You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
account.NewAccount does not use a cryptographically secure pseudorandom number generator. This makes it possible to derive arbitrary keys generated by other users by brute forcing the randomSeckey function with all values returned from time.UnixNano in some time interval.
Please change the use of math.rand to crypto.rand. Consider using the go-ethereum accounts or keystore packages directly as they have seen extensive auditing and been used to generate keys used in live blockchain networks for a few years.
The text was updated successfully, but these errors were encountered:
account.NewAccount
does not use a cryptographically secure pseudorandom number generator. This makes it possible to derive arbitrary keys generated by other users by brute forcing therandomSeckey
function with all values returned fromtime.UnixNano
in some time interval.Please change the use of
math.rand
tocrypto.rand
. Consider using the go-ethereum accounts or keystore packages directly as they have seen extensive auditing and been used to generate keys used in live blockchain networks for a few years.The text was updated successfully, but these errors were encountered: