Posts

Showing posts with the label Bitcoin

Understanding Blockchain : The theory and the threats

Image
In this post I'll break down some key aspects of what makes a blockchain, blocky and chainy. I'll also break out some ideas I have on what threatens block chain applications in design an implementation potentially speaking.

What is the blockchain? Blockchain applications essentially provides a means to orchestrate transactions based on something called a "state-machine" that propagates and maintains global addressable list of all transactions ever.  Essentially folks needed a way for all agreements of a given theme based on the value of something to follow a strict grammar and language i.e. based on principles that "this thing" must appear before "this thing" rules that follow this format are great for language based machines like state machines. After all we designed computers and all formal definitions so far on these properties, they are such powerful means of scrying computation out of nature we are applying them to quantum bodies in profound…

More Details on the Android JCA PRNG Flaw

Image
I've spent a couple days reading the source code for the Pseudo Random number generators in Android mostly because there aren't many breakdowns of the vulnerability around, none that walk through the code explicitly anyway. After some discussion with some people from the Android Security Discussion Google Group I realized that the issue goes a little deeper than  just the super calls and constructor definition as I previously thought.

I was also mislead by grepcode---the site I was using to read the code---since it it wasn't directing me to the Android SecureRandom Implementation but rather OpenJDK!

So I thought I'd correct myself re-post about the issue and study the code directly from the Android repo namely ( https://android.googlesource.com/platform/libcore/+/jb-release/luni/src/main/java/java/security/SecureRandom.java )

Details on the Android JCA PRNG Flaws

Recently some bitcoin wallets suffered an attack that made use of a critical flaw in the way Java's Cryptography Architecture is implemented in Android. The following post discusses some of the technical details of the flaw by interpreting the code that causes the issue.

UPDATE: A more up to scratch attempt at explaining the vulnerability can be found here http://blog.k3170makan.com/2013/08/more-details-on-android-jca-prng-flaw.html