Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

account.NewAccount weak entropy #7

Closed
Gustav-Simonsson opened this issue Jul 27, 2018 · 1 comment
Closed

account.NewAccount weak entropy #7

Gustav-Simonsson opened this issue Jul 27, 2018 · 1 comment

Comments

@Gustav-Simonsson
Copy link

account.NewAccount does not use a cryptographically secure pseudorandom number generator. This makes it possible to derive arbitrary keys generated by other users by brute forcing the randomSeckey function with all values returned from time.UnixNano in some time interval.

Please change the use of math.rand to crypto.rand. Consider using the go-ethereum accounts or keystore packages directly as they have seen extensive auditing and been used to generate keys used in live blockchain networks for a few years.
@flybikeGx
Copy link
Contributor

flybikeGx commented Jul 28, 2018
edited
Loading

Thx for your suggestions and further features of our key-pairs and account system will be publish in next version.

flybikeGx referenced this issue Jul 28, 2018
@flybikeGx
change account.NewAccount to using crypto/rand
8c99bb1
@Gustav-Simonsson Gustav-Simonsson mentioned this issue Jul 30, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Gustav-Simonsson @flybikeGx