Mastodon

Blockchain.info Random Number Flaw Leads to Additional Bitcoin Thefts

For a second time in as many weeks, users of mobile bitcoin wallets have become vulnerable to a random number generator that exposed their private keys in transactions. Transferring bitcoin requires signing a transaction with a private key, in combination with a random number that is generated by whatever software is sending the transaction. The private key is what allows a user sole access to spending bitcoins in their address. If a random number is not actually random but predictable or repeated, then a careful observer can reverse-engineer the user’s private key and gain access to all bitcoins in that address. A vulnerability was reported in Android’s SecureRandom last week which has since been repaired. It was recently brought to light that a similar issue occurred in Blockchain.info’s web wallet, which was repaired yesterday. Several users reported bitcoins disappearing from their wallet. Upon careful inspection it was determined that the same random value was used to sign transactions in these addresses and that all of the transactions were initiated from…

The post Blockchain.info Random Number Flaw Leads to Additional Bitcoin Thefts appeared first on The Genesis Block.

For a second time in as many weeks, users of mobile bitcoin wallets have become vulnerable to a random number generator that exposed their private keys in transactions. Transferring bitcoin requires signing a transaction with a private key, in combination with a random number that is generated by whatever software is sending the transaction. The private key is what allows a user sole access to spending bitcoins in their address. If a random number is not actually random but predictable or repeated, then a careful observer can reverse-engineer the user’s private key and gain access to all bitcoins in that address. A vulnerability was reported in Android’s SecureRandom last week which has since been repaired. It was recently brought to light that a similar issue occurred in Blockchain.info’s web wallet, which was repaired yesterday. Several users reported bitcoins disappearing from their wallet. Upon careful inspection it was determined that the same random value was used to sign transactions in these addresses and that all of the transactions were initiated from…

The post Blockchain.info Random Number Flaw Leads to Additional Bitcoin Thefts appeared first on The Genesis Block.