Bitcoin Forum
October 19, 2017, 08:10:19 PM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: What is the RNG method of Mycelium?  (Read 1456 times)
BusyBeaverHP
Full Member
***
Offline Offline

Activity: 192


View Profile
September 02, 2014, 02:41:32 AM
 #1

I've been using Mycelium phone wallet to help out the local bitcoin economy for a week now. It's easy to use and I can't think of anything else to improve upon. I am curious to know what is the method used to generate the random values for private keys?

The reason why I'm asking is because I saw a 2013 article about a flaw in Android's RNG that makes private key generation on such platform vulnerable to theft. I'm sure Mycelium has accounted for this, but I'd like to know its RNG method.
1508443819
Hero Member
*
Offline Offline

Posts: 1508443819

View Profile Personal Message (Offline)

Ignore
1508443819
Reply with quote  #2

1508443819
Report to moderator
1508443819
Hero Member
*
Offline Offline

Posts: 1508443819

View Profile Personal Message (Offline)

Ignore
1508443819
Reply with quote  #2

1508443819
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508443819
Hero Member
*
Offline Offline

Posts: 1508443819

View Profile Personal Message (Offline)

Ignore
1508443819
Reply with quote  #2

1508443819
Report to moderator
1508443819
Hero Member
*
Offline Offline

Posts: 1508443819

View Profile Personal Message (Offline)

Ignore
1508443819
Reply with quote  #2

1508443819
Report to moderator
1508443819
Hero Member
*
Offline Offline

Posts: 1508443819

View Profile Personal Message (Offline)

Ignore
1508443819
Reply with quote  #2

1508443819
Report to moderator
Newar
Legendary
*
Offline Offline

Activity: 1246


https://gliph.me/hUF


View Profile
September 02, 2014, 07:59:19 AM
 #2

You are referring to this?

https://bitcoin.org/en/alert/2013-08-11-android


Some more info here: http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html

OTC rating | GPG keyid 1DC91318EE785FDE | Gliph: lightning bicycle tree music | Mycelium, a swift & secure Bitcoin client for Android | LocalBitcoins
Jan
Legendary
*
Offline Offline

Activity: 1043



View Profile
September 02, 2014, 01:15:16 PM
 #3

On android Mycelium uses /dev/urandom directly to pull random data. This way we are not affected by SecureRandom's buggy implementation.

Mycelium let's you hold your private keys private.
apetersson
Hero Member
*****
Offline Offline

Activity: 666



View Profile
September 02, 2014, 02:09:43 PM
 #4

more specifically, we use the code

https://github.com/mycelium-com/wallet/blob/master/public/mbw/src/main/java/com/mycelium/wallet/AndroidRandomSource.java

this is the random source used for all crypto operations (generating privkeys, generating R values in Transactions)

https://github.com/mycelium-com/wallet/blob/master/public/bitlib/src/main/java/com/mrd/bitlib/crypto/PrivateKey.java#L43
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!