Author

Topic: Is or was bitaddress affected by this „bug“? (Read 252 times)

full member
Activity: 378
Merit: 197
bitaddress also collects mouse movements and/or inputted random text to add to the randomness, so it is not completely dependent on any possibly faulty RNG.

Now it feels good that they have added that bit of extra security.
jr. member
Activity: 80
Merit: 6
Thanks for the answers, I found some articels saying that this was an old issue and only pre 2013-2015 generated adresses are affected by this....

https://www.bleepingcomputer.com/news/security/old-javascript-crypto-flaw-puts-bitcoin-funds-at-risk/
https://www.google.ch/amp/s/www.theregister.co.uk/AMP/2018/04/12/javascript_crypto_library_fingered_for_weak_wallets/

But im still not sure about it, very hard to find a clear answer about this :/

+ someone on twitter said bitaddress uses its own secure random

Source: https://mobile.twitter.com/robep00/status/984008260025028609
jr. member
Activity: 80
Merit: 6
Thanks for the answers, I found some articels saying that this was an old issue and only pre 2013-2015 generated adresses are affected by this....

https://www.bleepingcomputer.com/news/security/old-javascript-crypto-flaw-puts-bitcoin-funds-at-risk/
https://www.google.ch/amp/s/www.theregister.co.uk/AMP/2018/04/12/javascript_crypto_library_fingered_for_weak_wallets/

But im still not sure about it, very hard to find a clear answer about this :/
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
I'm not sure, but  :
1. The email stated RC4 ("arcfour random") is one of the problem
2. securerandom.js on BitAddress source code use RC4. https://github.com/pointbiz/bitaddress.org/blob/72aefc03e0d150c52780294927d95262b711f602/src/securerandom.js#L58

I'm not an expert, but if the condition is simply using secureRandom then Bitaddress does use it and the repository hasn't been updated since 2016.

The email clearly stated that depends on variations of SecureRandom()

There are a substantial number of variations of this SecureRandom() class in various pieces of software, some with bugs fixed, some with additional bugs added.
staff
Activity: 3500
Merit: 6152
I'm not an expert, but if the condition is simply using secureRandom then Bitaddress does use it and the repository hasn't been updated since 2016.
jr. member
Activity: 80
Merit: 6
https://www.mail-archive.com/[email protected]/msg06929.html

Is bitaddress affected by this?

The founder of segwitaddress said bitaddress still uses jsbn so it is affected?

Thanks in advance for the answer
Jump to: