Bitcoin Forum
April 16, 2014, 03:59:27 PM *
News: ♦♦ A bug in OpenSSL, used by Bitcoin-Qt/Bitcoin Core, could allow your bitcoins to be stolen. Immediately updating Bitcoin Core to 0.9.1 is required in some cases, especially if you're using 0.9.0. Download. More info.
The same bug also affected the forum. Changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13  All
  Print  
Author Topic: [ANNOUNCE] Android key rotation  (Read 32431 times)
Mike Hearn
Hero Member
*****
Offline Offline

Activity: 1232


View Profile

Ignore
August 11, 2013, 04:19:13 PM
 #1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

http://bitcoin.org/en/alert/2013-08-11-android

We recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft. Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. An incomplete list would be Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet.

In order to re-secure existing wallets, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. If you use an Android wallet then we strongly recommended you upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.

If you use Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after you upgrade. The old addresses will be marked as insecure in your address book. You will need to make a fresh backup.

Updates for other wallet apps should be released shortly.

Some technical details of what exactly has gone wrong inside Android will be released once the upgrade process is reasonably compete. I will keep track of the upgrade status of each wallet app I know about in the post below.
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJSB7jRAAoJEPLkhhyZiIFvpk8IAI34L0HsEj5wztFl18jQxj74
svaY+eY1mwgWZjjyZlCRlP42B3u5zF2jlh2+taRgM9DaXlECqa3euGe+EmHWirTU
HTTNNg2ZFf7jvruUZ2tanl4Sv34/q/q8w81zL6uJAKK98ZBWuMQ9oPghW1erCAHv
Ke5eoLzGdnwpAN817SLGL2iUgwMpJLu7Jx2HEhF2Yz7Yl1+ScLHzlXSZP65BlpI7
lNeJweQsC0PHPnumde/UIRdcTQqhciY/0xM7HHyrrn00AW56vu4l+/Hb9Mr9rpds
Rx2UEvFXQ5KWX7e8E3+Wx2Rs/w5cYRwwsfzwWIYkoZaJ3ssaPaYAEr5YMO1bz24=
=AFBd
-----END PGP SIGNATURE-----

12LMm82ZgAzf7yNDpPydEYxEr4Ap7XtSSK
1397663967
Hero Member
*
Offline Offline

Posts: 1397663967

View Profile Personal Message (Offline)

Ignore
1397663967
Reply with quote  #2

1397663967
Report to moderator
      THE ONLY DICE GAME WITH ACTUAL ROLLING DICE BetCoin™ Dice
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397663967
Hero Member
*
Offline Offline

Posts: 1397663967

View Profile Personal Message (Offline)

Ignore
1397663967
Reply with quote  #2

1397663967
Report to moderator
1397663967
Hero Member
*
Offline Offline

Posts: 1397663967

View Profile Personal Message (Offline)

Ignore
1397663967
Reply with quote  #2

1397663967
Report to moderator
1397663967
Hero Member
*
Offline Offline

Posts: 1397663967

View Profile Personal Message (Offline)

Ignore
1397663967
Reply with quote  #2

1397663967
Report to moderator
1397663967
Hero Member
*
Offline Offline

Posts: 1397663967

View Profile Personal Message (Offline)

Ignore
1397663967
Reply with quote  #2

1397663967
Report to moderator
Mike Hearn
Hero Member
*****
Offline Offline

Activity: 1232


View Profile

Ignore
August 11, 2013, 04:19:21 PM
 #2

Here are the rollout statuses of each wallet I'm aware of:

Bitcoin Wallet by Andreas Schildbach

An update has been prepared and is now rolling out on the play store. When you are notified, let the app update and the rest will happen automatically. Learn more.

BitcoinSpinner / Mycelium Wallet

An update has been prepared for Mycelium Wallet and is being pushed out via the Play Store. If you use BitcoinSpinner you are encouraged to upgrade to Mycelium Wallet, which is maintained by the same people.

blockchain.info wallet

An update is on the Play Store that will walk you through the key rotation process when you open it. Upgrade immediately and follow the on screen instructions.



Please note that apps where you don't control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated or controlled by you at all.

Basic rule of thumb - if you'd lose the money if the phone/tablet were destroyed (assuming no backups), and that device is an Android device, then you need to upgrade ASAP.

For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected.



I'd like to publicly thank Jean-Pierre Rupp (Xeno-Genesis on this forum) for bringing one of the vulnerabilities to our attention last week. His notification to us about the RSA paper started the effort needed to re-key peoples wallets. I'd also like to thank johoe and BurtW for their investigations into how peoples wallets were being compromised.

12LMm82ZgAzf7yNDpPydEYxEr4Ap7XtSSK
beerbeerbeer
Newbie
*
Offline Offline

Activity: 2

Hi doggy! You're my favorite customer!


View Profile

Ignore
August 11, 2013, 04:45:00 PM
 #3

done and done, thanks to you and this community for such watchfulness and timeliness with these kinds of issues.
Dougie
Full Member
***
Offline Offline

Activity: 210


You are not special.


View Profile

Ignore
August 11, 2013, 04:50:16 PM
 #4

This is very useful information. Thanks for the announcement.

Lurking since 2011...
1J4DhU3q6RxxCTfAAcg5ExVK6FfxkmzkTH
DiamondCardz
Sr. Member
****
Online Online

Activity: 378


A caelo usque ad centrum.


View Profile WWW

Ignore
August 11, 2013, 04:50:36 PM
 #5

Oh dear. Thanks for the update.

Blindfolded
Full Member
***
Offline Offline

Activity: 156



View Profile

Ignore
August 11, 2013, 04:51:37 PM
 #6

Thanks for the heads up.
Boelens
Sr. Member
****
Offline Offline

Activity: 350


View Profile

Ignore
August 11, 2013, 04:52:23 PM
 #7

Oh wow, I'm glad all the warnings are spreading so quickly, everyone has to be informed ASAP.
piotr_n
Hero Member
*****
Offline Offline

Activity: 938



View Profile

Ignore
August 11, 2013, 04:56:12 PM
 #8

done and done, thanks to you and this community for such watchfulness and timeliness with these kinds of issues.
You're joking, aren't you? Smiley

This post is over one month old, while this one over half a year...
Watchfulness my ass Smiley

Check out gocoin - my original project of a bitcoin client written in Go, with some unique features.
colinistheman
Sr. Member
****
Offline Offline

Activity: 336


In RonPaulCoin We Trust


View Profile

Ignore
August 11, 2013, 04:56:51 PM
 #9

Thank god I have an iPhone Smiley

RonPaulCoin (RPC) - Rare and Valuable!  www.ronpaulcoin.com
RonPaulCoin: RVoNR4t7oA1cC5AnhU1M1LybEiHqeguazm
Bitcoin: 1AkA8YSPPc85rwVwkCDWGo4gGa86DzCnh7
Boelens
Sr. Member
****
Offline Offline

Activity: 350


View Profile

Ignore
August 11, 2013, 04:57:06 PM
 #10

Thank god I have an iPhone Smiley

I don't even have a smartphone ;P
E.Sam
Sr. Member
****
Offline Offline

Activity: 336



View Profile WWW

Ignore
August 11, 2013, 04:58:59 PM
 #11

Just wondering, would this affect Electrum as well?

http://electrum.org/android.html

apetersson
Hero Member
*****
Offline Offline

Activity: 630


mycelium.com


View Profile WWW

Ignore
August 11, 2013, 05:07:56 PM
 #12

If you are using Mycelium Wallet, a fix has been published to the play store (still pending review) and to mycelium.com

if you download it from mycelium.com, you can check the sha1sum

Code:
dba000cad4cbf94a7b4c621f57482322c0a96678  mbw-v0.6.5.apk

There will be a wizard guiding you through the process in an upcoming version, but for now, you can simply download version 0.6.5 (or greater) and move the keys to newly generated addresses.

  • generate a new key
  • backup this key (to sdcard or similar)
  • manually send funds to the new secure address.
  • move your empty old key to the Archive category

Please take care. The most likely chance of lost bitcoins is the loss of private keys. Don't use our wallet without a backup of the keys.
TippingPoint
Sr. Member
****
Offline Offline

Activity: 336


Live a Quiet Life & Work With Your Hands


View Profile

Ignore
August 11, 2013, 05:12:49 PM
 #13

a component of Android responsible for generating secure random numbers contains critical weaknesses

Thank you.

