security question
Closed this issue · 3 comments
this project is vulnerable to this problem?
https://bitcointalk.org/index.php?topic=977070.0
Yes and no!
It depends on your operating system, your hardware, and all sorts of things. This library uses /dev/urandom or the windows equivalent. So if your OS entropy sucks (like a raspberry pi) its possible to leak the key.
So, if your machine does produce cryptographically strong random data, you are not at risk.
I don't completely understand...
The particular problem here is that ECDSA says you must use a nonce (random number) in the signature. As you know, if 'r reuse' occurs for a given private key then someone can solve an equation for that private key.
The problem here is the quality of your random numbers. There is no algorithm to produce 100% random bytes, instead computers usually use what's called a cryptographically strong pseudo random bytes generator, which while not entirely random, is random enough. This is usually provided by the operating system, because it can tap into data that usually is different from computer to computer.
Stuff like your computers temperature, the wind in your hard drive, are useful things to seed the random number generator. I mentioned the raspberry pi, because it doesn't have a lot of entropy sources (it has a solid state drive).
The thing is, ECDSA, and hence this library, are only secure if random numbers actually are random.. So what people have started doing is using an algorithm that takes a private key and the messages hash and produces a value for r which is unique, which means you no longer have to worry about whether your random number generator is good enough.