Bitcoin Forum
April 24, 2014, 05:53:05 AM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: IMPORTANT: Android key rotation  (Read 5320 times)
Andreas Schildbach
Moderator
Sr. Member
*
Offline Offline

Activity: 424



View Profile WWW

Ignore
August 11, 2013, 05:05:33 PM
 #1

Please read the post quoted below.

A fixed version 3.15 of Bitcoin Wallet is rolling out now. If you don't want to wait for the Google Play update, you can install directly from these links:

Mainnet:
http://code.google.com/p/bitcoin-wallet/downloads/detail?name=bitcoin-wallet-3.15.apk

Testnet:
http://code.google.com/p/bitcoin-wallet/downloads/detail?name=bitcoin-wallet-3.15-test.apk

As soon as you upgrade, it will create a "rotate transaction", sending your funds over to a fresh, secure key.

Important: You need to backup your wallet again, because of the added key. The old keys will not be included in the backup, so keep your old backups around just in case.

Generally, do not use old addresses/keys for receiving payments any more. Also make sure to not import old backups into any wallet.

If you have a wallet with unconfirming transactions or if the rotate transaction does not confirm for a long time, consider replaying the blockchain. After replay, your funds should be rotated without problems.

Thanks to everyone contributing to fixing this very serious issue!


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

http://bitcoin.org/en/alert/2013-08-11-android

We recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft. Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. An incomplete list would be Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet.

In order to re-secure existing wallets, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. If you use an Android wallet then we strongly recommended you upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.

If you use Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after you upgrade. The old addresses will be marked as insecure in your address book. You will need to make a fresh backup.

Updates for other wallet apps should be released shortly.

Some technical details of what exactly has gone wrong inside Android will be released once the upgrade process is reasonably compete. I will keep track of the upgrade status of each wallet app I know about in the post below.
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJSB7jRAAoJEPLkhhyZiIFvpk8IAI34L0HsEj5wztFl18jQxj74
svaY+eY1mwgWZjjyZlCRlP42B3u5zF2jlh2+taRgM9DaXlECqa3euGe+EmHWirTU
HTTNNg2ZFf7jvruUZ2tanl4Sv34/q/q8w81zL6uJAKK98ZBWuMQ9oPghW1erCAHv
Ke5eoLzGdnwpAN817SLGL2iUgwMpJLu7Jx2HEhF2Yz7Yl1+ScLHzlXSZP65BlpI7
lNeJweQsC0PHPnumde/UIRdcTQqhciY/0xM7HHyrrn00AW56vu4l+/Hb9Mr9rpds
Rx2UEvFXQ5KWX7e8E3+Wx2Rs/w5cYRwwsfzwWIYkoZaJ3ssaPaYAEr5YMO1bz24=
=AFBd
-----END PGP SIGNATURE-----


Bitcoin Wallet for Android: Your own Bitcoins, in your own pocket!
https://play.google.com/store/apps/details?id=de.schildbach.wallet
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!