ago. Back then it was anyways easy to get anything transacted for free, so they never went forward with it. I don't want to pay a whole penny for a few bytes of storage that will be pruned away sooner or later anyways.Fees have to be attached due to a strange quirk of bitcoind mining code - it only allocates 27kb per block for free transactions. There's no obvious reason that should be the case and I'm sure it'll get fixed at some point. Even a penny is a high fee to pay, IMO.
The wallet used to have a setting that let me set fees to 0 on my own risk. This setting seems to be gone...Anyways, fee handling and transaction priorization is a big mess in my opinion still in Bitcoin, especially in the reference client that everyone seems to use unreflected without even thinking about the settings.
About receiving coins at the same address:
In the end it means that you potentially loose privacy (e.g. the free bitcoins site could link your IP to your address, then you sell a obile phone on the web and let them pay to the same address - now the free bitcoin site can see that you received some more coins + the buyer of the phone sees that you probably used this site). Security wise it means that once you send something from your address, you expose the public key belonging to that address. In this case, the signature generated with it is weakening security - there is also the possibility of a breach of ECDSA keys in general. As long as nothing has been transfered off an address, it is as safe as possible from a current security standpoint.
Jump to: