Entropy source for unpredictable numbers is guessable

Question

Entropy source for unpredictable numbers is guessable

Closed this issue 2 years ago · 6 comments

The Heruko crypto-verify needs to be able to construct unpredictable numbers. This requires a high entropy key, in order to yield the security guarantees required for an unpredictable number. However the key used is a 3 digit number. Hence without any entropy. It should be replaced with a high entropy key stored in an environment variable.

See section 2.5.4 in the NFT Minting security report.
See Jira issue 291.

Answer 1 · 2022-06-20T09:28:41.000Z

3 digit number it was a password(key) to hash messages. I updated 3-digit number to longer string with special chars.

secret generated in the UnpredictableNumberTool constructor: crypto.randomBytes(UnpredictableNumberTool.BYTES_IN_SEED)

is it OK? @jot2re

Answer 2 · 2022-06-20T09:55:12.000Z

Unfortunately it is not enough. Since it is the key that is used to MAC messages. Thus, currently it is very easy to guess the key and make fake UN's that the crypto-verify service will accept. This can for example involve making timestamps that are valid in the future.
The randomness generated in the request is handed to the user as it is also needed to validate the UN. Thus both the key and the randomness needs to be high entropy and the key must only be known by crypto-verify.

Answer 3 · 2022-06-20T10:23:05.000Z

@jot2re , ok, I got it.
so many bytes must be the KEY to stay service secure?

Answer 4 · 2022-06-20T10:51:14.000Z

At least 16 bytes. Preferably 32 bytes.

Answer 5 · 2022-06-20T11:12:58.000Z

key updated to 32bytes. you can see it in the heroku app settings

Answer 6 · 2022-06-20T11:20:13.000Z

Great! Thanks @oleggrib