molecular
Donator
Legendary
 Offline
Activity: 2772
Merit: 1019
|
 |
August 14, 2013, 04:36:42 PM |
|
This was known for even longer. The news was discovery of weakness in apache harmony RNG used by android. |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
|
niko
|
|
August 14, 2013, 04:50:30 PM |
|
@casascius: do you know about this page: http://www.random.org/bytes/ ? that could also be a source, which could replace the mouse-moving-timestamp thing because it comes from an external source. Sure, though I have every reason to believe their bytes are truly random, for security purposes, I don't. When I generate keys, the machine doesn't have internet access anyway, so I suppose it's just an alternative (sub)string to paste as a response to the "keyboard mash" if I want to copy it in with a flash drive etc. You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data. (Unless if you distrust the laws of physics  ) You may be missing the point here. There is more than enough entropy available in a phone or a PC. The problem is with human errors when coding and otherwise implementing the RNG. In this case, lazy Google employees who copy-pasted broken Apache code without reviewing it, and didn't even bother fixing it or rewriting the documentation when some of the flaws were made public half a year ago. Building your own hardware, by yourself, will likely lead to more errors. |
They're there, in their room.
Your mining rig is on fire, yet you're very calm.
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
August 14, 2013, 05:27:18 PM |
|
You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data. (Unless if you distrust the laws of physics ) I would have, but at the time, I was fresh out of radioactive material. Maybe next time. |
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
|
phatsphere
|
|
August 14, 2013, 05:54:57 PM |
|
You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data. (Unless if you distrust the laws of physics ) I would have, but at the time, I was fresh out of radioactive material. Maybe next time. instead of *radio*active material, you can use *radio*waves. just tune in a lower kHz frequency where a lot of noise from the earth's atmosphere is audible. that's one of the sources providers like random.org use. i guess it's pretty easy to get this running and then pulling the bytes from the A/D converter of your soundcard. |
|
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1013
|
|
August 14, 2013, 06:21:46 PM |
|
I would have, but at the time, I was fresh out of radioactive material. Maybe next time.
Pick up some banana from the grocery store next time. |
|
|
|
|
P_Shep
Legendary
 Online
Activity: 1802
Merit: 1230
This is not OK.
|
|
August 14, 2013, 07:02:52 PM |
|
You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data. (Unless if you distrust the laws of physics ) I would have, but at the time, I was fresh out of radioactive material. Maybe next time. dismantle a smoke detector |
|
|
|
|
stereotype
Legendary
Offline
Activity: 1554
Merit: 1000
|
|
August 14, 2013, 09:05:21 PM |
|
You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data. (Unless if you distrust the laws of physics ) I would have, but at the time, I was fresh out of radioactive material. Maybe next time. dismantle a smoke detector Or a bowl of brazil nuts |
|
|
|
|
|
ralree
|
|
August 15, 2013, 12:03:32 AM |
|
You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data. (Unless if you distrust the laws of physics ) I would have, but at the time, I was fresh out of radioactive material. Maybe next time. Actually, you can just push a transistor into avalanche - it only take a few discrete components: http://holdenc.altervista.org/avalanche/ |
1MANaTeEZoH4YkgMYz61E5y4s9BYhAuUjG
|
|
|
TippingPoint
Legendary
Offline
Activity: 905
Merit: 1000
|
|
August 15, 2013, 12:14:47 AM |
|
You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data. (Unless if you distrust the laws of physics ) I would have, but at the time, I was fresh out of radioactive material. Maybe next time. dismantle a smoke detector Or a bowl of brazil nuts Formerly known as ... |
|
|
|
|
Lauda
Legendary
Offline
Activity: 2674
Merit: 2965
Terminated.
|
|
August 15, 2013, 11:10:37 PM |
|
dismantle a smoke detector
Or a bowl of brazil nuts Formerly known as ... the hero of? |
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion) |
|
|
|
niko
|
|
August 16, 2013, 04:14:18 AM |
|
dismantle a smoke detector
Or a bowl of brazil nuts Formerly known as ... the hero of? Quit generating randomness, and get back to the topic. I read in the news that Google has acknowledged the problem, and recommends developers use dev/(u)rand. Good luck patching Android with third parties between Google and your phone. |
They're there, in their room.
