bitaddress also collects mouse movements and/or inputted random text to add to the randomness, so it is not completely dependent on any possibly faulty RNG.
Now it feels good that they have added that bit of extra security.
Topic: Is or was bitaddress affected by this „bug“? (Read 230 times)
Thanks for the answers, I found some articels saying that this was an old issue and only pre 2013-2015 generated adresses are affected by this....
https://www.bleepingcomputer.com/news/security/old-javascript-crypto-flaw-puts-bitcoin-funds-at-risk/
https://www.google.ch/amp/s/www.theregister.co.uk/AMP/2018/04/12/javascript_crypto_library_fingered_for_weak_wallets/
But im still not sure about it, very hard to find a clear answer about this :/
https://www.bleepingcomputer.com/news/security/old-javascript-crypto-flaw-puts-bitcoin-funds-at-risk/
https://www.google.ch/amp/s/www.theregister.co.uk/AMP/2018/04/12/javascript_crypto_library_fingered_for_weak_wallets/
But im still not sure about it, very hard to find a clear answer about this :/
+ someone on twitter said bitaddress uses its own secure random
Source: https://mobile.twitter.com/robep00/status/984008260025028609
Thanks for the answers, I found some articels saying that this was an old issue and only pre 2013-2015 generated adresses are affected by this....
https://www.bleepingcomputer.com/news/security/old-javascript-crypto-flaw-puts-bitcoin-funds-at-risk/
https://www.google.ch/amp/s/www.theregister.co.uk/AMP/2018/04/12/javascript_crypto_library_fingered_for_weak_wallets/
But im still not sure about it, very hard to find a clear answer about this :/
https://www.bleepingcomputer.com/news/security/old-javascript-crypto-flaw-puts-bitcoin-funds-at-risk/
https://www.google.ch/amp/s/www.theregister.co.uk/AMP/2018/04/12/javascript_crypto_library_fingered_for_weak_wallets/
But im still not sure about it, very hard to find a clear answer about this :/
I'm not sure, but :
1. The email stated RC4 ("arcfour random") is one of the problem
2. securerandom.js on BitAddress source code use RC4. https://github.com/pointbiz/bitaddress.org/blob/72aefc03e0d150c52780294927d95262b711f602/src/securerandom.js#L58
The email clearly stated that depends on variations of SecureRandom()
1. The email stated RC4 ("arcfour random") is one of the problem
2. securerandom.js on BitAddress source code use RC4. https://github.com/pointbiz/bitaddress.org/blob/72aefc03e0d150c52780294927d95262b711f602/src/securerandom.js#L58
I'm not an expert, but if the condition is simply using secureRandom then Bitaddress does use it and the repository hasn't been updated since 2016.
The email clearly stated that depends on variations of SecureRandom()
There are a substantial number of variations of this SecureRandom() class in various pieces of software, some with bugs fixed, some with additional bugs added.
I'm not an expert, but if the condition is simply using secureRandom then Bitaddress does use it and the repository hasn't been updated since 2016.
https://www.mail-archive.com/[email protected]/msg06929.html
Is bitaddress affected by this?
The founder of segwitaddress said bitaddress still uses jsbn so it is affected?
Thanks in advance for the answer
Is bitaddress affected by this?
The founder of segwitaddress said bitaddress still uses jsbn so it is affected?
Thanks in advance for the answer
Jump to: