From: "Andreas M. Antonopoulos" <andreas@rooteleven•com>
To: mike@plan99•net
Cc: Bitcoin Dev <bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] Android key rotation
Date: Sun, 11 Aug 2013 11:21:28 -0700 [thread overview]
Message-ID: <CAFmyj8yTCFQVBisW3sfCF_yGYhLBccXV8GX8hxseB5KAxAo71w@mail.gmail.com> (raw)
In-Reply-To: <5207BB9D.3090701@plan99.net>
[-- Attachment #1: Type: text/plain, Size: 3327 bytes --]
Who would be the best person to interview who could explain this issue and
workaround/resolution?
I'd like to get an audio segment for the Let's Talk Bitcoin show ASAP, as
this will be a big concern for many users who will not know what to do or
be able to understand the problem.
Any volunteers for a 15 min audio interview in the next 2 days?
On Sun, Aug 11, 2013 at 9:28 AM, Mike Hearn <mike@plan99•net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hello,
>
> I hope you are having a pleasant weekend. A few days ago we learned
> that the Android implementation of the Java SecureRandom class
> contains multiple severe vulnerabilities. As a result all private keys
> generated on Android phones/tablets are weak and some signatures have
> been observed to have colliding R values, allowing the private key to
> be solved and money to be stolen.
>
> The public security alert is here:
>
> http://bitcoin.org/en/alert/2013-08-11-android
>
> I will shortly post in the bitcointalk forums as well.
>
> An update for the Bitcoin Wallet app has been prepared that bypasses
> the system SecureRandom implementation and reads directly from
> /dev/urandom instead, which is believed to be functioning correctly.
> All unspent outputs in the wallet are then respent to this new key.
>
> The process is automatic and does not involve user intervention.
> Andreas can control the process via a percentage throttle, which we
> will use to slow things down if the memory pool load gets too high.
>
> A fixed APK is available here:
>
>
> https://code.google.com/p/bitcoin-wallet/downloads/detail?name=bitcoin-wallet-3.15-beta.apk&can=2&q=
>
> Andreas plans to release this to beta either today or tomorrow. Once
> some reasonable population of users has completed testing the
> automated re-keying process, it will be released via the Play Store.
> All users will get a notification informing them of the new version
> and some will be upgraded automatically.
>
> Other wallet maintainers have also been notified and are working on
> similar updates.
>
> thanks
> - -mike
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBCgAGBQJSB7udAAoJEPLkhhyZiIFvv7QIAJQf5AqpNdo0hWSubvcXu6H9
> QoYJllZRb3KhjDEaFU5xinvrN3co6mqRqctbhP2JplrwebEczd8GN4jJZyn90oES
> 7oydQsnYGyO1+W64dnMjOXSCsvIerAv1TuYDIeRmVFlWzXEAbEK3QTB7G/qciF5x
> YNh5M94HYFTCTzDwc3oCHJQUzbl/X/BwPS8TITmEZ3gfYDi+hoyUmHlZukjtFZf+
> /ukDqzWPswscUseuXlUqfu7EMbV0cFO2niCwuTsmkvxkjsz35bPD1LxMYmm1qEjw
> FeKINcws74okK7pnAqsHYIiP0d64zOwfQFJqfFyek18f0LSqYf32h3h1F8GbmJU=
> =bZtl
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite!
> It's a free troubleshooting tool designed for production.
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
[-- Attachment #2: Type: text/html, Size: 4486 bytes --]
prev parent reply other threads:[~2013-08-11 18:52 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-11 16:28 Mike Hearn
2013-08-11 18:21 ` Andreas M. Antonopoulos [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFmyj8yTCFQVBisW3sfCF_yGYhLBccXV8GX8hxseB5KAxAo71w@mail.gmail.com \
--to=andreas@rooteleven$(echo .)com \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
--cc=mike@plan99$(echo .)net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox