Recently, the British David Gerard, author of "attack of the 50-foot blockchain" and security expert in Unix software company, announced that the old bitcoin addresses are created using a JavaScript application can contain a bug that allows hackers to obtain information about private keys and steal the funds. On the same issue was reported by an anonymous source on the resource linuxfoundation. Error is contained in a JavaScript function SecureRandom — the random combinations (private keys), which, as it turns out, is not enough random — they can be calculated. The bitcoin address is the alphanumeric code starting with a one or three. This address is something like e-mail addresses and the private key is like a password. So, due to the bug of the application generated addresses are low entropy. Entropy (in this case) is the degree of randomness of the generated keys. The higher the entropy, the harder it is to crack the wallet. Gerard said that JavaScript SecureRandom generates a cryptographic key with entropy at least 48 bits, which makes the secret key secret and vulnerable. According to Gerard, this vulnerability addresses created using BitAddress to 2013, and Bitcoinjs to 2014. Holders of bitcoins who keep the funds in these addresses are advised to create new addresses using the new tools.
Sort: Trending