I learned many things last week but the highlight was learning how to generate random IV to actually secure my cryptography operations. In 2013 Bitcoin theft occurred owing to generation of non-random IV’s. Reading up on many resources, I found out that there was a bug in generation of random numbers in JCA (Java cryptography architecture) until Android API version 4.1 which lead to bitcoins being stolen from android wallets. The bug has since been patched. Above API 21 SecureRandom is used to generate IV. It uses a NativePRNG technique with true random seed from /dev/random and uses /dev/urandom to generate cryptographically strong random number for IV.
Resources:
I learned many things last week but the highlight was learning how to generate random IV to actually secure my cryptography operations. In 2013 Bitcoin theft occurred owing to generation of non-random IV’s. Reading up on many resources, I found out that there was a bug in generation of random numbers in JCA (Java cryptography architecture) until Android API version 4.1 which lead to bitcoins being stolen from android wallets. The bug has since been patched. Above API 21 SecureRandom is used to generate IV. It uses a NativePRNG technique with true random seed from /dev/random and uses /dev/urandom to generate cryptographically strong random number for IV.
Resources:
Shameless promotion:
For anyone interested, I wrote a weekly update encapsulating things I did last week. Check it out. Link