Permalink
Browse files

k should be 32 bytes, not 8 bytes

This is a bug with security implications. It is much easier to guess the value
of k within a 64 byte range. This would lead to compromised private keys.

The cryptography interface of bitcore is extremely poor. I recommend:
* Get rid of the C++ code, since it makes everything more difficult with little benefit
* Refactor all crypto, and have easily auditable bignum, point, ecdsa, and key classes
* Then actually audit the crypto
  • Loading branch information...
Ryan X. Charles
Ryan X. Charles committed Aug 11, 2014
1 parent d9ffe75 commit 9f9e2f1d41bdf0b55e1021c96985900bc8ce21e9
Showing with 2 additions and 1 deletion.
  1. +2 −1 lib/common/Key.js
@@ -159,7 +159,8 @@ Key.calcPubKeyRecoveryParam = function(e, r, s, Q) {

Key.genk = function() {
//TODO: account for when >= n
return new bignum(SecureRandom.getRandomBuffer(8));
var k = new bignum(SecureRandom.getRandomBuffer(32))
return k;
};

module.exports = Key;

0 comments on commit 9f9e2f1

Please sign in to comment.