Bitcoin Forum
November 19, 2024, 03:43:40 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 12 13 »  All
  Print  
Author Topic: [ANNOUNCE] Android key rotation  (Read 66322 times)
kangasbros
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1006



View Profile
August 11, 2013, 06:53:47 PM
 #41

This vulnerability is yet another reason address reuse in Bitcoin clients must be eliminated.

Prior to this, using non-deterministic wallets was either a privacy disaster (single key model) or else a usability nightmare (random key model).

Now anything which encourages address reuse should be considered negligent.
Not really.  This is a problem with a specific implementation of a specific secure random number generator (android).

Single-address-per-transaction policy is better for privacy, and also protects from a class of security issues AFAIK. IMHO it is kind of supporting that BItcoinJ dev team hasn't been very keen on implementing proper multi-address support. But then again, it is open source, if you don't like it develop a batch... Myself I don't use BitcoinJ but other solutions.

Yash
Newbie
*
Offline Offline

Activity: 57
Merit: 0



View Profile
August 11, 2013, 06:55:48 PM
 #42

This is very risky... I was thinking about installing a wallet on my phone but it's too early to do that now.
Mike Hearn (OP)
Legendary
*
Offline Offline

Activity: 1526
Merit: 1134


View Profile
August 11, 2013, 06:58:19 PM
 #43

The new bitcoinj release that will be announced shortly has some initial code for BIP32. It's definitely something I want to integrate. It's difficult on mobile devices because they don't have any swapfile, so you can't just use as much memory as you want. You have to define a key window in which money can be received. Coins sent to keys that fall outside that window won't show up which is obviously very problematic. All in all, it's delicate and will require some careful experimentation and testing to make it work.
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1138

All paid signature campaigns should be banned.


View Profile WWW
August 11, 2013, 06:59:42 PM
 #44

Not really.  This is a problem with a specific implementation of a specific secure random number generator (android).
If addresses are never reused, it doesn't matter if individual private keys are compromised after the fact.
The point is that with a proper RNG reuse is safe.

With a bad RNG no address is safe because it leads to bad signatures AND bad private keys.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
elebit
Sr. Member
****
Offline Offline

Activity: 441
Merit: 250


View Profile
August 11, 2013, 07:06:43 PM
 #45

Mike Hearn, Goonie, thanks for answering my questions.

So if I understand this correctly, if you generated your key an Android, OR if you generated a transaction on Android, one should consider that key insecure. Correct?

Will the wallet rotation on the Android Bitcoin Wallet incur a transaction fee?
Mike Hearn (OP)
Legendary
*
Offline Offline

Activity: 1526
Merit: 1134


View Profile
August 11, 2013, 07:08:13 PM
 #46

Transactions that re-use K values seem to result in a theft a few hours later. So, if your money hasn't been stolen and the key was not weakly generated, it's probably OK.

Yes it will incur the usual min tx fee.
Moogle
Full Member
***
Offline Offline

Activity: 238
Merit: 100


KUPO!


View Profile WWW
August 11, 2013, 07:09:40 PM
 #47

Pretty annoying for those people who imported vanity addresses into their android devices

sinner
Hero Member
*****
Offline Offline

Activity: 615
Merit: 500



View Profile
August 11, 2013, 07:12:42 PM
 #48

i'm confused--are all blockchain.info wallets vulnerable?  (even if you dont have an android phone)
Boelens
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500



View Profile
August 11, 2013, 07:13:28 PM
 #49

i'm confused--are all blockchain.info wallets vulnerable?  (even if you dont have an android phone)

No, just those generated by an Android phone.
millsdmb
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


View Profile
August 11, 2013, 07:13:52 PM
 #50

i'm confused--are all blockchain.info wallets vulnerable?  (even if you dont have an android phone)
Here are the rollout statuses of each wallet I'm aware of:

blockchain.info wallet: An update was released today that adds a new key using a fixed RNG, so you can manually rotate now. Another update will follow in the coming days that will automatically re-send all coins controlled by the previous keys to the new one.

Please note that apps where you don't control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated or controlled by you at all.

