Il 8/15/13 6:07 AM, Nadim Kobeissi ha scritto: > Hey Libtech, > Hot on the heels of last week's Bitcoin wallet for Android heist, > Google has confirmed that this was due to a critical crypto flaw in > Android
All Mobile Security Applications should not rely on standard RNG of the OS but fetch precious and better source of randomness available on those devices: - Microphone Audio Sample On a commercial product i worked on in past the RNG has been always feed with Noise from Microphone. To get more in depth: - The Sources of Randomness in Mobile Devices http://www.fi.muni.cz/usr/matyas/RNG_nordsec07_cameraReady.pdf - The Sources of Randomness in Smartphones with Symbian OS http://www.fi.muni.cz/~xkrhovj/lectures/2007_SPI_Sources_of_Randomnes_in_Smartphones_slides.pdf - ZRTP Standard 4.8 section https://tools.ietf.org/html/rfc6189#section-4.8 -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org
-- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.