Open HimanshuSingh2308 opened 5 years ago
Moving over from telegram and raising the same issue here:
Hey folks - anyone familiar with the way the PKs are formatted and what "matters". We were doing some random QA and realized that we can modify a PK slightly and generate the same EOS pub key via eosjs-ecc. Sample:
5JnRmBMYoBP7z2zKufcgEsj3cfWsjFtd74ghj7oYaLe3f8NSruV
EOS7XVnBmY2XNHnVQHRF17Wv2xyoy1i73MFYcugukshkG3HkXxvwL
5JnRmBMYoBP7z2zKufcgEsj3cfWsjFtd74ghj7oYaLe3f8NSruA
EOS7XVnBmY2XNHnVQHRF17Wv2xyoy1i73MFYcugukshkG3HkXxvwL
I was trying to read through the WIF format, and I'm guessing it has to do w/ using the compressed version of the key. Just trying to see if there's any reference out there that would explain this.
Doing some additional tests... it seems that ecc.checkDecode
should have thrown a checksum error. Manually following the steps I see the following when using the 2nd key aka bad key 5JnRmBMYoBP7z2zKufcgEsj3cfWsjFtd74ghj7oYaLe3f8NSruA
Bad key:
> badkey = '5JnRmBMYoBP7z2zKufcgEsj3cfWsjFtd74ghj7oYaLe3f8NSruA'
'5JnRmBMYoBP7z2zKufcgEsj3cfWsjFtd74ghj7oYaLe3f8NSruA'
'5JnRmBMYoBP7z2zKufcgEsj3cfWsjFtd74ghj7oYaLe3f8NSruV'
> buffer1 = new Buffer(base58.decode(badkey))
<Buffer 80 7f 79 a1 dc ee b8 f4 bf cf 1d 51 e9 64 47 31 f3 a1 7f b0 ce 3c e9 58 6b 6f e4 61 a1 87 90 ca 2e 92 ab 18 cd>
> checksum = buffer1.slice(-4)
<Buffer 92 ab 18 cd>
> chesumhex = checksum.toString('hex')
'92ab18cd'
> key = buffer1.slice(0, -4)
<Buffer 80 7f 79 a1 dc ee b8 f4 bf cf 1d 51 e9 64 47 31 f3 a1 7f b0 ce 3c e9 58 6b 6f e4 61 a1 87 90 ca 2e>
> newCheck = hash.sha256(hash.sha256(key)).slice(0,4)
<Buffer 92 ab 18 e0>
> checksum.toString('hex')
'92ab18cd'
> newCheck.toString('hex')
'92ab18e0'
>
Good Key:
> goodkey = '5JnRmBMYoBP7z2zKufcgEsj3cfWsjFtd74ghj7oYaLe3f8NSruV'
> buffer = new Buffer(base58.decode(goodkey))
<Buffer 80 7f 79 a1 dc ee b8 f4 bf cf 1d 51 e9 64 47 31 f3 a1 7f b0 ce 3c e9 58 6b 6f e4 61 a1 87 90 ca 2e 92 ab 18 e0>
> checksum = buffer.slice(-4)
<Buffer 92 ab 18 e0>
> key = buffer.slice(0, -4)
<Buffer 80 7f 79 a1 dc ee b8 f4 bf cf 1d 51 e9 64 47 31 f3 a1 7f b0 ce 3c e9 58 6b 6f e4 61 a1 87 90 ca 2e>
> newCheck = hash.sha256(hash.sha256(key)).slice(0,4)
<Buffer 92 ab 18 e0>
> checksum.toString('hex')
'92ab18e0'
> newCheck.toString('hex')
'92ab18e0'
>
try to generate the public key for these two private keys you will get an exact same public key
is it the limitation of the ECC ????