Some of you may have heard about the recent massive Bitcoin theft caused primarily by a flaw in Android’s Java Cryptography Architecture. After reviewing Google’s blog post about the flaw, I can confirm that Cryptnos for Android should be unaffected by it. Although the JCA is referenced by some third-party code in a library we use, Cryptnos doesn’t use any random numbers generated by this library or by the JCA directly. All of our cryptographic hashes and generated passwords rely on user-provided inputs, so the PRNGs are never called.
Tags: Android, News