Vulnerability in JavaScript Function May Mean Long-term Bitcoin Hodlers are at Risk

A group of researchers released a warning on the security dangers of old bitcoin addresses that were generated via JavaScript-based wallet applications.

According to the researchers, hackers can take advantage of an old JavaScript cryptographic flaw to steal bitcoin stored in such addresses. Using brute-force hacking, the private keys of such addresses can be obtained by cybercriminals and take ownership of the wallets and the bitcoins stored in them.

Insufficient Entropy in the JavaScript SecureRandom() Function

The flaw revolves around the JavaScript SecureRandom() function which can be used to generate bitcoin addresses and private keys. A bitcoin address is an alphanumeric code that begins with a ‘1’ or ‘3,’ and it specifies the destination of a bitcoin payment. It is similar to an email address. The private key is like a password, and it bears a mathematical relationship with a bitcoin address.

According to an anonymous contributor on the Linux Foundation mailing list, the JavaScript SecureRandom() function isn’t truly random, despite the name. This assertion was also made by David Gerard, a Unix system expert based in the UK and has become a topic of discussion on many online cryptocurrency message boards.

The general consensus that the JavaScript SecureRandom() function isn’t genuinely random is based on the low entropy level of the cryptographic keys that it generates. Entropy refers to the degree of randomness of a system, the higher the entropy, the more difficult it is for brute-force hacking to be successful.

According to Gerard, the function generates cryptographic keys that are less than 48 bits of entropy regardless of the entropy level of the seed. The JavaScript function then runs the alphanumeric key through the obsolete RC4 algorithm which is generally considered to be predictable. The predictability makes the private key vulnerable to brute-force hacking.

Getting More Secure Bitcoin Addresses

This information isn’t entirely new, Gerard revealed that he discovered discussion threads on the Bitcointalk forum as early as 2013 on this particular issue. Back then, some web-based bitcoin wallets used the SecureRandom() function to generate private keys.

According to Gerard, many bitcoin addresses that were generated using the BitAddress wallet service pre-2013 and Bitcoinjs pre-2014 are most likely affected by the same vulnerability. Gerard also hinted that current wallet software that makes use of old repositories found on GitHub might also be vulnerable.

Commenting on the issue, Mustafa Al-Bassam said that many old bitcoin wallet apps made use of jsbn.js cryptographic libraries to generate bitcoin addresses. There is a high probability that the pre-2013 versions of such libraries used the vulnerable SecureRandom() function. Al-Bassam is a Ph.D. researcher at the University College London, Computer Science Department. Gerard estimates that it would take about a week to crack the private keys of such addresses.

Bitcoin holders who have such addresses are advised to create new addresses using newer tools. They should also move their funds from the old addresses to the new ones to keep them safe.