re: This Week I Learned VIEW POST

VIEW FULL DISCUSSION
 

I learned many things last week but the highlight was learning how to generate random IV to actually secure my cryptography operations. In 2013 Bitcoin theft occurred owing to generation of non-random IV’s. Reading up on many resources, I found out that there was a bug in generation of random numbers in JCA (Java cryptography architecture) until Android API version 4.1 which lead to bitcoins being stolen from android wallets. The bug has since been patched. Above API 21 SecureRandom is used to generate IV. It uses a NativePRNG technique with true random seed from /dev/random and uses /dev/urandom to generate cryptographically strong random number for IV.
Resources:

  1. Some securerandom thoughts
  2. Android secure random not even nonce
  3. Helpful stack overflow question
  4. Myths about urandom
  5. SecureRandom reference
  6. Right way to use secure random

Shameless promotion:
For anyone interested, I wrote a weekly update encapsulating things I did last week. Check it out. Link

code of conduct - report abuse