Who would be the best person to interview who could explain this issue and
workaround/resolution?

I'd like to get an audio segment for the Let's Talk Bitcoin show ASAP, as
this will be a big concern for many users who will not know what to do or
be able to understand the problem.

Any volunteers for a 15 min audio interview in the next 2 days?


On Sun, Aug 11, 2013 at 9:28 AM, Mike Hearn <mike@plan99.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hello,
>
> I hope you are having a pleasant weekend. A few days ago we learned
> that the Android implementation of the Java SecureRandom class
> contains multiple severe vulnerabilities. As a result all private keys
> generated on Android phones/tablets are weak and some signatures have
> been observed to have colliding R values, allowing the private key to
> be solved and money to be stolen.
>
> The public security alert is here:
>
> http://bitcoin.org/en/alert/2013-08-11-android
>
> I will shortly post in the bitcointalk forums as well.
>
> An update for the Bitcoin Wallet app has been prepared that bypasses
> the system SecureRandom implementation and reads directly from
> /dev/urandom instead, which is believed to be functioning correctly.
> All unspent outputs in the wallet are then respent to this new key.
>
> The process is automatic and does not involve user intervention.
> Andreas can control the process via a percentage throttle, which we
> will use to slow things down if the memory pool load gets too high.
>
> A fixed APK is available here:
>
>
> https://code.google.com/p/bitcoin-wallet/downloads/detail?name=bitcoin-wallet-3.15-beta.apk&can=2&q=
>
> Andreas plans to release this to beta either today or tomorrow. Once
> some reasonable population of users has completed testing the
> automated re-keying process, it will be released via the Play Store.
> All users will get a notification informing them of the new version
> and some will be upgraded automatically.
>
> Other wallet maintainers have also been notified and are working on
> similar updates.
>
> thanks
> - -mike
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBCgAGBQJSB7udAAoJEPLkhhyZiIFvv7QIAJQf5AqpNdo0hWSubvcXu6H9
> QoYJllZRb3KhjDEaFU5xinvrN3co6mqRqctbhP2JplrwebEczd8GN4jJZyn90oES
> 7oydQsnYGyO1+W64dnMjOXSCsvIerAv1TuYDIeRmVFlWzXEAbEK3QTB7G/qciF5x
> YNh5M94HYFTCTzDwc3oCHJQUzbl/X/BwPS8TITmEZ3gfYDi+hoyUmHlZukjtFZf+
> /ukDqzWPswscUseuXlUqfu7EMbV0cFO2niCwuTsmkvxkjsz35bPD1LxMYmm1qEjw
> FeKINcws74okK7pnAqsHYIiP0d64zOwfQFJqfFyek18f0LSqYf32h3h1F8GbmJU=
> =bZtl
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite!
> It's a free troubleshooting tool designed for production.
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>