Concerns about a flawed crypto library that could allow Bitcoin theft have been revived following a post to a Bitcoin mailing list last week.
David Gerard, a UK-based Unix admin and blockchain technology watcher, raised concerns in a blog post on Thursday.
The perils of fallback
In response to the dustup, Filippo Valsorda, a cryptographer working for Google, advised against implementing any kind of fallback when generating keys.
Matthew Green, an assistant professor of computer science at Johns Hopkins and cryptography expert, in a phone call with The Register concurred. "Fallback is always kind of lousy idea," he said.
Green explained that problem with the code might extend not just to older wallet apps utilizing weak key generation but to Bitcoin addresses generated at the time.
"If you generated your Bitcoin address using this code, you could potentially have crackable, predictable keys that could be exploited to steal money," he said.
Green said it can be difficult to tell how browsers and apps generate keys because it's not always apparent and there's significant variation.
Disgraced US Secret Service agent coughs to second Bitcoin heistREAD MORE
Google's Chrome browser was affected by the issue until 2015.
The result of the subpar random number generation, Gerard says, is that crypto keys generated using this code are predictable enough to crack through brute force, in perhaps a week.
Gerard in his post declares "most web wallets" for storing cryptocurrency are affected by this flaw but doesn't name any specific ones. But, if we're lucky, it may be rather fewer than that.
In an email to The Register, he clarified while he doubts anything developed recently is vulnerable, apps using keys generated back then may be.
What's at risk?
Asked for examples, he said possibly affected digital wallets include Bitaddress (pre-2013), Bitcoinjs (pre-2014), and anything using older GitHub repos that implement SecureRandom().
Bitcoin contributor Dave Harding expressed skepticism about the motives of the person who revived the issue on the Bitcoin mailing list, pointing to the individual's rather dubious choice of remailers and the inclusion of a Bitcoin address in the message, presumably to solicit donations.
"So, although the issue is legit (but ancient), I myself suspect this person was just out to stir up a little drama or money," he said in an email to The Register.
As it happens, the price of Bitcoin surged on Thursday.
Harding acknowledged that some Bitcoin private keys generated in web browsers years ago are not as secure as they could be.
"Likely the least secure keys have already been compromised and the users' funds stolen; some other keys may have been secure enough at the time but can still be compromised in the future," he said.
He advised those with concerns to contact their wallet vendor and noted Bitcoin.org maintains a list of digital wallets without known security issues. ®