Crypntos Unaffected by Android SecureRandom Flaw

August 17th, 2013 | Comment?

Some of you may have heard about the recent massive Bitcoin theft caused primarily by a flaw in Android’s Java Cryptography Architecture. After reviewing Google’s blog post about the flaw, I can confirm that Cryptnos for Android should be unaffected by it. Although the JCA is referenced by some third-party code in a library we use, Cryptnos doesn’t use any random numbers generated by this library or by the JCA directly. All of our cryptographic hashes and generated passwords rely on user-provided inputs, so the PRNGs are never called.

Tags: ,


You can skip to the end and leave a response. Pinging is currently not allowed.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

You must be logged in to post a comment.