Bitcoin Forum
December 10, 2016, 05:14:31 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 [28] 29 30 31 32 33 34 35 »
  Print  
Author Topic: BitcoinSpinner  (Read 51213 times)
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 06, 2013, 09:26:31 AM
 #541

Could a Trojan on the phone not steal the private key and send it somewhere?
If you use two devices (online/offline) you are still subject to a trojan.
However, the trojan can only hide in what is on the device. This is why you nuke it, install cyanogenmod, and install a single app  Smiley

Mycelium let's you hold your private keys private.
1481346871
Hero Member
*
Offline Offline

Posts: 1481346871

View Profile Personal Message (Offline)

Ignore
1481346871
Reply with quote  #2

1481346871
Report to moderator
1481346871
Hero Member
*
Offline Offline

Posts: 1481346871

View Profile Personal Message (Offline)

Ignore
1481346871
Reply with quote  #2

1481346871
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Rassah
Legendary
*
Offline Offline

Activity: 1624


Director of Bitcoin100


View Profile
August 06, 2013, 02:55:12 PM
 #542

I've been waiting for this thing since the San Jose Bitcoin Conference, but didn't know it was under a new name. Jan demoed it to us while there, and I really really liked the features, so I'm glad I found it (Jan PM'ed me) and can finally use it. This thing is definitely Rassah-approved  Grin

molecular
Donator
Legendary
*
Offline Offline

Activity: 2142



View Profile
August 11, 2013, 05:58:12 PM
 #543

I guess both spinner and mycelium are affected by this vulnerability in android random source?

http://bitcoin.org/en/alert/2013-08-11-android

I hope I can expect an update also for the old bitcoinspinner (still haven't migrated to mycelium (still beta, right?))

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 11, 2013, 06:13:44 PM
 #544

A security vulnerability has been discovered that affects key generation on all Android wallets: Blockchain.info, Android Bitcoin Wallet, BitcoinSpinner, and Mycelium Bitcoin Wallet
Please read this thread for details: https://bitcointalk.org/index.php?topic=271831.0

We are working hard to send out a new build which allows you to:
1. Generate new keys for vulnerable keys
2. Send all funds to the newly generated key
3. Archive the vulnerable key in such a way that you can still access it.

We have been working on this since Friday and will get a new version as soon as possible while doing everything we can to ensure stability.

Mycelium let's you hold your private keys private.
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 11, 2013, 06:20:39 PM
 #545

I guess both spinner and mycelium are affected by this vulnerability in android random source?

http://bitcoin.org/en/alert/2013-08-11-android

I hope I can expect an update also for the old bitcoinspinner (still haven't migrated to mycelium (still beta, right?))


Since BitcoinSpinner cannot handle more than one key at a time upgrade path for BitcoinSpinner is either:

1. Send funds elsewhere
2. Uninstall
3. Install new BitcoinSpinner version (once it gets published)

or

1. Install Mycelium wallet
2. Send funds to it.
3. Uninstall BitcoinSpinner

Andreas and I were about to ad the final touches to declare Mycelium as a 1.0 when this turned up last Friday. There are over 800 Mycelium wallet users, and it has been throughly battle tested over the summer. It is my impression that the Mycelium wallet is as safe to use as BitcoinSpinner, which also happens to be in beta.

Mycelium let's you hold your private keys private.
Rassah
Legendary
*
Offline Offline

Activity: 1624


Director of Bitcoin100


View Profile
August 11, 2013, 06:55:58 PM
 #546

I think Mycelium is already functional enough to avoid this issue: Go to https://www.bitaddress.org, generate a key, print a backup, scan it into mycelium, and stash the backup safe somewhere. Of course any fixes will also help a lot. Thanks guys!

Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 11, 2013, 07:10:32 PM
 #547

I think Mycelium is already functional enough to avoid this issue: Go to https://www.bitaddress.org, generate a key, print a backup, scan it into mycelium, and stash the backup safe somewhere. Of course any fixes will also help a lot. Thanks guys!
Rassah is right. However, there will shortly be a new version out that generates safe keys. Stay tuned...

