[guardian-dev] Android SecureRandom bug mitigation
Abel Luck
abel at guardianproject.info
Mon Aug 12 15:21:19 EDT 2013
Does anyone have any bona fide information as to what the flaw/weakness
actually is?
I haven't found anything yet, and the BTC devs don't seem to be
releasing much information.
None of the bitcoin apps affected were seeding SecureRandom, so that
wasn't the issue.
The armoredbarista link also didn't find any issues that would apply to
SecureRandom used in BC, so that's not it.
What is the weakness?
There's some interesting discussion of at HN [0] about this, so far it's
unclear. If this is truly an Android bug, as opposed to a bug in Android
bitcoin apps, then this is a much bigger deal.
~abel
[0]: https://news.ycombinator.com/item?id=6195493
Nathan of Guardian:
>
> Already digging into this, but would love some help thinking about how
> this issue (Weaknesses in Java Pseudo Random Number Generators (PRNGs)):
> http://armoredbarista.blogspot.ch/2013/03/randomly-failed-weaknesses-in-java.html
>
> might affect our various apps.
>
> I am guessing it will mostly affect OTR4J, and other apps where we do
> key generation in Java.
>
> +n
>
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
> Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/abel%40guardianproject.info
>
> You are subscribed as: abel at guardianproject.info
>
More information about the Guardian-dev
mailing list