The first rule of fight club is you do not talk about fight club.
Bitmessage BM-2cTpnX2iUZm4V2utSE82SG9RRQ5LQ6Huj3
n4ru
Sr. Member
****
Offline Offline

Activity: 252



View Profile

Ignore
August 11, 2013, 05:15:01 PM
 #14

If an address is generated by a computer or other source, and then imported into a blockchain wallet, is it still vulnerable?

I ask because of change addresses.
Boelens
Sr. Member
****
Offline Offline

Activity: 350


View Profile

Ignore
August 11, 2013, 05:16:20 PM
 #15

If an address is generated by a computer or other source, and then imported into a blockchain wallet, is it still vulnerable?

I think only if it's generated by Android.
HeroC
Sr. Member
****
Offline Offline

Activity: 364


HeroiCraft Minecraft server! - mc.heroicraft.net


View Profile WWW

Ignore
August 11, 2013, 05:21:39 PM
 #16

Woah, I have 2 addresses with only 0.002 in them that I generated a year ago. Are they safe? What should I do?

I also imported a vanity address to blockchain.info. Is that safe? I only made one transaction out of it. I generated many other addresses through blockchain.info but never sent anything from them. Are they safe?

฿: 1HeroCC | Ł: LgR6wtrpB3DjBWEixoXHpqn8PU3S1zrfFL
Pyramining | Bitcoin PyramidCoinURL | CoinChat | BitMessage address: BM-2D8H4Dgm4r3Qq7gNJvXHJ4HCUAKBHbavrW
Build your own Miner!

Earn Devcoins by Writing
1Nn4u4Lvb2opYf6EgDJPMSqhWshsBFt4hN
Mike Hearn
Hero Member
*****
Offline Offline

Activity: 1232


View Profile

Ignore
August 11, 2013, 05:21:51 PM
 #17

Because Bitcoin transactions require random numbers to create, if you generated spends with an imported key from Android then the key itself may be compromised, but this isn't a given, see here:

http://www.reddit.com/r/Bitcoin/comments/1k51dh/bad_signatures_leading_to_558_btc_theft_so_far/cblgtut


12LMm82ZgAzf7yNDpPydEYxEr4Ap7XtSSK
Xer0
Sr. Member
****
Offline Offline

Activity: 448


°^°


View Profile

Ignore
August 11, 2013, 05:21:59 PM
 #18

For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected.

Don't get this...
Wallet created with Bitcoin-QT; imported to Blockchain, but created new Address in Browser - still vulnerable?
BurtW
Hero Member
*****
Offline Offline

Activity: 1050

I no longer support vanity addresses


View Profile

Ignore
August 11, 2013, 05:29:34 PM
 #19

For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected.

Don't get this...
Wallet created with Bitcoin-QT; imported to Blockchain, but created new Address in Browser - still vulnerable?
No matter when or where created if you SPENT BTC from an address using a wallet on an android device then the private key may be known.

Try this:

Basically every bitcoin transaction is signed in order to prove you have the private key and can transfer the funds.  There is a bug in the secure random number generator on the android phones that causes it to sometimes use the same random number to sign a transaction.  If you sign two different transactions with the same private key and the same random number then it is very easy to just calculate the private key from the two signatures.

Bitcoin must have unqualified fungibility to survive as a form of money.  We must support all efforts that protect and improve the fungible nature of Bitcoin and stand firmly against anyone or anything which threatens this essential property.
elebit
Full Member
***
Offline Offline

Activity: 228


View Profile

Ignore
August 11, 2013, 05:32:09 PM
 #20

Could you please clarify:

1. Is this the same, or a different, issue from the one being discussed in the "Bad signatures" thread?

2. Is it absolutely and completely true that this is an Android issue, ie. hosted Blockchain.info wallets and other wallet software written in Java is not affected?

3. I generated my wallet keys off-device. Am I still vulnerable?

4. I generated my wallet keys on-device but have only received funds and not sent any, so no transactions were actually generated by the Android application. Am I still vulnerable?

5. If it turns out from any of the above two reasons that I am not vulnerable, will the update to Android Wallet specifically still rotate my wallet? There are probably a lot of wallets out there who would be greatly hurt by unnecessary transaction fees.
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!