bmavity/iota-seed-generator

createWindowsSeed() insecure

hyperreality opened this issue · 3 comments

+1 any idea on how we can secure this?

.NET offers CryptGenRandom but I'm not sure how easy it is to use from Powershell. Windows users should use Python and its SystemRandom function which will interface directly with this. Ideally, don't generate a seed on Windows at all and certainly not using this script.

pRizz commented

You can use this PowerShell command

$randomBuffer = [byte[]](1..1); $seed = [char[]](1..81); -join($seed | foreach { Do {(new-object Security.Cryptography.RNGCryptoServiceProvider).GetBytes($randomBuffer); $randomChar = [char[]]([char]'A'..[char]'Z' + [char]'9'..[char]'9')[$randomBuffer[0]]} While ($randomChar -eq $null); $randomChar })

From https://github.com/pRizz/SecureSeedCommands