* [Bitcoin-development] Advisory: PHP library Bitcoin SCI weak key generation
@ 2013-10-27 22:25 Andres Home
2013-10-27 22:46 ` Gavin Andresen
0 siblings, 1 reply; 3+ messages in thread
From: Andres Home @ 2013-10-27 22:25 UTC (permalink / raw)
To: bitcoin-development
For those developers who are using the Bitcoin SCI library (maybe others too, I
found two total and could only make contact with one), I would advise that you
review how your software handles private key creation.
Up until today, the Bitcoin SCI library used the Mersenne Twister PRNG or the
GMP library's PRNG directly to generate private keys. This has been somewhat
resolved in the most recent version (October 27th), but only for the
createNewMiniKey() function. Even if you haven't been using this library, it
would be a fine oportunity to check your key generation functions if you do not
interface directly with bitcoind.
Affected keys have 32bits of entropy, possibly up to 56bits depending on the
build of PHP, a low enough amount that would allow GPU based attacks on keys
in the lower ranges.
I do not know how many keys have been created using either function
.
I also don't share the authors optimism that this isn't an issue.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Bitcoin-development] Advisory: PHP library Bitcoin SCI weak key generation
2013-10-27 22:25 [Bitcoin-development] Advisory: PHP library Bitcoin SCI weak key generation Andres Home
@ 2013-10-27 22:46 ` Gavin Andresen
2013-10-27 22:48 ` Andres Home
0 siblings, 1 reply; 3+ messages in thread
From: Gavin Andresen @ 2013-10-27 22:46 UTC (permalink / raw)
To: Andres Home; +Cc: bitcoin-development
[-- Attachment #1: Type: text/plain, Size: 461 bytes --]
Thanks for the warning; to be clear, "the Bitcoin SCI library" is this
project?
http://bitfreak.info/index.php?page=tools&t=bitsci
On Mon, Oct 28, 2013 at 8:25 AM, Andres Home <a86551@outlook•com> wrote:
> For those developers who are using the Bitcoin SCI library (maybe others
> too, I
> found two total and could only make contact with one), I would advise that
> you
> review how your software handles private key creation.
> --
>
--
Gavin Andresen
[-- Attachment #2: Type: text/html, Size: 1016 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Bitcoin-development] Advisory: PHP library Bitcoin SCI weak key generation
2013-10-27 22:46 ` Gavin Andresen
@ 2013-10-27 22:48 ` Andres Home
0 siblings, 0 replies; 3+ messages in thread
From: Andres Home @ 2013-10-27 22:48 UTC (permalink / raw)
To: Gavin Andresen; +Cc: bitcoin-development
That's correct.
There's no source control so I've mirrored the weak functions.
The MiniKey function:
http://pastie.org/8435726
The PrivKey function:
http://pastie.org/8435731
________________________________
> Date: Mon, 28 Oct 2013 08:46:34 +1000
> Subject: Re: [Bitcoin-development] Advisory: PHP library Bitcoin SCI
> weak key generation
> From: gavinandresen@gmail•com
> To: a86551@outlook•com
> CC: bitcoin-development@lists•sourceforge.net
>
> Thanks for the warning; to be clear, "the Bitcoin SCI library" is this
> project?
> http://bitfreak.info/index.php?page=tools&t=bitsci
>
>
> On Mon, Oct 28, 2013 at 8:25 AM, Andres Home
> <a86551@outlook.com<mailto:a86551@outlook•com>> wrote:
> For those developers who are using the Bitcoin SCI library (maybe
> others too, I
> found two total and could only make contact with one), I would advise
> that you
> review how your software handles private key creation.
>
> --
> --
> Gavin Andresen
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-10-27 22:48 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-10-27 22:25 [Bitcoin-development] Advisory: PHP library Bitcoin SCI weak key generation Andres Home
2013-10-27 22:46 ` Gavin Andresen
2013-10-27 22:48 ` Andres Home
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox