random number generator issue

Dmitriy Nikandrov dmitriy.nikandrov at gmail.com
Fri Aug 30 17:37:45 UTC 2013


Hi all,

have you heard of last issue with theft of coins from bitcoin wallet
installed on Android?

It is caused by dalvik's buggy *pseudorandom number generator* (*PRNG*)
component - the generated numbers can be the same - this ruins security of
all user apps relying on that PRNG.

And what is more interesting - there is rumors that Intel & AMD may also
intentionally "tune" their CPU's PRNG to provide really not so random
numbers - in favor of different gov organisations, making tools like PGP
meaningless.

Did anybody study this?

It is important to check Intel's and AMD's PRNG realization, to check if
they are doing what they should.


Regards,
Dmitriy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20130830/b110eeea/attachment.html>


More information about the Replicant mailing list