By Google is distributing patches for a cryptography flaw in Android that may affect hundreds of thousands of applications. The patches have been passed to partners belonging to the Open Handset Alliance, a trade group dedicated to development of Android, wrote Alex Klyubin, an Android security engineer. Affected applications are those that rely on the pseudo random number generator (PRNG) within the Java Cryptography Architecture or “directly invoke the system-provided OpenSSL PRNG without explicit initialization on Android,” Klyubin wrote. Random numbers are used in part to generate secure encryption keys and for other cryptography processes. In some cases, the numbers were not “cryptographically strong values,” Klyubin said. <more>
Menu
