Random number generator used by default is Not Secure

Question

Random number generator used by default is Not Secure

sirk390 opened this issue 6 years ago · 3 comments

It seems the random number generator used by default when generating a private key is not secure:
When you call:
>privateKey = PrivateKey()
It does
randint(1, curve.N - 1)
While "randint" is imported from "random" module.
Instead random should use " random.SystemRandom"

Answer 1 · 2018-12-28T17:03:16.000Z

What you think now:

https://github.com/starkbank/ecdsa-python/pull/2/files

Answer 2 · 2018-12-28T20:01:53.000Z

Yes, this is good, but you have also the same issue for signature (ecdsa.py line 14).

Answer 3 · 2018-12-28T21:55:14.000Z

True. I updated the PR, I will close this issue now.