The Register: Man Hunts Insufficiently Random Nonces, Wallets Vulnerable

According the The Register, Filippo Valsorda has released a tool which uncovers transactions that leak private keys on the Bitcoin blockchain. The tool is called Blockchainr and is available on Github. The attack highlighted is the same one which last year lead to the emptying of a number of wallets on the Android platform in which insufficiently random nonces in ECDSA signatures leave private keys solvable. Valsorda noted that the wallet's dependency on the user's web browser to provide a random nonce leaves it vulnerable to this avenue of attack. Previously Valsorda released a tool which checks for vulnerability to the Heartbleed defect.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>