Andresen is Back With a One-Man Security Project Inspired by Bitcoin Mishaps

in #bitcoin7 years ago (edited)

Follow me @tahloks

Keeping an eye on bitcoin

The Random Sanity Project not only stemmed from Andresen's interest in learning the programming language GO, but also in seeing the problems a lack of entropy can have in monetary software systems like bitcoin.

"I certainly still do keep up with bitcoin," Andresen told CoinDesk, adding that he might contribute code review to DCG's new bitcoin scaling proposal, but that he's unlikely to write any of the code.

"Bitcoin is such an interesting project because it’s security critical," he said. "If the security fails, it's immediately obvious, people lose money and react immediately."

This is different, he continued, than an email account being taken over or attacked, in that people typically don't notice those breaches for some time.

"For a lot of security issues, bitcoin brings them into the light," Andresen said.

This quick reaction was seen in several mishaps based on faulty random number generation in the bitcoin ecosystem.

In May 2015, a vulnerability in Blockchain's Android bitcoin wallet left several users out money. According to Softpedia, the vulnerability allowed duplicate bitcoin addresses to be created and given to different users. At its core, the problem was with Blockchain's random number generator, random.org, which provided insufficient entropy on certain versions of the Android operating system.

And two years before, in August 2013, all bitcoin wallet applications on Android operating systems were potentially at risk when several vulnerabilities were found within another random number generator, Java SecureRandom.

Follow me @tahloks