Is or was bitaddress affected by this „bug“?

Bitcoin Forum

May 06, 2024, 05:38:09 PM

Welcome, Guest. Please login or register.

News: Latest Bitcoin Core release: 27.0 [Torrent]

Home

Help

Search

Login

Register

More

Bitcoin Forum > Bitcoin > Bitcoin Technical Support > Is or was bitaddress affected by this „bug“?

Pages: [1]

« previous topic next topic »

Author

Topic: Is or was bitaddress affected by this „bug“? (Read 229 times)

longbtcdev (OP)

Jr. Member

Offline

Offline

Activity: 80
Merit: 6

Is or was bitaddress affected by this „bug“?

June 09, 2019, 09:01:18 PM

Merited by OmegaStarScream (2), ABCbits (1)

#1

https://www.mail-archive.com/bitcoin-dev@lists.linuxfoundation.org/msg06929.html

Is bitaddress affected by this?

The founder of segwitaddress said bitaddress still uses jsbn so it is affected?

Thanks in advance for the answer

1715017089

Hero Member

Offline

Offline

Posts: 1715017089

Personal Message (Offline)

Ignore

1715017089

1715017089

Reply with quote

#2

1715017089


	Report to moderator

1715017089

Hero Member

Offline

Offline

Posts: 1715017089

Personal Message (Offline)

Ignore

1715017089

1715017089

Reply with quote

#2

1715017089


	Report to moderator

"Governments are good at cutting off the heads of a centrally controlled networks like Napster, but pure P2P networks like Gnutella and Tor seem to be holding their own." -- Satoshi

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.

1715017089

Hero Member

Offline

Offline

Posts: 1715017089

Personal Message (Offline)

Ignore

1715017089

1715017089

Reply with quote

#2

1715017089


	Report to moderator

1715017089

Hero Member

Offline

Offline

Posts: 1715017089

Personal Message (Offline)

Ignore

1715017089

1715017089

Reply with quote

#2

1715017089


	Report to moderator

1715017089

Hero Member

Offline

Offline

Posts: 1715017089

Personal Message (Offline)

Ignore

1715017089

1715017089

Reply with quote

#2

1715017089


	Report to moderator

OmegaStarScream

Staff
Legendary

Offline

Offline

Activity: 3472
Merit: 6125

Re: Is or was bitaddress affected by this „bug“?

June 10, 2019, 11:05:06 AM

#2

I'm not an expert, but if the condition is simply using secureRandom then Bitaddress does use it and the repository hasn't been updated since 2016.

█▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄

▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄

██████████████▄
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
████████████▀██▀
████▀█████████▀

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄█

▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
░▀▀██▀▀

^✔Instant ^✔Non KYC Crypto Swap Exchange
.............Bitcoin | Litecoin | Ethereum | Monero | Dash | ERC20 Tokens | more soon.............

▄███████████████████▄
█████████████████████
██▀▀▀▀▀██▀██▀▀███████
████████████████▀████
████████████▄████████
████████████▀████████
████████████████▀████
█████████████▄███████
█████████████▀███████
████████████████▄████
ANN THREAD

▄██████████████████▄
███████████▀▄▀██████
██████████▀█▄███████
████████▀▌█▄████████
████████▌▄██████████
███████▀▄███▀███████
████▀▄▄███████▀█████
███▀▄█▀▄████████████
███████▀▄█▌▐████▐███
████▌▐██▀▌▐█████▐███
ONION LINK

ABCbits

Legendary

Offline

Offline

Activity: 2870
Merit: 7476

Crypto Swap Exchange

Re: Is or was bitaddress affected by this „bug“?

June 10, 2019, 04:19:37 PM

Merited by OmegaStarScream (2)

#3

I'm not sure, but :
1. The email stated RC4 ("arcfour random") is one of the problem
2. securerandom.js on BitAddress source code use RC4. https://github.com/pointbiz/bitaddress.org/blob/72aefc03e0d150c52780294927d95262b711f602/src/securerandom.js#L58

Quote from: OmegaStarScream on June 10, 2019, 11:05:06 AM

I'm not an expert, but if the condition is simply using secureRandom then Bitaddress does use it and the repository hasn't been updated since 2016.

The email clearly stated that depends on variations of SecureRandom()

Quote from: https://www.mail-archive.com/bitcoin-dev@lists.linuxfoundation.org/msg06929.html

There are a substantial number of variations of this SecureRandom() class in various pieces of software, some with bugs fixed, some with additional bugs added.

█▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄

▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄

██████████████▄
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
████████████▀██▀
████▀█████████▀

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄█

▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
░▀▀██▀▀

^✔Instant ^✔Non KYC Crypto Swap Exchange
.............Bitcoin | Litecoin | Ethereum | Monero | Dash | ERC20 Tokens | more soon.............

▄███████████████████▄
█████████████████████
██▀▀▀▀▀██▀██▀▀███████
████████████████▀████
████████████▄████████
████████████▀████████
████████████████▀████
█████████████▄███████
█████████████▀███████
████████████████▄████
ANN THREAD

▄██████████████████▄
███████████▀▄▀██████
██████████▀█▄███████
████████▀▌█▄████████
████████▌▄██████████
███████▀▄███▀███████
████▀▄▄███████▀█████
███▀▄█▀▄████████████
███████▀▄█▌▐████▐███
████▌▐██▀▌▐█████▐███
ONION LINK

longbtcdev (OP)

Jr. Member

Offline

Offline

Activity: 80
Merit: 6

Re: Is or was bitaddress affected by this „bug“?

June 10, 2019, 04:42:09 PM

#4

Thanks for the answers, I found some articels saying that this was an old issue and only pre 2013-2015 generated adresses are affected by this....

https://www.bleepingcomputer.com/news/security/old-javascript-crypto-flaw-puts-bitcoin-funds-at-risk/
https://www.google.ch/amp/s/www.theregister.co.uk/AMP/2018/04/12/javascript_crypto_library_fingered_for_weak_wallets/

But im still not sure about it, very hard to find a clear answer about this :/

longbtcdev (OP)

Jr. Member

Offline

Offline

Activity: 80
Merit: 6

Re: Is or was bitaddress affected by this „bug“?

June 10, 2019, 04:57:05 PM

#5

Quote from: longbtcdev on June 10, 2019, 04:42:09 PM

Thanks for the answers, I found some articels saying that this was an old issue and only pre 2013-2015 generated adresses are affected by this....

https://www.bleepingcomputer.com/news/security/old-javascript-crypto-flaw-puts-bitcoin-funds-at-risk/
https://www.google.ch/amp/s/www.theregister.co.uk/AMP/2018/04/12/javascript_crypto_library_fingered_for_weak_wallets/

But im still not sure about it, very hard to find a clear answer about this :/

+ someone on twitter said bitaddress uses its own secure random

Source: https://mobile.twitter.com/robep00/status/984008260025028609

aplistir

Full Member

Offline

Offline

Activity: 378
Merit: 197

Re: Is or was bitaddress affected by this „bug“?

June 10, 2019, 05:28:25 PM

#6

bitaddress also collects mouse movements and/or inputted random text to add to the randomness, so it is not completely dependent on any possibly faulty RNG.

Now it feels good that they have added that bit of extra security.

My Address: 121f7zb2U4g9iM4MiJTDhEzqeZGHzq5wLh

Pages: [1]

Bitcoin Forum > Bitcoin > Bitcoin Technical Support > Is or was bitaddress affected by this „bug“?

« previous topic next topic »

Jump to:

Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines