Bitcoin Forum
July 18, 2019, 12:21:13 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [2014-10-16] CD: Open-Source Tool Identifies Weak Bitcoin Wallet Signatures  (Read 5211 times)
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148
Merit: 1001


In Satoshi I Trust


View Profile WWW
October 16, 2014, 05:13:26 PM
 #1

Open-Source Tool Identifies Weak Bitcoin Wallet Signatures


The developer behind a program that checks for the Heartbleed vulnerability, Filippo Valsorda, has created a new tool that he says tracks down poorly secured bitcoin transactions.

...

Not everyone agrees with the conclusions, however. Armory’s CEO and founder Alan C Reiner told CoinDesk:

    “Valsorda is criticizing the globally standardized use of ECDSA, which is implemented and applied properly in our software. Since ECDSA was created, it has always required a random number generator and all software that implements it should use a random number generator. That’s part of its specification.”

...

CoinDesk also spoke to Blockchain about Valsorda’s claims. A spokesperson said:

    “This issue first came to our engineering team’s attention in August 2013. We took steps then to patch the vulnerability created by a small minority of users relying on old out-of-date web browser versions.

    Blockchain’s My-Wallet tool relies on, not one, but three sources of entropy to generate ECDSA signing keys: the browser-based RNG, mouse movement & keyboard interaction, and a server-side RNG. This protects users from out-of-date browsers with weak RNGs while maintaining the ability run a fully client-side, non-custodial wallet that is easy to use across your desktop and mobile devices.”

...

Valsorda has made his code freely available to other developers by posting it on GitHub and has called on fellow developers to address the issue, taking care in their choice of random number generators.


http://www.coindesk.com/open-source-tool-identifies-weak-bitcoin-wallet-signatures/

1563452473
Hero Member
*
Offline Offline

Posts: 1563452473

View Profile Personal Message (Offline)

Ignore
1563452473
Reply with quote  #2

1563452473
Report to moderator
1563452473
Hero Member
*
Offline Offline

Posts: 1563452473

View Profile Personal Message (Offline)

Ignore
1563452473
Reply with quote  #2

1563452473
Report to moderator
1563452473
Hero Member
*
Offline Offline

Posts: 1563452473

View Profile Personal Message (Offline)

Ignore
1563452473
Reply with quote  #2

1563452473
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1563452473
Hero Member
*
Offline Offline

Posts: 1563452473

View Profile Personal Message (Offline)

Ignore
1563452473
Reply with quote  #2

1563452473
Report to moderator
1563452473
Hero Member
*
Offline Offline

Posts: 1563452473

View Profile Personal Message (Offline)

Ignore
1563452473
Reply with quote  #2

1563452473
Report to moderator
1563452473
Hero Member
*
Offline Offline

Posts: 1563452473

View Profile Personal Message (Offline)

Ignore
1563452473
Reply with quote  #2

1563452473
Report to moderator
botany
Legendary
*
Offline Offline

Activity: 1568
Merit: 1064


View Profile
October 18, 2014, 02:00:29 AM
 #2

This is the kind of news that scares the layman.  Sad
TraderTimm
Legendary
*
Offline Offline

Activity: 2394
Merit: 1066



View Profile
October 18, 2014, 04:06:46 PM
 #3

Basically its a nerd pissing contest over whose implementation has the best entropy, or randomness. The Armory guys have always been up front about their software, and they even include tools to determine if your chosen phrase is easily cracked. I don't get what this guy has to prove, except to push his own stuff.

fortitudinem multis - catenum regit omnia
Lethn
Legendary
*
Offline Offline

Activity: 1540
Merit: 1000



View Profile WWW
October 19, 2014, 07:50:32 AM
Last edit: October 19, 2014, 08:13:34 AM by Lethn
 #4

This is the kind of news that scares the layman.  Sad


What? Because it exposes how bad they are at computer security? I think this kind of stuff is always good no matter who's it from, it'd be great to get serious competition on keeping wallets secure. Anyone who has an objective look at Bitcoin will see why this is needed because you can double check your security with stuff like this, I'd feel reassured. That said, I don't think password tools that measure password strength aren't very accurate I have my own system I use which has served me well these past couple of years since I've used it, never had any problems with accounts suddenly getting hacked.
Stifler
Member
**
Offline Offline

Activity: 66
Merit: 10


View Profile
October 19, 2014, 01:24:09 PM
 #5

This is the kind of news that scares the layman.  Sad


Better get used to it because bitcoin is going to be the victim of more and more propganda and fear-mongering attacks designed to scare off newbies or laymen etc.

Not to be confused with the user sifter Tongue.
Kprawn
Legendary
*
Offline Offline

Activity: 1750
Merit: 1058


View Profile
October 21, 2014, 06:58:09 AM
 #6

I also think, we should welcome anyone, who might shine a light on vulnerabilities in online wallet software.

The more people working on making this more secure, the better for the reputation of crypto currencies, as the whole.

I implement different strategies to distribute the risk of losing everything in one hack. Use several methods of cold storage and keep small quantities online.

There are people out there, trying constantly to hack any service related to any money. {FIAT / Credit cards / Debit cards / PayPal} so Bitcoin is not unique.  Sad

freebitcoin.TO WIN A  LAMBORGHINI!..

.
                                ▄▄▄▄▄▄▄▄▄▄███████████▄▄▄▄▄
                    ▄▄▄▄▄██████████████████████████████████▄▄▄▄
                    ▀██████████████████████████████████████████████▄▄▄
                    ▄▄████▄█████▄████████████████████████████▄█████▄████▄▄
                    ▀████████▀▀▀████████████████████████████████▀▀▀██████████▄
                      ▀▀▀████▄▄▄███████████████████████████████▄▄▄██████████
                           ▀█████▀  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  ▀█████▀▀▀▀▀▀▀▀▀▀
                   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
lihuajkl
Legendary
*
Offline Offline

Activity: 1568
Merit: 1000


View Profile
October 21, 2014, 12:56:46 PM
 #7

Good. Some vulnerable issues were  found before hackers exploit them to cause large damage.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!