search

OutCast3k / coinbin

Javascript Bitcoin Wallet. Supports Multisig, Stealth, HD, SegWit, Bech32, Time Locked Addresses, RBF and more!
https://coinb.in/
MIT License
906 stars 621 forks source link

Not checking if the private key is inside the curve #204

Open tnkmt opened 4 years ago

tnkmt commented 4 years ago

For example, try to check this WIF private key: 5Km2kuu7vtFDPpxywn4u3NLu8iSdrqhxWT8tUKiNTjDB7yUFUg3.

I tried the "Bitaddress", "TP's Go Bitcoin Tests - Private keys" and "Bitcoin Key Compression Tool - Ian Coleman" with this invalid WIF private key (5Km2kuu7vtFDPpxywn4u3NLu8iSdrqhxWT8tUKiNTjDB7yUFUg3) and they give error message like expected.

But Coinbin does not give error message, instead it gives me address 1Cnr5ciYXma4TpurZracFV85hb8CcoBnuu and public key 045ec9ad50d845ec111a5ce5cb50f89812e9cf4570795655bfaec6028d087c446bb7d4ae7d3ce38b3430ebaa4df97426c9bf2847b0f06fd71213521a200d3313a8.

Discussion on Reddit: https://old.reddit.com/r/Bitcoin/comments/e0m6ft/are_all_possible_bip39_mnemonic_seeds_produce_a/

tnkmt commented 4 years ago

It's not a bug, it's a feature.

Here it is explained: https://github.com/spesmilo/electrum/issues/5797#issuecomment-557942439