0

"The problem that led to the vulnerability was reportedly wallets generated with previously used 'R-values' in formulas that generate random numbers, meaning a hacker could use the public address to calculate its private keys. If R-values are unique, this should be impossible." - CoinDesk.

https://github.com/blockchain/My-Wallet/commit/98d5a7ca59ef04d06ac6aee468634b12975a0f5c reference: http://www.coindesk.com/hacker-returns-225-btc-taken-blockchain-wallets/

"For those interested. The bug was caused by missing line 29 and not initialising rng_pptr to 0. This commit was force pushed over." - ZooTreeves.

wouldn't rng_pptr be some random number if it wasn't initialized? Why would it be exploitable then?

Greed
  • 1
  • 1

1 Answers1

1

In many programming languages, the value of an uninitialized value is undefined but not random. When uninitialized memory would be an acceptable source of randomness, we wouldn't need actual random number generators, as we could just use uninitialized memory for that purpose.

Usually uninitialized memory gets the value which was previously written to that memory location the last time it was allocated. While it is hard to predict for the programmer what could be there, depending on how the program works and how the compiler interpreted it, it is possible that an uninitialized variable always gets the same value with every run of the program. It is also possible that the value always depends on the value of some seemingly unrelated variable. And even when neither is the case, some values are simply much more common in memory than others.

Philipp
  • 48,867
  • 8
  • 127
  • 157
  • I see, I am still not sure how it'd lead to such a problem as wouldn't it be possible to just try and crack the number used? – Greed Dec 12 '14 at 17:13