SamouraiLeaks Part 3: Is Random.org random enough?

nopara73
nopara73
Jul 24 · 3 min read

No.

In Part 1 I exposed SamouraiDev’s sockpuppetry. In Part 2 I showed how they bully respected developers in the space for raising concerns about their wallet. While pointing out malintent is important and I only scratched the surface, this time I’ll move onto extreme incompetence.

Note that, you will NOT find irresponsible security disclosure in here. I am going to bring new light to one of the largest, if not the largest cases of developer incompetence in the history of Bitcoin: Blockchain.info’s random number generator issues that resulted in many get their bitcoins hacked.
As a matter of lesser known fact, SamouraiDev and SamouraiWallet accounts were behind the curtain of the company and they earned the ridicule of the infosec community with an “incredible cascade of bad decisions” when they were working at Blockchain.info.

[source]

Mandrik was the first employee of Blockchain.info (he left because of the SegWit2x drama.) To verify his claims I found the GitHub commits posted on Reddit. Unfortunately Blockchain.info did succeed to take those commits down, but the url tells that the commits were made into the Android-Wallet-2 app. And indeed the developer of that app was William Hill, also known as SamouraiDev.

[source]

The Bugs Explained

As I noted, Blockchain.info deleted the commits, so I cannot cite the actual code, but Reddit explains it clearly.
SamouraiDev used a custom LinuxSecureRandom implementation that is being seeded from random.org . However when this wasn’t available, “instead of screaming bloody murder like any sensible implementation would” he fell back to the standard SecureRandom class. Seeding this class does not add additional entropy, but replaces it entirely. This resulted in numerous users generating wallets from seeding solely with random.org .
The next mistake was that he was “using HTTP instead of HTTPS to make the webservice call to random.org.”
But on January 2015, random.org started enforcing HTTPS. However SamouraiDev made a mistake even here: instead of acknowledging the error, as any reasonable person would do, he silently ignored it and “since that date, the entropy has actually been the error message.”
Added bonus is that, in his “fix” he is still using random.org.

Incredible Incompetence

Make no mistake. Randomness is the holy grail of Bitcoin development. What would you do if you wake up for your bitcoin wallet emptied? You could even use a cold storage, you are damned if someone generates the same keys as you.

It’s the single most important piece of code in a Bitcoin software, where one bug is disastrous in itself, but I am struggling to find an adjective for a chain of bugs. Not even talking about that even “the fix” was a bug. And according to the original Reddit poster this wasn’t even the first: “It was their BUGS on PRNG again!”.

This has found its way to infosec Twitter and we’re all kinda sitting around gawking at it in sheer disbelief that someone would seed for Bitcoin from random.org (problematic), over plaintext (deal breaker), and then not even trap results other than 200 OK (mind blower). An incredible cascade of bad decisions. /u/abadidea

“deal breaker” here starts at the thought of using random.org for generating private keys. — /u/alithediamonds

Since they’re not using HTTPS, they don’t even need to MTM it, just tap it. — /u/ex_ample

 by the author.

nopara73

Written by

nopara73

https://www.youtube.com/watch?v=QiySI4-MWww

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade