Only the XRP private keys that have used the software since before August 2015 are vulnerable

[ad_2][ad_1]

The Ripple (XRP) software libraries published before August 2015 potentially made private keys that signed more vulnerable transactions, Ripple announced in a statement released on January 16th.

Recent research conducted jointly by the DFINITY Foundation and the University of California has revealed that part of the Bitcoin (BTC), Ethereum (ETH) and Ripple addresses are vulnerable.

As is known among cryptographers, the security of the Elliptic Curve digital signature algorithms (ECDA) employed by the aforementioned cryptocurrencies is highly dependent on random data, known as nonce. The research also explains:

"It is known that if a private ECDSA key is never used to sign two messages with the same signature nonce, the long-term private key is trivial to compute [crack]".

The researchers claim to have successfully hacked hundreds of Bitcoins, some Ethereum, SSH (remote control for unix-like systems), HTTPS and a private key XRP thanks to the so-called polarized nonces (with a low degree of randomness). As the researchers explain, the consequences of these vulnerabilities are enormous:

"In the case of cryptocurrencies, these keys provide us, or any other malicious user, the ability to request funds in the associated accounts.In the case of SSH or HTTPS, these keys would give us, or any other malicious user, the ability to impersonate host final. "

However, the document explains that these vulnerabilities can be prevented:

"All the attacks discussed in this article can be prevented using nonce ECDSA deterministic generation, which is already implemented in the default Bitcoin and Ethereum libraries."

According to Ripple, the deterministic generation of nonce is also part of their software since August 2015. This function also makes the addresses that interact with the blockchain using new software libraries safe from this vulnerability.

While cryptography is all but perfect, centralized systems such as exchanges and individual information systems are successfully successfully attacked more often than private keys, says the research. The document also notes that during the search, access was obtained only at about $ 54 of BTC and $ 14 of XRP.

As reported by Cointelegraph, the cryptocurrency exchange in New Zealand with Cryptopia has suspended services after detecting a large hack that allegedly caused significant losses.

Also, the news recently revealed that a recent wave of ransomware attacks estimated to have earned hackers 705.08 Bitcoin ($ 2.5 million) probably came from Russian cybercriminals, not from state-sponsored North Korean actors as originally thought.

[ad_2]Source link