Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

_randomBytes generates non-uniform random values #23

Open
fegge opened this issue Oct 8, 2021 · 1 comment
Open

_randomBytes generates non-uniform random values #23

fegge opened this issue Oct 8, 2021 · 1 comment

Comments

@fegge
Copy link

fegge commented Oct 8, 2021

bip39.generateMnemonic uses the Random.secure() CSPRNG from the dart:math library to generate entropy for the mnemonic in _randomBytes.

bip39/lib/src/bip39_base.dart

Lines 40 to 47 in 3633daa

Uint8List _randomBytes(int size) {
final rng = Random.secure();
final bytes = Uint8List(size);
for (var i = 0; i < size; i++) {
bytes[i] = rng.nextInt(_SIZE_BYTE);
}
return bytes;
}

Here _SIZE_BYTE is defined as 255 (on line 10). Since the nextInt method generates integers in the half-open interval [0, max) for a given upper bound max, the value 255 will never be generated. This means that the generated entropy will not be uniformly random. This is an issue if the library is used to generate private keys (e.g. using BIP32).
theosirian added a commit to spruceid/dart-bip39 that referenced this issue Oct 14, 2021
@theosirian
Fixes dart-bitcoin#23: _SIZE_BYTE set to 256
f61f62e 
Signed-off-by: Tiago Nascimento <[email protected]>
@cylon56
Copy link

cylon56 commented Oct 18, 2023

It's concerning that there's no follow-up to this as secure random generation of keys is crucial for anyone using this library.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fegge @cylon56