Eine kleine Forschungsgruppe aus Warschau hat ein White Paper vorgelegt, das eine Skalierungslösung für die Ethereum-Blockchain darlegt. Damit sollen deutlich komplexere Smart Contracts möglich sein, die ein höheres Maß an Sicherheit garantieren. Sogar Ethereum-Gründer Vitalik Buterin zeigt sich interessiert an den Vorschlägen der Entwickler. Die Richtung, in die sich das neue Projekt bewegen soll, wird…Der Beitrag erschien zuerst auf .
A group of researchers released a warning on the security dangers of old bitcoin addresses that were generated via JavaScript-based wallet applications.
According to the researchers, hackers can take advantage of an old JavaScript cryptographic flaw to steal stored in such addresses. Using brute-force hacking, the private keys of such addresses can be obtained by cybercriminals and of the wallets and the bitcoins stored in them.
Insufficient Entropy in the JavaScript SecureRandom() Function
The flaw revolves around the JavaScript SecureRandom() function which can be used to generate bitcoin addresses and private keys. A bitcoin address is an alphanumeric code that begins with a ‘1’ or ‘3,’ and it specifies the destination of a bitcoin payment. It is similar to an email address. The private key is like a password, and it bears a mathematical relationship with a bitcoin address.
According to an anonymous contributor on the , the JavaScript SecureRandom() function isn’t truly random, despite the name. This assertion was also made by , a Unix system expert based in the UK and has become a on many online cryptocurrency message boards.
The general consensus that the JavaScript SecureRandom() function isn’t genuinely random is based on the low entropy level of the cryptographic keys that it generates. Entropy refers to the degree of randomness of a system, the higher the entropy, the more difficult it is for brute-force hacking to be successful.
According to Gerard, the function generates cryptographic keys that are less than 48 bits of entropy regardless of the entropy level of the seed. The JavaScript function then runs the alphanumeric key through the obsolete RC4 algorithm which is generally considered to be predictable. The predictability makes the private key vulnerable to .
Getting More Secure bitcoin Addresses
This information isn’t entirely new, Gerard revealed that he discovered discussion threads on the as early as 2013 on this particular issue. Back then, some web-based bitcoin wallets used the SecureRandom() function to generate private keys.
According to Gerard, many bitcoin addresses that were generated using the BitAddress wallet service pre-2013 and Bitcoinjs pre-2014 are most likely affected by the same vulnerability. Gerard also hinted that current wallet software that makes use of old repositories found on GitHub might also be vulnerable.
Commenting on the issue, Mustafa Al-Bassam said that many old bitcoin wallet apps made use of jsbn.js cryptographic libraries to generate bitcoin addresses. There is a high probability that the pre-2013 versions of such libraries used the vulnerable SecureRandom() function. Al-Bassam is a Ph.D. researcher at the , Computer Science Department. Gerard estimates that it would take about a week to crack the private keys of such addresses.
bitcoin holders who have such addresses are advised to create new addresses using newer tools. They should also move their funds from the old addresses to the new ones to keep them .
The post appeared first on .
