|
Title: What is the RNG method of Mycelium? Post by: BusyBeaverHP on September 02, 2014, 02:41:32 AM I've been using Mycelium phone wallet to help out the local bitcoin economy for a week now. It's easy to use and I can't think of anything else to improve upon. I am curious to know what is the method used to generate the random values for private keys?
The reason why I'm asking is because I saw a 2013 article about a flaw in Android's RNG that makes private key generation on such platform vulnerable to theft. I'm sure Mycelium has accounted for this, but I'd like to know its RNG method. Title: Re: What is the RNG method of Mycelium? Post by: Newar on September 02, 2014, 07:59:19 AM You are referring to this?
https://bitcoin.org/en/alert/2013-08-11-android Some more info here: http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html Title: Re: What is the RNG method of Mycelium? Post by: Jan on September 02, 2014, 01:15:16 PM On android Mycelium uses /dev/urandom directly to pull random data. This way we are not affected by SecureRandom's buggy implementation.
Title: Re: What is the RNG method of Mycelium? Post by: apetersson on September 02, 2014, 02:09:43 PM more specifically, we use the code
https://github.com/mycelium-com/wallet/blob/master/public/mbw/src/main/java/com/mycelium/wallet/AndroidRandomSource.java this is the random source used for all crypto operations (generating privkeys, generating R values in Transactions) https://github.com/mycelium-com/wallet/blob/master/public/bitlib/src/main/java/com/mrd/bitlib/crypto/PrivateKey.java#L43 |