Basic rule of thumb - if you'd lose the money if the phone/tablet were destroyed (assuming no backups), and that device is an Android device, then you need to upgrade ASAP.

For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected.



Hitler Finds out about the Butterfly Labs Monarch http://www.youtube.com/watch?v=4jYNMKdv36w
Get $10 worth of BTC Free when you buy $100 worth at coinbase.com/?r=51dffa8970f85a53bd000034
STT
Legendary
*
Offline Offline

Activity: 4102
Merit: 1454



View Profile WWW
August 11, 2013, 07:15:13 PM
 #51

Ive always thought computers could not generate random numbers.    I once won a large prize buying the last ticket before a lotto draw, computer random number generator was the source though I didnt complain at the time

▄▄███████████████████▄▄
▄███████████████████████▄
████████▀░░░░░░░▀████████
███████░░░░░░░░░░░███████
███████░░░░░░░░░░░███████
██████▀░░░░░░░░░░░▀██████
██████▄░░░░░▄███▄░▄██████
██████████▀▀█████████████
████▀▄██▀░░░░▀▀▀░▀██▄▀███
███░░▀░░░░░░░░░░░░░▀░░███
████▄▄░░░░▄███▄░░░░▄▄████
▀███████████████████████▀
▀▀███████████████████▀▀
 
 CHIPS.GG 
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
███▀░▄░▀▀▀▀▀░▄░▀███
▄███
░▄▀░░░░░░░░░▀▄░███▄
▄███░▄░░░▄█████▄░░░▄░███▄
███░▄▀░░░███████░░░▀▄░███
███░█░░░▀▀▀▀▀░░░▀░░░█░███
███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░██
▀███
░▀░▀▄██▀░▀██▄▀░▀░██▀
▀███
░▀▄░░░░░░░░░▄▀░██▀
▀███▄
░▀░▄▄▄▄▄░▀░▄███▀
▀█
███▄▄▄▄▄▄▄████▀
█████████████████████████
▄▄███████▄▄
███
████████████▄
▄█▀▀▀▄
█████████▄▀▀▀█▄
▄██████▀▄▄▄▄▄▀██████▄
▄█████████████▄████████▄
████████▄███████▄████████
█████▄█████████▄██████
██▄▄▀▀▀▀█████▀▀▀▀▄▄██
▀█████████▀▀███████████▀
▀███████████████████▀
██████████████████
▀████▄███▄▄
████▀
████████████████████████
3000+
UNIQUE
GAMES
|
12+
CURRENCIES
ACCEPTED
|
VIP
REWARD
PROGRAM
 
 
  Play Now  
jbis1
Newbie
*
Offline Offline

Activity: 50
Merit: 0



View Profile
August 11, 2013, 07:17:16 PM
 #52

Reading through the entire thread, I am still not clear on this. If I logged into and made transactions using the blockchain.info website through my Android device's web browser, does this affect me? I have never used the blockchain.info app.
apetersson
Hero Member
*****
Offline Offline

Activity: 668
Merit: 501



View Profile
August 11, 2013, 07:17:34 PM
 #53

If you are using Mycelium Wallet, a fix has been published to the play store (still pending review) and to mycelium.com

if you download it from mycelium.com, you can check the sha1sum

Code:
dba000cad4cbf94a7b4c621f57482322c0a96678  mbw-v0.6.5.apk

There will be a wizard guiding you through the process in an upcoming version, but for now, you can simply download version 0.6.5 (or greater) and move the keys to newly generated addresses.

  • generate a new key
  • backup this key (to sdcard or similar)
  • manually send funds to the new secure address.
  • move your empty old key to the Archive category

Please take care. The most likely chance of lost bitcoins is the loss of private keys. Don't use our wallet without a backup of the keys.
P_Shep
Legendary
*
Online Online

Activity: 1804
Merit: 1230


This is not OK.


