Bitcoin Forum
May 01, 2024, 06:49:35 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Local > Português (Portuguese) > Desenvolvimento & Discussões Técnicas > Randstorm, vulnerabilidade antiga em carteiras de Bitcoin
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Randstorm, vulnerabilidade antiga em carteiras de Bitcoin  (Read 60 times)
sabotag3x (OP)
Legendary
*
Offline Offline

Activity: 2520
Merit: 2169


Crypto Swap Exchange


View Profile
November 14, 2023, 05:15:36 PM
Merited by TryNinja (1), bitmover (1)
 #1
Para quem gosta dessas vulnerabilidades, encontraram mais uma e deram o nome de Randstorm.

Resumindo, afeta carteiras criadas entre 2011-2015 (blockchain.info, brainwallet, bitgo, bitaddress, etc).. estima-se que US$ 1,2 a 2,1 bilhões estejam em risco.


Carteiras afetadas.

Fonte: https://www.unciphered.com/blog/disclosure-of-vulnerable-bitcoin-wallet-library
Mais informações: https://www.unciphered.com/blog/randstorm-you-cant-patch-a-house-of-cards
Outro link: https://www.unciphered.com/randstorm
█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████		▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
1714546175
Hero Member
*
Offline Offline

Posts: 1714546175

View Profile Personal Message (Offline)

Ignore
1714546175
1714546175
Reply with quote  #2
1714546175
Report to moderator
1714546175
Hero Member
*
Offline Offline

Posts: 1714546175

View Profile Personal Message (Offline)

Ignore
1714546175
1714546175
Reply with quote  #2
1714546175
Report to moderator
1714546175
Hero Member
*
Offline Offline

Posts: 1714546175

View Profile Personal Message (Offline)

Ignore
1714546175
1714546175
Reply with quote  #2
1714546175
Report to moderator
I HATE TABLES I HATE TABLES I HA(╯°□°)╯︵ ┻━┻ TABLES I HATE TABLES I HATE TABLES
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1714546175
Hero Member
*
Offline Offline

Posts: 1714546175

View Profile Personal Message (Offline)

Ignore
1714546175
1714546175
Reply with quote  #2
1714546175
Report to moderator
TryNinja
Legendary
*
Offline Offline

Activity: 2814
Merit: 6974



View Profile WWW
November 14, 2023, 06:55:51 PM
 #2
Pelo menos parece ser menos mal do que a última do leite triste. Grin

Quote
[...] however, the amount of work necessary to exploit wallets varies significantly and, in general, considerably increases over time. That is to say, as a rule, impacted wallets generated in 2014 are substantially more difficult to attack than impacted wallets generated in 2012.

Novamente é um problema de baixa entropia nos algoritimos de randomização. Tongue

Detalhe que vários dos afetados já tinham realizado mudanças que acabaram dificultando o exploit em carteiras geradas depois de certos períodos. A Blockchain.info realizou melhoras em 2014, por exemplo.

E claro, as maravilhas do open-source:
.
.HUGE.
▄██████████▄▄
▄█████████████████▄
▄█████████████████████▄
▄███████████████████████▄
▄█████████████████████████▄
███████▌██▌▐██▐██▐████▄███
████▐██▐████▌██▌██▌██▌██
█████▀███▀███▀▐██▐██▐█████
▀█████████████████████████▀
▀███████████████████████▀
▀█████████████████████▀
▀█████████████████▀
▀██████████▀▀
█▀▀▀▀











█▄▄▄▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINSPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀▀█











▄▄▄▄█
bitmover
Legendary
*
Offline Offline

Activity: 2282
Merit: 5914


bitcoindata.science


View Profile WWW
November 16, 2023, 06:16:00 PM
 #3
Curioso que em um dos links eu vi uma explicação que a vulnerabilidade tem a ver com a função Math.random()

Nem sou especialista nisso  mas no pouco que já estudei de numeros e criptografia em javascript , todo lugar fala pra não usar essa função. Daí uma lib enorme, que todo software de carteiras de bitcoin utiliza,  esta la usando essa funcao  Cheesy,


Quote
The source of the vulnerability is the SecureRandom() function found in the JSBN javascript library, combined with weaknesses that existed in major browser implementations of Math.random().

Olha o alerta bem no começo da página
Quote
https://developer.mozilla.org/pt-BR/docs/Web/JavaScript/Reference/Global_Objects/Math/random

Nota: Math.random() não gera números criptograficamente seguros. Não a use para nada relacionado a segurança. Use a API Web Crypto, mais precisamente o método window.crypto.getRandomValues()
.
.BLACKJACK ♠ FUN.		█████████
██████████████
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
████████████████
░██████████████
████████████
███████████████░██
██████████		CRYPTO CASINO &
SPORTS BETTING
▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
█████████
.
Pages: [1]
  Print  
Bitcoin Forum > Local > Português (Portuguese) > Desenvolvimento & Discussões Técnicas > Randstorm, vulnerabilidade antiga em carteiras de Bitcoin
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!