Mycelium let's you hold your private keys private.
elebit
Sr. Member
****
Offline Offline

Activity: 390


View Profile
August 11, 2013, 07:22:46 PM
 #548

I think Mycelium is already functional enough to avoid this issue: Go to https://www.bitaddress.org, generate a key, print a backup, scan it into mycelium, and stash the backup safe somewhere. Of course any fixes will also help a lot. Thanks guys!

I understand that the affected wallets generate transactions that might leak key information.

So even if you generated your key in a secure way, as soon as you generated one transaction with one of the affected clients *bam!* anyone could steal all your funds.

That would make your advice dangerous and misleading. The only way to be sure is to transfer all your funds to a fixed version (or to bitcoin-qt, or to a paper wallet...).
apetersson
Hero Member
*****
Offline Offline

Activity: 666


mycelium.com


View Profile WWW
August 11, 2013, 07:26:12 PM
 #549

If you are using Mycelium Wallet, a fix has been published to the play store (still pending review) and to mycelium.com

if you download it from mycelium.com, you can check the sha1sum

Code:
dba000cad4cbf94a7b4c621f57482322c0a96678  mbw-v0.6.5.apk

There will be a wizard guiding you through the process in an upcoming version, but for now, you can simply download version 0.6.5 (or greater) and move the keys to newly generated addresses.

  • generate a new key
  • backup this key (to sdcard or similar)
  • manually send funds to the new secure address.
  • move your empty old key to the Archive category

Please take care. The most likely chance of lost bitcoins is the loss of private keys. Don't use our wallet without a backup of the keys.
Rassah
Legendary
*
Offline Offline

Activity: 1624


Director of Bitcoin100


View Profile
August 11, 2013, 08:36:04 PM
 #550

I understand that the affected wallets generate transactions that might leak key information.

So even if you generated your key in a secure way, as soon as you generated one transaction with one of the affected clients *bam!* anyone could steal all your funds.

That's a pretty serious issue, which I thought was only a concern with quantum computing. Or is this still the extension of the bad random generator issue, in which case using something like bitaddress.org solves it. Do you have any more info about that?

EDIT: Found it https://bitcointalk.org/index.php?topic=271486.0 Quite disturbing Sad

elebit
Sr. Member
****
Offline Offline

Activity: 390


View Profile
August 11, 2013, 08:49:20 PM
 #551

That's a pretty serious issue, which I thought was only a concern with quantum computing. Or is this still the extension of the bad random generator issue, in which case using something like bitaddress.org solves it. Do you have any more info about that?

That's how the issue was described in the first place. ECDSA requires a (cryptographically secure) random number in order to create signatures. If you re-use these nonces one can trivially deduce the secret key. Apparently the blockchain contains a bunch of signatures which are broken in exactly this way and people started reporting lost funds. This bit about how keys generated on Android should be considered insecure was added to the final advisory.

Presumably both problems stem from the same underlying randomness problem, but no one's telling exactly what's happened here. Over time it will be more clear exactly who are affected by this, but you might not want to wait for that.
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 11, 2013, 08:52:54 PM
 #552

I understand that the affected wallets generate transactions that might leak key information.

So even if you generated your key in a secure way, as soon as you generated one transaction with one of the affected clients *bam!* anyone could steal all your funds.

That's a pretty serious issue, which I thought was only a concern with quantum computing. Or is this still the extension of the bad random generator issue, in which case using something like bitaddress.org solves it. Do you have any more info about that?

The thing is that whenever you make a signature, a random component is part of the signature calculation. If you generate two signatures with the same key and random component (the stuff you sign is obviously different), then you reveal enough information for an attacker to calculate the key. So, there is apparently a non-trivial probability that signatures generated by Android apps have used the same random component for the same key.

EDIT: elebit beat me to it ;-)

Mycelium let's you hold your private keys private.
molecular
Donator
Legendary
*
Offline Offline

Activity: 2142



View Profile
August 11, 2013, 08:53:44 PM
 #553

thanks guys for acting fast and responsibly.

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
apetersson
Hero Member
*****
Offline Offline

Activity: 666


mycelium.com


View Profile WWW
August 11, 2013, 08:56:25 PM
 #554

So even if you generated your key in a secure way, as soon as you generated one transaction with one of the affected clients *bam!* anyone could steal all your funds.

I don't think this was the case with old, versions with weak SecureRandom, since Mycelium Wallet re-seeded the weak SecureRandom for each transaction. But hopefully we will never know Wink

I suspect (don't know) that the issue of duplicate R values had not occurred with our software. Nevertheless the theoretical weakness of the private keys themselves warrant a key change.

btw, play store has updated the latest apk now. feel free to update. To upgrade to more secure keys move your old keys to archive, create a new one and move funds over.
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 11, 2013, 10:54:50 PM
 #555

The key migration wizard is now feature complete, and we are testing it vigorously.

First of all let me introduce a nice new feature, which the key migration wizard relies on:
As of version 0.6.5 there is a new concept of a key archive. A key/address can either be Active or Archived. You can move a key back and forth between the Active and Archive set in "Keys & Addresses". It is somewhat similar to what you see in the Blockchain.info wallet for iPhone.
When the wallet is in Aggregate mode (the default) the balance view displays the aggregate value of all your Active keys. Keys in the Archive set are not included.
While this gives some nifty key control features for advanced users, it also allows us to make the Vulnerable Key Migration Wizard (tm) safer to use.

Here is how the migration wizard works in version 0.7.0:

When you open the wallet it will investigate whether the Active set contains any keys that were present from before 0.6.5. If there are any it will show you a dialog explaining that you have X potentially vulnerable keys
. You can then choose to launch a (5 step) migration wizard, which:

1. creates a new key

2. swipes the funds to it

3. archives your vulnerable key

This way the vulnerable key is not deleted, but merely archived. This is nice as someone may still send funds to your old keys. If you select an archived key and go into the balance view you will monitor this single key, just as if you were in segregated mode.

We are still testing the migration wizard, stay tuned...

Mycelium let's you hold your private keys private.
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 11, 2013, 11:27:10 PM
 #556

In the meantime, if you want to migrate your keys manually with version 0.6.5 here it how:
1. Go to settings and uncheck Aggregate View to get segregated view (you now manage one key at a time)
2. Go to Keys & Addresses
3. Click + and choose Random to create a new random (strong) key
4. Give the new key a name, e.g. "Migration 1" (long press it and click Set Label)
5. Select one of your old keys
6. Go to Balance view
7. Click Send and choose "Migration 1" from the address book as the receiver
8. Click MAX to send the full amount (swipe), Next, Send
9. Go to Keys & Addresses
10. Long press the old key that you just swiped and select Archive.

Repeat for each key

Finally go to settings and enable Aggregate View.

Note: If you have selected an archived key and go into the balance view you will only see the balance of that key.

Mycelium let's you hold your private keys private.
Rassah
Legendary
*
Offline Offline

Activity: 1624


Director of Bitcoin100


View Profile
August 12, 2013, 04:06:20 AM
 #557

After all this madness is done with, will you guys be able to add a deterministic key feature to allow for a new Bitcoin address for every change transaction?

molecular
Donator
Legendary
*
Offline Offline

Activity: 2142



View Profile
August 12, 2013, 06:12:12 AM
 #558

Jan, you should change the thread title to "BitcoinSpinner / Mycelium".

It's confusing... I take it your last posts are about Mycelium?

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 12, 2013, 10:01:14 AM
 #559

After all this madness is done with, will you guys be able to add a deterministic key feature to allow for a new Bitcoin address for every change transaction?

Using new deterministic addresses for every transaction is quite tricky with the model that we use. Instead of downloading the blockchain we query a server for the unspent outputs of the addresses we are interested in. If the number of addresses grows infinitely something is bound to break down. Andreas has some nifty ideas on how to mitigate that, so this is something we will investigate.

Mycelium let's you hold your private keys private.
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 12, 2013, 10:05:53 AM
 #560

Jan, you should change the thread title to "BitcoinSpinner / Mycelium".

It's confusing... I take it your last posts are about Mycelium?

Done. Mycelium should really have its own thread. I'll look into that once all this is sorted out.

In other news: An update for BitcoinSpinner is in the works. Everything has been coded and tested. I am just waiting for the signer to verify and sign the APK. It will be published later today.

Mycelium let's you hold your private keys private.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 [28] 29 30 31 32 33 34 35 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!