Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
	helo=mx.sourceforge.net)
	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <mh.in.england@gmail.com>) id 1V8YVE-0000UA-7g
	for bitcoin-development@lists.sourceforge.net;
	Sun, 11 Aug 2013 16:28:24 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.215.178 as permitted sender)
	client-ip=209.85.215.178; envelope-from=mh.in.england@gmail.com;
	helo=mail-ea0-f178.google.com; 
Received: from mail-ea0-f178.google.com ([209.85.215.178])
	by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1V8YVC-0000Jb-Eu
	for bitcoin-development@lists.sourceforge.net;
	Sun, 11 Aug 2013 16:28:24 +0000
Received: by mail-ea0-f178.google.com with SMTP id a15so2924951eae.23
	for <bitcoin-development@lists.sourceforge.net>;
	Sun, 11 Aug 2013 09:28:16 -0700 (PDT)
X-Received: by 10.14.69.206 with SMTP id n54mr21703299eed.118.1376238496079;
	Sun, 11 Aug 2013 09:28:16 -0700 (PDT)
Received: from waterford.local (84-75-251-165.dclient.hispeed.ch.
	[84.75.251.165])
	by mx.google.com with ESMTPSA id a4sm49545603eez.0.2013.08.11.09.28.14
	for <bitcoin-development@lists.sourceforge.net>
	(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Sun, 11 Aug 2013 09:28:15 -0700 (PDT)
Sender: Mike Hearn <mh.in.england@gmail.com>
Message-ID: <5207BB9D.3090701@plan99.net>
Date: Sun, 11 Aug 2013 18:28:13 +0200
From: Mike Hearn <mike@plan99.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8;
	rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(mh.in.england[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1V8YVC-0000Jb-Eu
Subject: [Bitcoin-development] Android key rotation
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mike@plan99.net
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sun, 11 Aug 2013 16:28:24 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello,

I hope you are having a pleasant weekend. A few days ago we learned
that the Android implementation of the Java SecureRandom class
contains multiple severe vulnerabilities. As a result all private keys
generated on Android phones/tablets are weak and some signatures have
been observed to have colliding R values, allowing the private key to
be solved and money to be stolen.

The public security alert is here:

http://bitcoin.org/en/alert/2013-08-11-android

I will shortly post in the bitcointalk forums as well.

An update for the Bitcoin Wallet app has been prepared that bypasses
the system SecureRandom implementation and reads directly from
/dev/urandom instead, which is believed to be functioning correctly.
All unspent outputs in the wallet are then respent to this new key.

The process is automatic and does not involve user intervention.
Andreas can control the process via a percentage throttle, which we
will use to slow things down if the memory pool load gets too high.

A fixed APK is available here:

https://code.google.com/p/bitcoin-wallet/downloads/detail?name=bitcoin-wallet-3.15-beta.apk&can=2&q=

Andreas plans to release this to beta either today or tomorrow. Once
some reasonable population of users has completed testing the
automated re-keying process, it will be released via the Play Store.
All users will get a notification informing them of the new version
and some will be upgraded automatically.

Other wallet maintainers have also been notified and are working on
similar updates.

thanks
- -mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCgAGBQJSB7udAAoJEPLkhhyZiIFvv7QIAJQf5AqpNdo0hWSubvcXu6H9
QoYJllZRb3KhjDEaFU5xinvrN3co6mqRqctbhP2JplrwebEczd8GN4jJZyn90oES
7oydQsnYGyO1+W64dnMjOXSCsvIerAv1TuYDIeRmVFlWzXEAbEK3QTB7G/qciF5x
YNh5M94HYFTCTzDwc3oCHJQUzbl/X/BwPS8TITmEZ3gfYDi+hoyUmHlZukjtFZf+
/ukDqzWPswscUseuXlUqfu7EMbV0cFO2niCwuTsmkvxkjsz35bPD1LxMYmm1qEjw
FeKINcws74okK7pnAqsHYIiP0d64zOwfQFJqfFyek18f0LSqYf32h3h1F8GbmJU=
=bZtl
-----END PGP SIGNATURE-----