“It will generate cryptographic keys that, despite their length, have less than 48 bits of entropy, […] so its output will have no more than 48 bits of entropy even if its seed has more than that,” said the system administrator David Gerard.
“SecureRandom() then runs the number it gets through the obsolete RC4 algorithm, which is known to be more predictable than it should be, i.e. less bits of entropy,” Gerard added. “Thus, your key is more predictable.”
Gerard concluded that all Bitcoin addresses generated using the SecureRandom() function are vulnerable to brute-force attacks.
“The conclusion seems to be that at least all wallets generated by js tools inside browsers since bitcoin exists until 2011 are impacted by the Math.random weakness if applicable to the related implementations, the Math.random or RC4 (Chrome) weakness between 2011 and 2013, and RC4 weakness for Chrome users until end of 2015” continues Gerard.
Gerard explained that several web-based or client-side wallet apps used the SecureRandom() function, the expert said that all Bitcoin addresses possibly affected are:
A user has thrown the same alert on the Linux Foundation mailing list:
The researcher Mustafa Al-Bassam added that several old implementations for web and client-side Bitcoin wallets apps leveraged the jsbn.js cryptographic library for generating Bitcoin addresses. Unfortunately, the jsbn.js cryptographic library used the SecureRandom() function, this means that Bitcoin address private keys were exposed to attack.
“The original disclosure didn’t contain any information about the library in question, so I did some digging.” added Mustafa.
If you are using a Bitcoin wallet address generated with tools using the flawed functions you need to generate new Bitcoin address and transfer the funds to the new one.
(Security Affairs – Bitcoin wallet, cyber security)