search

pointbiz / bitaddress.org

JavaScript Client-Side Bitcoin Wallet Generator
https://www.bitaddress.org
2.45k stars 1.5k forks source link

Memory leak in BIP38PrivateKeyToEncryptedKeyAsync #156

Open woodser opened 7 years ago

woodser commented 7 years ago

There appears to be a memory leak in BIP38PrivateKeyToEncryptedKeyAsync.

Steps to reproduce:

  1. Launch bitaddress.org, collect entropy, and go to Wallet Details tab.
  2. Enter a private key, check 'BIP38 Encrypt?', and enter a password.
  3. Repeat click 'Encrypt BIP38' button. With each click, memory usage grows until the browser eventually crashes.

@pointbiz Do the developers have a perspective on fixing this memory leak or an alternative way to BIP38 encrypt private keys using bitaddress code?

For context, I'm using bitaddress code to perform BIP38 encryption of existing private keys in the application I'm developing. With this memory leak, my application eventually crashes.

Thank you for your help.

woodser commented 7 years ago

Upon further investigation, it appears the memory leak is actually within Crypto_scrypt.

The leak seems to only occur if a string is passed as the passwd argument to Crypto_scrypt, e.g. Crypto_scrypt("abctesting123", [161,205,96,83,190,41,64,105], 16384, 8, 8, 32).

The leak appears to not occur if an array / intermediate point is given as the passwd argument, e.g. Crypto_scrypt([3,52,115,225,93,101,43,10,145,237,162,123,83,189,56,166,158,68,87,202,169,201,125,210,90,119,196,150,144,134,195,41,74], [161,205,96,83,190,41,64,105], 16384, 8, 8, 32)

FYI I observe ~0.25 GBs being used for each invocation of Crypto_scrypt with a password string.