Web3E icon indicating copy to clipboard operation
Web3E copied to clipboard
verified publisher icon AlphaWallet

Insecure private key generation - tinymt32 seeded from micros() (32-bit state, predictable, non-CSPRNG)

Open bernardladenthin opened this issue 1 month ago • 0 comments

Credits / Found by Jean-Philippe Aumasson: https://github.com/veorq

KeyID::generatePrivateKey() relies on random_buffer(), which uses tinyMT32 as its PRNG. The PRNG is initialized only once using a 32-bit seed derived from micros().

This is not a cryptographically secure RNG, and the 32-bit timer seed makes the generated private keys predictable and brute-forceable. All keys produced by the current implementation are vulnerable. A hardware CSPRNG or proper DRBG must be used instead.

Links:

  • https://github.com/AlphaWallet/Web3E/blob/c19324cc209b11fd4389d1c782a7e6ffbc391cfb/src/KeyID.cpp#L48-L50
  • https://github.com/AlphaWallet/Web3E/blob/c19324cc209b11fd4389d1c782a7e6ffbc391cfb/src/Trezor/rand.c#L362-L364

bernardladenthin avatar Nov 30 '25 14:11 bernardladenthin