Bitcoin Forum
March 29, 2015, 04:04:47 PM *
News: Latest stable version of Bitcoin Core: 0.10.0 [Torrent] (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 »  All
  Print  
Author Topic: [ANNOUNCE] Android key rotation  (Read 42580 times)
Mike Hearn
Legendary
*
Offline Offline

Activity: 1484


View Profile

Ignore
August 11, 2013, 04:19:13 PM
 #1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

http://bitcoin.org/en/alert/2013-08-11-android

We recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft. Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. An incomplete list would be Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet.

In order to re-secure existing wallets, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. If you use an Android wallet then we strongly recommended you upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.

If you use Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after you upgrade. The old addresses will be marked as insecure in your address book. You will need to make a fresh backup.

Updates for other wallet apps should be released shortly.

Some technical details of what exactly has gone wrong inside Android will be released once the upgrade process is reasonably compete. I will keep track of the upgrade status of each wallet app I know about in the post below.
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJSB7jRAAoJEPLkhhyZiIFvpk8IAI34L0HsEj5wztFl18jQxj74
svaY+eY1mwgWZjjyZlCRlP42B3u5zF2jlh2+taRgM9DaXlECqa3euGe+EmHWirTU
HTTNNg2ZFf7jvruUZ2tanl4Sv34/q/q8w81zL6uJAKK98ZBWuMQ9oPghW1erCAHv
Ke5eoLzGdnwpAN817SLGL2iUgwMpJLu7Jx2HEhF2Yz7Yl1+ScLHzlXSZP65BlpI7
lNeJweQsC0PHPnumde/UIRdcTQqhciY/0xM7HHyrrn00AW56vu4l+/Hb9Mr9rpds
Rx2UEvFXQ5KWX7e8E3+Wx2Rs/w5cYRwwsfzwWIYkoZaJ3ssaPaYAEr5YMO1bz24=
=AFBd
-----END PGP SIGNATURE-----
1427645087
Hero Member
*
Offline Offline

Posts: 1427645087

View Profile Personal Message (Offline)

Ignore
1427645087
Reply with quote  #2

1427645087
Report to moderator
Even in the event that an attacker gains more than 50% of the network's computational power, only transactions sent by the attacker could be reversed or double-spent. The network would not be destroyed.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1427645087
Hero Member
*
Offline Offline

Posts: 1427645087

View Profile Personal Message (Offline)

Ignore
1427645087
Reply with quote  #2

1427645087
Report to moderator
1427645087
Hero Member
*
Offline Offline

Posts: 1427645087

View Profile Personal Message (Offline)

Ignore
1427645087
Reply with quote  #2

1427645087
Report to moderator
Mike Hearn
Legendary
*
Offline Offline

Activity: 1484


View Profile

Ignore
August 11, 2013, 04:19:21 PM
 #2

Here are the rollout statuses of each wallet I'm aware of:

Bitcoin Wallet by Andreas Schildbach

An update has been prepared and is now rolling out on the play store. When you are notified, let the app update and the rest will happen automatically. Learn more.

BitcoinSpinner / Mycelium Wallet

An update has been prepared for Mycelium Wallet and is being pushed out via the Play Store. If you use BitcoinSpinner you are encouraged to upgrade to Mycelium Wallet, which is maintained by the same people.

blockchain.info wallet

An update is on the Play Store that will walk you through the key rotation process when you open it. Upgrade immediately and follow the on screen instructions.



Please note that apps where you don't control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated or controlled by you at all.

Basic rule of thumb - if you'd lose the money if the phone/tablet were destroyed (assuming no backups), and that device is an Android device, then you need to upgrade ASAP.

For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected.



I'd like to publicly thank Jean-Pierre Rupp (Xeno-Genesis on this forum) for bringing one of the vulnerabilities to our attention last week. His notification to us about the RSA paper started the effort needed to re-key peoples wallets. I'd also like to thank johoe and BurtW for their investigations into how peoples wallets were being compromised.
beerbeerbeer
Newbie
*
Offline Offline

Activity: 2

Hi doggy! You're my favorite customer!


View Profile

Ignore
August 11, 2013, 04:45:00 PM
 #3

done and done, thanks to you and this community for such watchfulness and timeliness with these kinds of issues.
Dougie
Full Member
***
Offline Offline

Activity: 211


You are not special.


View Profile

Ignore
August 11, 2013, 04:50:16 PM
 #4

This is very useful information. Thanks for the announcement.

Lurking since 2011...
1J4DhU3q6RxxCTfAAcg5ExVK6FfxkmzkTH
DiamondCardz
Hero Member
*****
Offline Offline

Activity: 686



View Profile

Ignore
August 11, 2013, 04:50:36 PM
 #5

Oh dear. Thanks for the update.
Blindfolded
Full Member
***
Offline Offline

Activity: 156



View Profile

Ignore
August 11, 2013, 04:51:37 PM
 #6

Thanks for the heads up.
Boelens
Sr. Member
****
Offline Offline

Activity: 434


View Profile

Ignore
August 11, 2013, 04:52:23 PM
 #7

Oh wow, I'm glad all the warnings are spreading so quickly, everyone has to be informed ASAP.
piotr_n
Legendary
*
Offline Offline

Activity: 1176


aka tonikt


View Profile WWW

Ignore
August 11, 2013, 04:56:12 PM
 #8

done and done, thanks to you and this community for such watchfulness and timeliness with these kinds of issues.
You're joking, aren't you? Smiley

This post is over one month old, while this one over half a year...
Watchfulness my ass Smiley

Check out gocoin - my original project of a bitcoin client written in Go, with some unique features.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
colinistheman
Hero Member
*****
Offline Offline