View Profile
August 11, 2013, 07:18:35 PM
 #54

Oopsie!
I've extracted all mah money... Waiting for update.
Sukrim
Legendary
*
Offline Offline

Activity: 2618
Merit: 1007


View Profile
August 11, 2013, 07:19:53 PM
 #55

Annoyingly the Schildbach wallet seems to now enforce(!) a 0.0001 BTC default fee! Angry

Well, these issues aside - thanks for informing us.

https://www.coinlend.org <-- automated lending at various exchanges.
https://www.bitfinex.com <-- Trade BTC for other currencies and vice versa.
Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1862
Merit: 1011

Reverse engineer from time to time


View Profile
August 11, 2013, 07:21:29 PM
 #56

Annoyingly the Schildbach wallet seems to now enforce(!) a 0.0001 BTC default fee! Angry

Well, these issues aside - thanks for informing us.
Well what do you expect? The minimum I always pay is 0.0006 or 0.0005 on the -Qt client. Non-fee transactions usually means hours to days waiting for confirmations.

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
millsdmb
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


View Profile
August 11, 2013, 07:21:37 PM
 #57

Annoyingly the Schildbach wallet seems to now enforce(!) a 0.0001 BTC default fee! Angry

Well, these issues aside - thanks for informing us.
I cant find any wallet other than bitcoin-qt that lets you put a 0.00 tx fee. Surprising to see people in here wondering about fees. it's a penny. Go sell something on PayPal and tell me about fees.

Hitler Finds out about the Butterfly Labs Monarch http://www.youtube.com/watch?v=4jYNMKdv36w
Get $10 worth of BTC Free when you buy $100 worth at coinbase.com/?r=51dffa8970f85a53bd000034
JoelKatz
Legendary
*
Offline Offline

Activity: 1596
Merit: 1012


Democracy is vulnerable to a 51% attack.


View Profile WWW
August 11, 2013, 07:21:39 PM
 #58

Ive always thought computers could not generate random numbers.    I once won a large prize buying the last ticket before a lotto draw, computer random number generator was the source though I didnt complain at the time
This is a common misconception. Real-world computers actually have access to any number of sources of real randomness. For example, the offset between the crystal oscillator that drives the CPU and the crystal oscillator that drives the network card is determined by microscopic zone temperature variations that are believed to be truly random. The latency of a hard disk drive is dependent on turbulent airflow drag on the spindle which is also believed to be truly random. Some CPUs and chipsets have true random number generators on them, usually obtained from shot noise which is also believed to be truly random. (And even if they're not truly random, they are entirely unpredictable.)

I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
August 11, 2013, 07:23:19 PM
 #59

Ive always thought computers could not generate random numbers.    I once won a large prize buying the last ticket before a lotto draw, computer random number generator was the source though I didnt complain at the time
This is a common misconception. Real-world computers actually have access to any number of sources of real randomness. For example, the offset between the crystal oscillator that drives the CPU and the crystal oscillator that drives the network card is determined by microscopic zone temperature variations that are believed to be truly random. The latency of a hard disk drive is dependent on turbulent airflow drag on the spindle which is also believed to be truly random. Some CPUs and chipsets have true random number generators on them, usually obtained from shot noise which is also believed to be truly random. (And even if they're not truly random, they are entirely unpredictable.)
Which does not change the fact that there are corporations out there selling certified random number generators, for thousands of dollars per piece.
Try to explain to a bank that a PC can generate random data equally well... Smiley

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
millsdmb
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


View Profile
August 11, 2013, 07:24:06 PM
 #60

Annoyingly the Schildbach wallet seems to now enforce(!) a 0.0001 BTC default fee! Angry

Well, these issues aside - thanks for informing us.
Well what do you expect? The minimum I always pay is 0.0006 or 0.0005 on the -Qt client. Non-fee transactions usually means hours to days waiting for confirmations.

I second this. While mining with deepbit, their tx fees are not included. One payment sat for almost 4 days before being picked up by eligius pool. Just send the penny.

Hitler Finds out about the Butterfly Labs Monarch http://www.youtube.com/watch?v=4jYNMKdv36w
Get $10 worth of BTC Free when you buy $100 worth at coinbase.com/?r=51dffa8970f85a53bd000034
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 12 13 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!