Build A Better Bitcoin Wallet: Security Researcher Calls For Developers To Use Safer ECDSA Operations

posted onOctober 20, 2014
by l33tdawg
http://cdn.idigitaltimes.com/sites/idigitaltimes.com/files/styles/large/public/2014/10/16/what-best-bitcoin-wallet-hitb-2014-malaysia-filippo-valsorda.png?itok=L_zQvNhg
Credit: http://cdn.idigitaltimes.com/sites/idigitaltimes.com/files/styles/large/public/2014/10/16/what-best-bitcoin-wallet-hitb-2014-malaysia-filippo-valsorda.png?itok=L_zQvNhg

One of the biggest fears of Bitcoin users is that one day they will wake up and find their virtual currency wallet emptied, signaling that someone, somehow, has managed to uncover the user’s private key. A Bitcoin private key is a secret number that acts as a kind of identifying “ticket,” allowing coins from the corresponding wallet to be spent.

Since 2010, an estimated $500 million worth of Bitcoin has reportedly been stolen with approximately 6.6% percent of all Bitcoin in circulation being in the possession of someone who stole it.  With statistics like this, it is natural for Bitcoin users to be concerned about the safety of their private key.

In a talk at HITB 2014 in Malaysia, security researcher and cryptographer, Filippo Valsdora explores how weak signatures lacking randomness values, if found in the Bitcoin blockchain, can be used to uncover the private keys of unsuspecting Bitcoin users. The talk highlighted not only how the glitch in signatures can and has been exploited, but also ways Bitcoin wallet providers can design their services to prevent ECDSA failures in the Bitcoin blockchain, reducing the chances of private key leaks. He also offered a list of Bitcoin wallets which have proven to be the safest, based on their use of safer deterministic ECDSA operations.

Source

Tags

BitCoin Security HITB2014KUL

You May Also Like

Other Articles In This Section

Recent News

Thursday, May 16th

Flaw in Wi-Fi Standard Can Enable SSID Confusion Attacks
Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach
MIT students stole $25M in seconds by exploiting ETH blockchain bug
BreachForums, an online bazaar for stolen data, seized by FBI

Wednesday, May 15th

It’s the End of Google Search As We Know It
Google strikes back at OpenAI with “Project Astra” AI agent prototype

Tuesday, May 14th

Security researcher says PoC for kernel vulnerability targeting iOS 17.4.1 and older coming soon
Apple releases iOS 17.5, macOS 14.5, and other updates as new iPads launch
Disarmingly lifelike: ChatGPT-4o

Monday, May 13th

FBI To Charge Teenager Hackers From Scattered Spider Who Hacked Hundreds Of Organizations
JTAG Hacking An SSD With A Pi: A Primer
As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide
North Korean hackers deploy ‘Durian’ malware, targeting crypto firms
Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities
Google patches its fifth zero-day vulnerability of the year in Chrome
OpenAI revs up plans for web search, but denies report of an imminent launch

Friday, May 10th

Boeing Confirms Lockbit Hackers Wanted $200 Million Ransom After 2023 Hack
Dell discloses data breach of customers’ physical addresses
Poland says it was targeted by Russian military intelligence hackers
Leaked FBI email stresses need for warrantless surveillance of Americans
Stack Overflow users sabotage their posts after OpenAI deal
Fedora Asahi Remix 40 is another big step forward for Linux on Apple Silicon Macs
6 Practical Tips for Using Anthropic's Claude Chatbot

Thursday, May 9th

OpenAI Is ‘Exploring’ How to Responsibly Generate AI Porn
Dell responds to return-to-office resistance with VPN, badge tracking
Hands-on with the new iPad Pros and Airs: A surprisingly refreshing refresh

Wednesday, May 8th

Chinese Hackers Deployed Backdoor Quintet to Down MITRE
Apple announces M4 with more CPU cores and AI focus
Boeing says workers skipped required tests on 787 but recorded work as completed
Ransomware mastermind LockBitSupp has been ID’d
OpenAI’s flawed plan to flag deepfakes ahead of 2024 elections

Tuesday, May 7th

Indian police adopt facial recognition despite risk of massive data breaches
Cybersecurity Workforce Sustainability Has a Problem
New Cuckoo macOS malware can take over all Macs and steals your passwords too
Apple’s iPhone Spyware Problem Is Getting Worse