For those developers who are using the Bitcoin SCI library (maybe others too, I
found two total and could only make contact with one), I would advise that you
review how your software handles private key creation.
Up until today, the Bitcoin SCI library used the Mersenne Twister PRNG or the
GMP library's PRNG directly to generate private keys. This has been somewhat
resolved in the most recent version (October 27th), but only for the
createNewMiniKey() function. Even if you haven't been using this library, it
would be a fine oportunity to check your key generation functions if you do not
interface directly with bitcoind.
Affected keys have 32bits of entropy, possibly up to 56bits depending on the
build of PHP, a low enough amount that would allow GPU based attacks on keys
in the lower ranges.
I do not know how many keys have been created using either function
.
I also don't share the authors optimism that this isn't an issue.
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
