Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.
Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.
Already using Google+? Find us on Google+ for the latest security news.
Bitcoin is often in the news, not least because it is somewhat controversial.
It's a digital currency, backed by cryptography, not by any central issuing authority.
Its "coins" are strings of bits, and anyone can generate one, given enough time (and assuming no-one else generates the same coin first).
The calculations required to "mine" a Bitcoin are configured so that the complexity of finding them doubles every four years.
That means there's an exponential dropoff in the rate at which new Bitcoins appear, and that the supply is capped at 21 million Bitcoins.
The number remaining will quickly close in on zero, with 1/2 gone in 2012, 3/4 by 2016, 7/8 by 2020, and so on.
By about 2030, we'll be close to that asmyptotic maximum of 21 million coins.
For what it's worth, and it is rather a lot, Bitcoin exchanges currently value each Bitcoin (BTC) around US$100.
Now, creating BTCs is one thing, but buying and selling with these digital strings - actually realising that $100/BTC - is quite another matter.
In fact, if you've read any BTC-related horror stories, like the time the value on Mt Gox imploded from $15 to 1c in minutes, or the time Bitfloor was floored by cyberintruders who ran off with $250,000, it almost certainly involved to the trading infrastructure surrounding the Bitcoin algorithms, not the Bitcoin system itself.
Well, it's happened again.
You need somewhere to store your Bitcoins, and a digital wallet that uses public key cryptography is the obvious answer.
Simply put, you can trade in BTCs using an "address", which is actually a public key that others can use to transact with you.
The private key, as usual, you keep to yourself.
As long as you are the only person who knows it , only you can authorise transactions from that address; if you want to sell a Bitcoin sum, you can trade the private key for real money.
That means you need software that will create BTC addresses for you (public-private key pairs), and store your private key safely.
The public key algorithm used in the BTC infrastructure is called ECDSA, short for Elliptic Curve Digital Signature Algorithm.
To cut a long story short, generating a new ECDSA keypair requires you to use a random number between 1 and 2ks - 1, where ks is the key size.
Once you're done, you can discard the random number - indeed, you don't want anyone else to find out what it is.
The mathematical basis of ECDSA means not only that you need the random number in order to go forwards to produce the public and private keys, but also that, with the public key and the random number, you can go backwards to work out the private key.
Of course, that also means your random number should be unique, not just secret, but since you don't keep it lying around after use, how can you ever be sure?
The answer is that the bare minimum officially sanctioned ECDSA key size is 160 bits, so that, at worst, there are 2160 - 1 random values to choose from.
That's about 10 million million million million million million million million, so collisions shouldn't be a problem.
Unless you use a flawed pseudorandom number generator (PRNG), that is.
A PRNG produces an algorithmic sequence of "random" values, which has to start somewhere; if you start from the same place twice, you get the same sequence.
? For some applications, where repeatability is needed, reseeding a PRNG from the same point is a feature, not a bug. Generally, however, you try to seed a PRNG using a bit string that is as close to hardware-random as you can get.
Bitcoin wallet software that re-uses random numbers was found last year by a researcher called Nils Schneider, who documented the computational steps that show why this is a bad thing.
Well, it's happened again.
It looks as though, at least on occasion, the Java-based PRNG on Android will repeat its pseudorandom sequences, thanks to a flaw in Android's so-called SecureRandom Java class.
The Bitcoin Forum has already reported the theft of close to BTC56 (worth about US$6000) from a number of people.
A list of known-vulnerable Android Bitcoin wallets has been published by the Bitcoin Project, with instructions on what to do when the various wallet apps are fixed to use better-quality random numbers.
The Bitcoin Project doesn't go as far as suggesting that you stop using Android altogether to manage your BTC savings.
But perhaps you should consider it?
With two bad security holes recently exposed in Android's digital signature validation for apps, perhaps the platform isn't yet quite ready for the financial big time?
What do you think?
Are you ready to trust Android and Android apps with your hard-earned funds?
Follow @duckblog
You may remain anonymous in Naked Security comments. Just put "Anonymous" as your name and leave the email address blank.
