Is your feature request related to a problem? Please describe.
Severity: Low
The unixMain implementation of SecureRandom in kotlin-bip39 does not correctly check the return
value of read()
Describe the solution you'd like
The code checks that result is nonnegative, indicating that no error occurred. However, read() is allowed to read fewer bytes than were requested. In this case, result will be the number of bytes actually read.
To guarantee that enough random bytes were read from /dev/urandom, this code needs to check that result == bytes.size. Otherwise, an insecure seed phrase could be generated.
Because /dev/urandom is used (and not /dev/random), it’s unlikely for the current code to fail in a way that leads to an insecure seed being used, but the check should be added nevertheless.
Is your feature request related to a problem? Please describe.
Severity: Low The unixMain implementation of SecureRandom in kotlin-bip39 does not correctly check the return value of read()
Describe the solution you'd like
The code checks that result is nonnegative, indicating that no error occurred. However, read() is allowed to read fewer bytes than were requested. In this case, result will be the number of bytes actually read.
To guarantee that enough random bytes were read from /dev/urandom, this code needs to check that result == bytes.size. Otherwise, an insecure seed phrase could be generated.
Because /dev/urandom is used (and not /dev/random), it’s unlikely for the current code to fail in a way that leads to an insecure seed being used, but the check should be added nevertheless.
Alternatives you've considered
Additional context