cylon56
commented
1 year ago It's concerning that there's no follow-up to this as secure random generation of keys is crucial for anyone using this library.
Open fegge opened 3 years ago
cylon56
commented
1 year ago It's concerning that there's no follow-up to this as secure random generation of keys is crucial for anyone using this library.
bip39.generateMnemonicuses the Random.secure() CSPRNG from thedart:mathlibrary to generate entropy for the mnemonic in_randomBytes.https://github.com/dart-bitcoin/bip39/blob/3633daa2026b98c523ae9a091322be2903f7a8ab/lib/src/bip39_base.dart#L40-L47
Here
_SIZE_BYTEis defined as 255 (on line 10). Since thenextIntmethod generates integers in the half-open interval[0, max)for a given upper boundmax, the value 255 will never be generated. This means that the generated entropy will not be uniformly random. This is an issue if the library is used to generate private keys (e.g. using BIP32).