search

10gic / vanitygen-plusplus

A vanity address generator for BTC, ETH, LTC, TRX and 100+ more crypto currencies.
GNU Affero General Public License v3.0
248 stars 90 forks source link

Initial vectors vulnability #88

Closed CashCode closed 2 months ago

CashCode commented 1 year ago

Hello, Sirs. Does the generation algorythm use initial vectors? Is the code protected from vulnability of initial vectors, is it safe to use?

https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool/

10gic commented 1 year ago

Vanitygen-plusplus uses openssl function EC_KEY_generate_key. See https://github.com/10gic/vanitygen-plusplus/blob/e0607a720de181c233db1c3ea97ca26ac9f1f3a7/oclengine.c#L2126