Bitcoin Forum
December 06, 2022, 11:16:02 PM *
News: Bitcointalk Community Awards
   Home   Help Search Login Register More  
Pages: [1]
Author Topic: IMPORTANT: Android key rotation  (Read 8994 times)
Andreas Schildbach (OP)
Hero Member
Offline Offline

Activity: 483
Merit: 501

View Profile
August 11, 2013, 05:05:33 PM
Last edit: December 06, 2013, 07:16:22 PM by Andreas Schildbach

Please read the post quoted below.

A fixed version 3.15 of Bitcoin Wallet is rolling out now. If you don't want to wait for the Google Play update, you can install directly from these links:



As soon as you upgrade, it will create a "rotate transaction", sending your funds over to a fresh, secure key.

Important: You need to backup your wallet again, because of the added key. The old keys will not be included in the backup, so keep your old backups around just in case.

Generally, do not use old addresses/keys for receiving payments any more. Also make sure to not import old backups into any wallet.

If you have a wallet with unconfirming transactions or if the rotate transaction does not confirm for a long time, consider replaying the blockchain. After replay, your funds should be rotated without problems.

Thanks to everyone contributing to fixing this very serious issue!

Hash: SHA512

We recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft. Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. An incomplete list would be Bitcoin Wallet, wallet, BitcoinSpinner and Mycelium Wallet.

In order to re-secure existing wallets, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. If you use an Android wallet then we strongly recommended you upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.

If you use Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after you upgrade. The old addresses will be marked as insecure in your address book. You will need to make a fresh backup.

Updates for other wallet apps should be released shortly.

Some technical details of what exactly has gone wrong inside Android will be released once the upgrade process is reasonably compete. I will keep track of the upgrade status of each wallet app I know about in the post below.
Comment: GPGTools -


Pages: [1]
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!