Security questions

[Depositarius]

Hello!
There is no information about how this method differs from the methods used by standard wallets such as metamask to create addresses. What are the differences in the security of such an address? Are they vulnerable to attacks like profanity-generated addresses? Are addresses supported by Ledger? It would be worth posting this information on the Vanity-ETH.tk website.

[bokub]

Hello,

I have no idea how Metamask works, but maybe you can do some research and compare with Vanity-ETH (everything related to security is already explained on my README).

About the security issued discovered in profanity, please read #43 and #44

[bokub]

I don't own a ledger so I cannot guarantee it, but it should theorically work. The best way to know is to generate a test address and add it to your ledger.

Please tell me if it works, I'll add the info to the website

[clutchORcake]

Here's the answer: https://support.metamask.io/hc/en-us/articles/360020091432-How-does-MetaMask-generate-your-keys-
Do you mind explain further how this "browser's native Crypto.getRandomValues function" different from the randomness algorithm you mentioned (CSPRNG) on https://vanity-eth.tk/?

[bokub]

Sure !
Vanity-ETH uses a npm package called 'randombytes'

Here is where the package is imported:
https://github.com/bokub/vanity-eth/blob/3f112321fdd782c0ab9f3f8c962b9638ac3cfd41/src/js/vanity.js#L4C2-L4C2

As explained on the randombytes README, it uses crypto.getRandomValues when used in a browser, which is exactly what MetaMask uses according to your link.

Any other question?

[clutchORcake]

Understood! thanks for your explanation and the randombytes link.