Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <201308121642.r7CGfxpj019114@linus.mitre.org>
Date: Mon, 12 Aug 2013 12:41:59 -0400 (EDT)
From: cve-assign@...re.org
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: pending Bitcoin/Android CVE assignments

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MITRE is currently working on third-party CVE requests related to a
recent Bitcoin/Android issue that might (or might not) be related to
other open-source products such as Bouncy Castle products. We'll send
another message here after we have CVE assignments or another outcome.

Our preference is to assign the CVE IDs after there seems to be
agreement among security researchers about how many different
vulnerabilities contribute to the problem. Ultimately, the observed
problem seems to be:

  https://bitcointalk.org/index.php?topic=271486.0

  Several people have reported their BTC stolen ... It has been
  noticed that the coins are all transferred in a few hours after a
  client improperly signs a transaction by reusing the same random
  number.


Here is an example reference that suggests more than one
vulnerability:

  https://code.google.com/p/bitcoin-wallet/source/detail?name=bitcoinj-0.10&r=04d2044880d88107ee4a939a516fb4be4cedeaf9#

Other information we are currently considering includes:

https://news.ycombinator.com/item?id=6195902 and
http://android-developers.blogspot.com/2013/02/using-cryptography-to-store-credentials.html
suggest that they are a communication from the "Android Developer
Relations team" stating "This was fixed in Android 4.2 when we
switched from BouncyCastle to OpenSSL as the underlying crypto
provider. I don't know why you'd still be seeing this on Android 4.2."

https://bitcointalk.org/index.php?topic=271486.msg2910339#msg2910339
and
http://www.nilsschneider.net/2013/01/28/recovering-bitcoin-private-keys.html
refer to "The same k will lead to the same x1 coordinate, which will
lead to the same r."

http://armoredbarista.blogspot.com.au/2013/03/randomly-failed-weaknesses-in-java.html
and
http://www.scribd.com/doc/131955288/Randomly-Failed-The-State-of-Randomness-in-Current-Java-Implementations
describe multiple issues in four different products.

And, finally, https://news.ycombinator.com/item?id=6195787 says "They
[ https://bitcointalk.org/index.php?topic=271831.0 ] claim the problem
lies with 'a component of Android'. One of them told me that the
solution was to switch from using SecureRandom to reading /dev/urandom
directly. The actual source changes appear not to be public, and he
wouldn't tell me details about the issue."

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (SunOS)

iQEcBAEBAgAGBQJSCQ9QAAoJEGvefgSNfHMd1L4H/0mnG2dh7G824DxEQns2qBB3
Op1qk9FJeOzo+YL2x/lRbkGdem4UKUMS3rY9BSDJidfz8hfwfAZ6JysabUJzCkoB
YkVC2zla2dKff+6fPsm49w26Ku9DgdGuKPdX2trKJhDkCqswQ1WNyV6sZIHKP51Y
uCJBLo0TmffBZZOSH2e63AWrOT/rcClqr8G5aJHBJteNj+1eVY+dyQt/mDLVTbxW
/ZQb4aYwKI3Rfacjbf8TbOo3TsevtzcjTMQSEya0F0AHx7HJWhxHniMVyGhgCjvQ
CbobCP+uCohJzh+hSBj7v5PNMM9HA5EIQfms3lpyB8Kh0yrvT6LuER56etTpQDw=
=7Oks
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.