I am interested in learning a bit more about the current and historical state of SecureRandom in Android, specifically as it applies to elliptic curves for the key exchange in TLS. According to Mike Hearn (https://tradeblock.com/blog/security-vulnerability-in-all-android-bitcoin-wallets/) android is "weak" due to colliding R values. Because EC's security depends on a quality entropy source (http://blog.cloudflare.com/ecdsa-the-digital-signature-algorithm-of-a-better-internet/), I'm concerned about it's key exchange & authentication application in android ciphersuites. Can anyone provide some greater clarity here?
TIA, ST -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