Your mining rig is on fire, yet you're very calm.
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1013
|
|
August 16, 2013, 04:15:30 AM |
|
Good luck patching Android with third parties between Google and your phone. It bet Cyanogenmod users get access to the patches first. |
|
|
|
|
allbiznessman
Member
Offline
Activity: 74
Merit: 10
SudoSuRootDev... AKA... AllBiznessMan
|
|
August 19, 2013, 03:08:40 PM |
|
So, does this only affect Android wallets (Private Keys) generated by the Android wallet apps, or would my BTC address which I already had and then added to the blockchain wallet app also be affected? I hope not, cause I like keeping the same address for Public use, and then moving the BTC into my private addresses, never revealing public keys or addresses.
|
|
|
|
|
Rannasha
|
|
August 19, 2013, 03:21:17 PM |
|
So, does this only affect Android wallets (Private Keys) generated by the Android wallet apps, or would my BTC address which I already had and then added to the blockchain wallet app also be affected? I hope not, cause I like keeping the same address for Public use, and then moving the BTC into my private addresses, never revealing public keys or addresses.
It only affects addresses/keys that are generated on Android. |
|
|
|
|
Carlton Banks
Legendary
Offline
Activity: 3430
Merit: 3080
|
|
August 19, 2013, 03:44:18 PM |
|
You should make your own hardware for pulling random data for your coins. Something like a geiger counter near a radiation source. Now that would be truly the best source for truly random data. (Unless if you distrust the laws of physics ) I would have, but at the time, I was fresh out of radioactive material. Maybe next time. Lol, how long before the FBI kicks your door in? Didn't everyone get the memo that making online jokes about possessing WMD's are indistinguishable from sincere admissions?  |
Vires in numeris
|
|
|
|
niko
|
|
August 19, 2013, 04:23:58 PM |
|
So, does this only affect Android wallets (Private Keys) generated by the Android wallet apps, or would my BTC address which I already had and then added to the blockchain wallet app also be affected? I hope not, cause I like keeping the same address for Public use, and then moving the BTC into my private addresses, never revealing public keys or addresses.
It only affects addresses/keys that are generated on Android. This is incorrect. The problem also affects imported keys if they were ever used to send funds from an android client. |
They're there, in their room.
Your mining rig is on fire, yet you're very calm.
|
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
|
|
August 19, 2013, 07:20:45 PM |
|
The referenced posting is unrelated. It concerns a person not understanding the Random() function and the fact that every time you use the same seed for that function you get the same sequence. They are using Random() we are discussing SecureRandom(), two different functions. However, as far as I can tell the problem with the SecureRandom() function did have to do with seeding, it is just not the same seeding issue discussed in the link. |
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated! |
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
August 19, 2013, 07:34:18 PM |
|
Let's talk bitcoin episode about the issue. http://www.youtube.com/watch?v=4zTocJflyS8Contains interesting interview with Andreas Pettersen ((co-)author of mycelium wallet) Apparently under certain circumstances (some fallbacks) the entropy of the android RNG drops to just 9 bits. Did anyone find more information about what exactly is going wrong? |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
August 19, 2013, 09:57:36 PM |
|
I would feel much better if bitcoin wallets generated new addresses using the following method:
SHA256(something_from_SecureRandom + some_user_supplied_constant + some_incrementing_counter + current_system_time/tickcount)
The "some_user_supplied_constant" could be nothing more than a string collected from the user upon first invocation of the program, and perhaps even saved to a config file. It serves the same purpose as salt. Because the user supplies it, it's pretty easy to verify that it isn't predictable. It will have relatively poor entropy, but would successfully serve the purpose of making mass cracking of insecure random numbers pretty much impossible, as well as verifiably ensuring that there is some portion of the input that is truly unpredictable by an outside attacker.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
|
