Bitcoin Forum
June 20, 2018, 12:45:44 AM *
News: Latest stable version of Bitcoin Core: 0.16.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: What is the RNG method of Mycelium?  (Read 1476 times)
BusyBeaverHP
Full Member
***
Offline Offline

Activity: 210
Merit: 100


View Profile
September 02, 2014, 02:41:32 AM
 #1

I've been using Mycelium phone wallet to help out the local bitcoin economy for a week now. It's easy to use and I can't think of anything else to improve upon. I am curious to know what is the method used to generate the random values for private keys?

The reason why I'm asking is because I saw a 2013 article about a flaw in Android's RNG that makes private key generation on such platform vulnerable to theft. I'm sure Mycelium has accounted for this, but I'd like to know its RNG method.
1529455544
Hero Member
*
Offline Offline

Posts: 1529455544

View Profile Personal Message (Offline)

Ignore
1529455544
Reply with quote  #2

1529455544
Report to moderator
1529455544
Hero Member
*
Offline Offline

Posts: 1529455544

View Profile Personal Message (Offline)

Ignore
1529455544
Reply with quote  #2

1529455544
Report to moderator
1529455544
Hero Member
*
Offline Offline

Posts: 1529455544

View Profile Personal Message (Offline)

Ignore
1529455544
Reply with quote  #2

1529455544
Report to moderator
The World's Betting Exchange

Bet with play money. Win real Bitcoin. 5BTC Prize Fund for World Cup 2018.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1529455544
Hero Member
*
Offline Offline

Posts: 1529455544

View Profile Personal Message (Offline)

Ignore
1529455544
Reply with quote  #2

1529455544
Report to moderator
Newar
Legendary
*
Offline Offline

Activity: 1316
Merit: 1000


https://gliph.me/hUF


View Profile
September 02, 2014, 07:59:19 AM
 #2

You are referring to this?

https://bitcoin.org/en/alert/2013-08-11-android


Some more info here: http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html

OTC rating | GPG keyid 1DC91318EE785FDE | Gliph: lightning bicycle tree music | Mycelium, a swift & secure Bitcoin client for Android | LocalBitcoins
Jan
Legendary
*
Offline Offline

Activity: 1043
Merit: 1000



View Profile
September 02, 2014, 01:15:16 PM
 #3

On android Mycelium uses /dev/urandom directly to pull random data. This way we are not affected by SecureRandom's buggy implementation.

Mycelium let's you hold your private keys private.
apetersson
Hero Member
*****
Offline Offline

Activity: 666
Merit: 500



View Profile
September 02, 2014, 02:09:43 PM
 #4

more specifically, we use the code

https://github.com/mycelium-com/wallet/blob/master/public/mbw/src/main/java/com/mycelium/wallet/AndroidRandomSource.java

this is the random source used for all crypto operations (generating privkeys, generating R values in Transactions)

https://github.com/mycelium-com/wallet/blob/master/public/bitlib/src/main/java/com/mrd/bitlib/crypto/PrivateKey.java#L43
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!