[liberationtech] Google confirms critical Android crypto flaw
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Thu Aug 15 03:24:46 PDT 2013
Il 8/15/13 6:07 AM, Nadim Kobeissi ha scritto:
> Hey Libtech,
> Hot on the heels of last week's Bitcoin wallet for Android heist,
> Google has confirmed that this was due to a critical crypto flaw in
> Android
All Mobile Security Applications should not rely on standard RNG of the
OS but fetch precious and better source of randomness available on those
devices:
- Microphone Audio Sample
On a commercial product i worked on in past the RNG has been always feed
with Noise from Microphone.
To get more in depth:
- The Sources of Randomness in Mobile Devices
http://www.fi.muni.cz/usr/matyas/RNG_nordsec07_cameraReady.pdf
- The Sources of Randomness in Smartphones with Symbian OS
http://www.fi.muni.cz/~xkrhovj/lectures/2007_SPI_Sources_of_Randomnes_in_Smartphones_slides.pdf
- ZRTP Standard 4.8 section
https://tools.ietf.org/html/rfc6189#section-4.8
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130815/e7dd7d55/attachment.html>
More information about the liberationtech
mailing list