安卓比特币钱包被曝重大漏洞及修复方案
在安卓(Android)系统上使用比特币钱包的同学要注意了,几个小时前该系统的比特币钱包被爆出有重大安全隐患。由于安卓系统比特币钱包的随机数发生器存在严重缺陷,使得用户用该系统比特币钱包生成的公钥和私钥都是不可靠的。用户必须升级钱包或暂时将安卓钱包中的比特币转移到其他安全的地址上,比如Bitcoin-qt客户端。
| Andreas Schildbach Bitcoin Wallet | 升级补丁已经正在测试 |
| BitcoinSpinner | 升级补丁已经可用 |
| Mycelium Wallet | 升级补丁已经可用 |
| blockchain wallet | 升级补丁已经可用 |
如果你用的是上述钱包,请考虑马上采用安全措施。随机数发生器产生问题会使得钱包产生的私钥被黑客计算出来,在这种情况下最好将旧钱包中的比特币转移到bitcoin-qt或者multibit这样的客户端中。
注意:你自己不控制私钥的钱包程序不会受到影响。比如,Coinbase或MTGOX的前端程序。
bitcointalk上的说明点击这里.
bitcoin.org上面对用户的提示声明点击这里.
已经有人被偷走55个比特币,完整消息点击这里.
We recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft. Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. An incomplete list would be Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet.
In order to re-secure existing wallets, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. If you use an Android wallet then we strongly recommended you upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.
If you use Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after you upgrade. The old addresses will be marked as insecure in your address book. You will need to make a fresh backup.
Updates for other wallet apps should be released shortly.
This notice last updated: Sun Aug 10 15:24:00 UTC 2013转自比巴克
