#1 Source for Leaks Around the World!

“Ironically, Thieves Are Playing a Role in Securing Bitcoin and Associated Algorithms from NSA Tampering”

In Archive, Bitcoin, NSA, Science & Technology on September 8, 2013 at 1:11 AM

hacker

09/05/2013

Jeff Garzik/GarzikRants:

Bitcoin is rather unique in that everyone in the world has a direct financial incentive for finding weak ECDSA private keys.  Compromise a key, and you may steal those bitcoins.

Now, recall a recent security incident:  “Concern mounts as Google confirms Android cryptographic vulnerability”

While there is zero evidence to support the following speculation, let us reconsider this Android SecureRandom bug in light of today’s revelations about NSA decryption on the Internet (bullrun).

Is it possible that SecureRandom() was known to be weak by the NSA, and that bitcoin thieves simply stumbled upon the security hole first?

Even entirely innocent engineering bugs are likely to be discovered by anyone with the time to iterate across all known weaknesses and platforms.  Random number generators are a known vector for weaknesses in the past, after all.

By extension, will bitcoin — and the financial incentive to break bitcoin crypto — reveal other NSA backdoors in ECDSASHA256RIPEMD160, and other algorithms and libraries used by bitcoin?

Thieves are likely to exploit any flaws immediately, and move stolen loot to another private key.  The NSA, on the other hand, is likely to avoid exploiting any weaknesses until key moments.

Thus, ironically, thieves are playing a role in securing bitcoin and associated algorithms from NSA, Chinese, Russian or mafia tampering.

Was the SecureRandom() bug a now-revealed NSA backdoor?  It can never be known.  But you can thank bitcoin for exposing the problem and leading to immediate fixes, and drawing attention to weak RNG issues.

Related Link: Study: Bitcoin Not Quite Anonymous

About these ads
  1. […] Related Link: “Ironically, Thieves Are Playing a Role in Securing Bitcoin and Associated Algorithms from NSA… […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: