Insecure private key generation - tinymt32 seeded from micros() (32-bit state, predictable, non-CSPRNG)

Credits / Found by Jean-Philippe Aumasson: https://github.com/veorq

`KeyID::generatePrivateKey()` relies on `random_buffer()`, which uses `tinyMT32` as its PRNG. The PRNG is initialized only once using a 32-bit seed derived from `micros()`.

This is *not a cryptographically secure RNG,* and the 32-bit timer seed makes the generated private keys predictable and brute-forceable. All keys produced by the current implementation are vulnerable. A hardware CSPRNG or proper DRBG must be used instead.

Links:
* https://github.com/AlphaWallet/Web3E/blob/c19324cc209b11fd4389d1c782a7e6ffbc391cfb/src/KeyID.cpp#L48-L50
* https://github.com/AlphaWallet/Web3E/blob/c19324cc209b11fd4389d1c782a7e6ffbc391cfb/src/Trezor/rand.c#L362-L364

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Insecure private key generation - tinymt32 seeded from micros() (32-bit state, predictable, non-CSPRNG) #31

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

	void KeyID::generatePrivateKey(Web3* web3)
	{
	random_buffer(privateKeyBytes, ETHERS_PRIVATEKEY_LENGTH);

	static int initialized = 0;
	if (!initialized) {
	tinymt32_init(&tinymt, (uint32_t)micros());

Insecure private key generation - tinymt32 seeded from micros() (32-bit state, predictable, non-CSPRNG) #31

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions