Skip to content

Some RNG improvments#3

Open
shesek wants to merge 1 commit into
vbuterin:masterfrom
shesek:better-random
Open

Some RNG improvments#3
shesek wants to merge 1 commit into
vbuterin:masterfrom
shesek:better-random

Conversation

@shesek

@shesek shesek commented Nov 27, 2013

Copy link
Copy Markdown
  • Seed jsbn's PRNG with a CSPRNG when available
  • Use H(message||privkey||random) for picking K for signatures

Using H(message||privkey||random) ensures that K is always unique (since its based on the transaction hash) and that it contains data that is hard for an attacker to guess (since it contains the private key). This is the recommend way to generate K values, and is how bitcoin-qt does that. The random data is not really necessary, but can't really hurt either.


I actually think that its better to get rid of jsbn's rng and always use window.crypto's getRandomValues() or nodejs's randomValues(), and refuse to work at all if neither of those are available - but that's quite an extreme change and will break compatibility with some browsers. If you're okay with doing that, I'll send a new pull request.

- Seed jsbn rng with the CSPRNG when available
- Use H(message||privkey||random) for picking K for signatures
@vbuterin

Copy link
Copy Markdown
Owner

I actually think that it would be better to just implement RFC6979, as I
did for my Python library http://github.com/vbuterin/pybitcointools .

On 11/26/2013 11:21 PM, Nadav Ivgi wrote:

  • Seed jsbn's RNG with a CSPRNG when available
  • Use |H(message||privkey||random)| for picking K for signatures

Using |H(message||privkey||random)| ensures that K is always unique
(since its based on the transaction hash) and that it contains data
that is hard for an attacker to guess (since it contains the private
key). This is the recommend way to generate K values, and is how
bitcoin-qt does that. The random data is not really necessary, but
can't really hurt either.


I actually think that its better to get rid of jsbn's rng and always
use window.crypto's getRandomValues() or nodejs's randomValues(), and
refuse to work at all if neither of those are available - but that's
quite an extreme change and will break compatibility with some
browses. If you're okay with doing that, I'll send a new pull request.


    You can merge this Pull Request by running

git pull https://github.com/shesek/bitcoinjs-lib better-random

Or view, comment on, or merge it at:

#3

    Commit Summary

@shesek

shesek commented Nov 27, 2013

Copy link
Copy Markdown
Author

I'll look into implementing that. Perhaps you can merge the other change (seeding jsbn with the browser/node's csprng) in the meanwhile? It'll highly improve the randomness over the current state, where its based solely on Math.random() and Date.now().

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants