[Cryptography] How can poor/bad/compromised random number generators manifest themselves in Bitcoin?
Alfie John
alfie at alfie.wtf
Mon Nov 18 23:06:49 EST 2019
> On 19 Nov 2019, at 12:55, Russ Allbery <eagle at eyrie.org> wrote:
>
> Ken McCall via cryptography <cryptography at metzdowd.com> writes:
>
>> Excuse my ignorance, but I'm trying to understand, from a
>> realistic/practical standpoint, how a "poor" (Bad? Less than optimal?)
>> random number generator can create a problem in the Bitcoin network
>> (blockchain, transactions, nodes, exchanges, wherever.).
>
> There are various ways bad RNGs can hurt (I'm sure other people will add
> more), but possibly the easiest one to explain is in key pair generation.
>
> This is not specific to Bitcoin; it applies to any public and private key
> pair (SSH, X.509, PGP, whatever).
>
> ...
>
> The most obvious way that a bad RNG hurts is that a bad RNG may mean that
> the private key is *not* chosen from the full key space. Instead, due to
> properties of the RNG, the key is effectively chosen from a tiny fraction
> of the key space. Now, all the attacker has to do is search that entire
> key space for the private key, which because it is so much smaller becomes
> computationally feasible to do.
Yep.... and "stealing" using guessable private keys is already happening:
- https://www.wired.com/story/blockchain-bandit-ethereum-weak-private-keys/
- https://redpiranha.net/news/online-bitcoin-wallets-open-compromise-weak-private-key-generation-code
Alfie
--
Alfie John
https://www.alfie.wtf
More information about the cryptography
mailing list