All Bitcoin Wallets On Android Vulnerable To Theft 137
judgecorp writes "Bitcoin users have been warned that storing them in a wallet app on Android is insecure, A weakness in Android's random number generator means its random numbers may not be so random, giving attackers a chance of breaking into the wallet. those with Bitcoins have been advised to put them elsewhere, by bitcoin.org"
Re:How can an OS have such a fundamental problem? (Score:5, Insightful)
It is both a solved problem and an ignored problem. I find that I have to explain the risks of not using proper random numbers for anything cryptographic time and again even to customers with experience in using cryptography. I blame the CS and programmer education, which is still badly broken when it comes to security.
Re:Random numbers on a mobile device (Score:5, Insightful)
The problem is not doing it right once you understand the issue. The problem is understanding the issue.
Re:How can an OS have such a fundamental problem? (Score:5, Insightful)
This doesn't mean you throw in the towel. There are bad PRNG algorithms and better PRNG algorithms, and it's worth using better ones.
Plus, these devices have so many sensors that finding a fairly complex and truly random seed isn't all that difficult. Then throw the seed into a good PRNG and it becomes practically impossible to decode the seed values and, thus, produce any mechanism for finding patterns in the seed data.
Re:How can an OS have such a fundamental problem? (Score:5, Insightful)
The problem isn't doing it, the problem is in getting the "random needs effort" message though thick developer's skulls.
(Same as most other cryptographic problems, eg. correctly implementing AES isn't what makes your code secure, it's only the very first step...)