Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Author

Topic: URGENT is electrum affected? (Read 151 times)

ranochigo
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
URGENT is electrum affected?
May 12, 2021, 10:16:54 AM
#8
Quote from: BitMaxz on May 11, 2021, 06:46:18 PM
There might be sort of a problem on their wallet that generates invalid random seeds or maybe there are other reasons why they are pushing users to generate a new seed(Maybe they are compromised or maybe they want to log all generated seeds).

Anyway, If you are using Cake wallet for storing your BTC I suggest you switch to other wallets like Electrum. Or if you already made a Bitcoin wallet on Cake wallet I'm sure the seed you generated from their old cake wallet will also work on Electrum just make sure you know the exact derivation path of that wallet.
It doesn't generate invalid random seeds, quite the opposite; it generates valid non-random seed. Electrum uses randrange which is seeded from the OS's CSPRNG (/dev/urandom) and it thus generates a seed with sufficient entropy and is not prone to issue like this. Unfortunately, there is just way too many developers who overlook certain aspects which are arguably pretty important and putting their user's funds at risk. This isn't the first time something like this has happened.

Are the signatures generated by the wallet deterministic or do they rely on the flawed RNG as well?
pooya87
legendary
Activity: 3472
Merit: 10611
Re: URGENT is electrum affected?
May 12, 2021, 03:18:08 AM
#7
https://github.com/cake-tech/cake_wallet/blob/b67bb0664f7268c31c24bd9fb9cbd438c691f5e3/lib/bitcoin/bitcoin_mnemonic.dart#L112
This is another good example of why people shouldn't use unpopular low quality multi currency wallets that keep popping up these days, specially for mobile! You see this one that is open source had such a serious flaw who knows what the closed source ones do!
HCP
legendary
Activity: 2086
Merit: 4361
Re: URGENT is electrum affected?
May 12, 2021, 01:08:34 AM
#6
Quote from: https://www.reddit.com/r/Monero/comments/n9yypd/urgent_action_needed_for_bitcoin_wallets_cake/
Our developers found that insufficient randomness was used while generating the 12-word Bitcoin seed. As we continue to strive to improve the platform and security, BTC wallets generated from version 4.1.7 onwards use a 24-word seed as well as we replaced random bytes generation by platform specific generator further enhancing the security of the wallets.

and then a bit further down the thread:
Quote from: https://www.reddit.com/r/Monero/comments/n9yypd/urgent_action_needed_for_bitcoin_wallets_cake/
Hang on, was this previously using Random from the math package to generate the seed? I want to make sure I'm reading this right.

Edit: Yep, that appears to be the case.

The randomBytes function is called by generateMnemonic without a second parameter, causing it to use the insecure random implementation: https://github.com/cake-tech/cake_wallet/blob/b67bb0664f7268c31c24bd9fb9cbd438c691f5e3/lib/bitcoin/bitcoin_mnemonic.dart#L11-L22. Good god.



The Dart API says:
Quote from: https://api.dart.dev/stable/2.12.4/dart-math/Random-class.html
Random class

A generator of random bool, int, or double values.

The default implementation supplies a stream of pseudo-random bits that are not suitable for cryptographic purposes.
Use the Random.secure constructor for cryptographic purposes. (NOTE: emphasis added)

Constructors

Random([int? seed])
Creates a random number generator. [...]

Random.secure()
Creates a cryptographically secure random number generator. [...]


Looking at the Cake Wallet github code that was linked... you can see if the randomBytes method is called without the "secure" parameter being set to "true", it will default to "false" and you end up with the insecure Random() number generator instead of the Random.secure() cryptographically secure RNG! #yikes Shocked Shocked Shocked

And old note I found here: http://commondatastorage.googleapis.com/dartlang-api-docs/13991/dart_math/Random.html indicates that the original insecure Random() uses "up to" 64 bits of seed Undecided
Quote
Implementation note: The default implementation uses up to 64-bits of seed.
FinneysTrueVision
sr. member
Activity: 1680
Merit: 379
Top Crypto Casino
Re: URGENT is electrum affected?
May 11, 2021, 10:41:23 PM
#5
The issue only affects Cake Wallet. This is why I don't use altcoin wallets to store bitcoin. Cake Wallet is a Monero focused wallet that recently started adding other currencies recently. Their experience is not with Bitcoin so I wouldn't expect it to have all the necessary features and it might not have the same security standards that we expect in the bitcoin community.
pooya87
legendary
Activity: 3472
Merit: 10611
Re: URGENT is electrum affected?
May 11, 2021, 09:49:51 PM
#4
No, Electrum is not affected since it is using RNGs correctly!

It seems like poor code by Cake wallet specifically since they claim that it only affects the bitcoin wallet not the Monero wallet. Why should the entropy generation be different based on wallet type?! Key sizes are the same and the byte array (the entropy) generated for either individual keys or the master key or the entropy for mnemonic generation is all the same.

Also size of the entropy should not affect the security or lack of it as long as it is bigger than 128 bits. Saying the "12-word Bitcoin seed" was vulnerable while the 24-word wasn't raises serious questions about the "fix" and whether there are serious flaws in their cryptography!
BitMaxz
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
Re: URGENT is electrum affected?
May 11, 2021, 06:46:18 PM
#3
I read the link and they only talking about their wallet, not Electrum.
This is what they said

Quote
This issue is NOT with the Monero wallets – but only with Bitcoin wallets.

It means the bitcoin wallets from their own app not the other Bitcoin wallets like Electrum, mycelium, wasabi, or any bitcoin wallets.

There might be sort of a problem on their wallet that generates invalid random seeds or maybe there are other reasons why they are pushing users to generate a new seed(Maybe they are compromised or maybe they want to log all generated seeds).

Anyway, If you are using Cake wallet for storing your BTC I suggest you switch to other wallets like Electrum. Or if you already made a Bitcoin wallet on Cake wallet I'm sure the seed you generated from their old cake wallet will also work on Electrum just make sure you know the exact derivation path of that wallet.

However, it still recommended to use a newly generated seed from Electrum compared to the seed you generated from the cake wallet.
hosseinimr93
legendary
Activity: 2380
Merit: 5213
Re: URGENT is electrum affected?
May 11, 2021, 03:46:41 PM
#2
Electrum generates the seed phrase 100% random.
If you have downloaded electrum from its official website and you are the only one who has access to your seed, there is nothing to worry about.
Just keep your seed phrase offline and in a safe place.
Folio
member
Activity: 76
Merit: 35
Re: URGENT is electrum affected?
May 11, 2021, 02:41:53 PM
#1
Hi, the guys at cakewallet have warned people who had a 12 word wallet in their old version.
Is electrum affected by the same problem too?

https://www.reddit.com/r/Monero/comments/n9yypd/urgent_action_needed_for_bitcoin_wallets_cake/
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Jump to: