Important: Blockchain.info RNG vulnerability

Posted on August 21, 2013

0


Users of the very-popular web client blockchain.info should take big note that piuk has posted info on another RNG vulnerablity, this time in the Javascript-based randomness used by the wallet.

In effect, I think this is very similar to the recent Android RNG flaw, which led to random numbers being used more than once to sign transactions. In this case the entropy was lacking in the Javascript, rather than behind the scenes on the device, but the problem comes to light under the same test. And can be exploited in the same way.

As piuk notes, web users should clear their cache before using the site, and any users of the extensions should update to the latest version. piuk’s also offered to compensate anyone who’s lost coins through this issue, so maximum kudos to him.

As I said before, there will be many bumps in the road. Each bump makes the rest of the ride smoother though.

Advertisements