Activity: 630


Knives4Bitcoin.com


View Profile WWW

Ignore
August 11, 2013, 04:56:51 PM
 #9

Thank god I have an iPhone Smiley

Knives4Bitcoin.com - Buy Knives for Bitcoin!
My BTC address: 1AkA8YSPPc85rwVwkCDWGo4gGa86DzCnh7    "03 Jan 2009 - Chancellor on Brink of Second Bailout for Banks" -satoshi in 1st block
Boelens
Sr. Member
****
Offline Offline

Activity: 434


View Profile

Ignore
August 11, 2013, 04:57:06 PM
 #10

Thank god I have an iPhone Smiley

I don't even have a smartphone ;P
E.Sam
Sr. Member
****
Offline Offline

Activity: 391



View Profile WWW

Ignore
August 11, 2013, 04:58:59 PM
 #11

Just wondering, would this affect Electrum as well?

http://electrum.org/android.html

apetersson
Hero Member
*****
Offline Offline

Activity: 666


mycelium.com


View Profile WWW

Ignore
August 11, 2013, 05:07:56 PM
 #12

If you are using Mycelium Wallet, a fix has been published to the play store (still pending review) and to mycelium.com

if you download it from mycelium.com, you can check the sha1sum

Code:
dba000cad4cbf94a7b4c621f57482322c0a96678  mbw-v0.6.5.apk

There will be a wizard guiding you through the process in an upcoming version, but for now, you can simply download version 0.6.5 (or greater) and move the keys to newly generated addresses.

  • generate a new key
  • backup this key (to sdcard or similar)
  • manually send funds to the new secure address.
  • move your empty old key to the Archive category

Please take care. The most likely chance of lost bitcoins is the loss of private keys. Don't use our wallet without a backup of the keys.
TippingPoint
Hero Member
*****
Offline Offline

Activity: 620


Live a Quiet Life & Work With Your Hands


View Profile

Ignore
August 11, 2013, 05:12:49 PM
 #13

a component of Android responsible for generating secure random numbers contains critical weaknesses

Thank you.

The first rule of fight club is you do not talk about fight club.
Bitmessage BM-2cTpnX2iUZm4V2utSE82SG9RRQ5LQ6Huj3
BTC  153nLpnMeqVdQ3cxNAgbcC8Yc4AJkME6tW
n4ru
Sr. Member
****
Offline Offline

Activity: 294



View Profile

Ignore
August 11, 2013, 05:15:01 PM
 #14

If an address is generated by a computer or other source, and then imported into a blockchain wallet, is it still vulnerable?

I ask because of change addresses.
Boelens
Sr. Member
****
Offline Offline

Activity: 434


View Profile

Ignore
August 11, 2013, 05:16:20 PM
 #15

If an address is generated by a computer or other source, and then imported into a blockchain wallet, is it still vulnerable?

I think only if it's generated by Android.
HeroC
Hero Member
*****
Offline Offline

Activity: 574



View Profile WWW

Ignore
August 11, 2013, 05:21:39 PM
 #16

Woah, I have 2 addresses with only 0.002 in them that I generated a year ago. Are they safe? What should I do?

I also imported a vanity address to blockchain.info. Is that safe? I only made one transaction out of it. I generated many other addresses through blockchain.info but never sent anything from them. Are they safe?

GPG: FA122C1A | IRC: HeroCC
Mike Hearn
Legendary
*
Offline Offline

Activity: 1484


View Profile

Ignore
August 11, 2013, 05:21:51 PM
 #17

Because Bitcoin transactions require random numbers to create, if you generated spends with an imported key from Android then the key itself may be compromised, but this isn't a given, see here:

http://www.reddit.com/r/Bitcoin/comments/1k51dh/bad_signatures_leading_to_558_btc_theft_so_far/cblgtut

Xer0
Hero Member
*****
Offline Offline

Activity: 756


°^°


View Profile

Ignore
August 11, 2013, 05:21:59 PM
 #18

For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected.

Don't get this...
Wallet created with Bitcoin-QT; imported to Blockchain, but created new Address in Browser - still vulnerable?
BurtW
Legendary
*
Offline Offline

Activity: 1246

I no longer support vanity addresses


View Profile WWW

Ignore
August 11, 2013, 05:29:34 PM
 #19

For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected.

Don't get this...
Wallet created with Bitcoin-QT; imported to Blockchain, but created new Address in Browser - still vulnerable?
No matter when or where created if you SPENT BTC from an address using a wallet on an android device then the private key may be known.

Try this:

Basically every bitcoin transaction is signed in order to prove you have the private key and can transfer the funds.  There is a bug in the secure random number generator on the android phones that causes it to sometimes use the same random number to sign a transaction.  If you sign two different transactions with the same private key and the same random number then it is very easy to just calculate the private key from the two signatures.

"There are very few merchants of legitimate goods and services that accept the bitcoin as payment", US Postal Inspector, United States Postal Inspection Service.  Bet you did not know you could be arrested by the post office.  See http://www.burtw.com/
elebit
Sr. Member
****
Offline Offline

Activity: 390


View Profile

Ignore
August 11, 2013, 05:32:09 PM
 #20

Could you please clarify:

1. Is this the same, or a different, issue from the one being discussed in the "Bad signatures" thread?

2. Is it absolutely and completely true that this is an Android issue, ie. hosted Blockchain.info wallets and other wallet software written in Java is not affected?

3. I generated my wallet keys off-device. Am I still vulnerable?

4. I generated my wallet keys on-device but have only received funds and not sent any, so no transactions were actually generated by the Android application. Am I still vulnerable?

5. If it turns out from any of the above two reasons that I am not vulnerable, will the update to Android Wallet specifically still rotate my wallet? There are probably a lot of wallets out there who would be greatly hurt by unnecessary transaction fees.
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!