12 August 2023

So You Think You Understand Cryptocurrency

I bet you don't understand all of the risks, or the potential points of failure. Why? Because it seems even the developers of some of the tools don't understand those things.

I'm not saying that you need to know what a cryptographically secure pseudorandom number generator is, or that you need to understand the Mersenne Twister. But someone who designed software you are using - say for your Bitcoin (or other) crypto wallet - better know what they were doing. Unfortunately, that doesn't seem to always be the case.

What you should understand is that things can fail. Often do fail in the world of cryptocurrency. (Don't put all of your eggs in one basket.)

And so, we have the Milksad vulnerability that has impacted a lot of cryptocurrency wallets. /summary. This impacted the Libbitcoin Explorer software. That isn't something you would have downloaded. It is a toolkit used by the people who developed the wallet you downloaded, and relied on.

  • The bx seed subcommand for generation of new wallet private key entropy is flawed and produces insecure output.
  • On Libbitcoin Explorer 3.x versions, bx seed uses the Mersenne Twister pseudorandom number generator (PRNG) initialized with 32 bits of system time.

Keep in mind, this from is the non-technical summary of the problem.

Think of this as securing your online bank account with a password manager that creates a long random password, but it often creates the same passwords for every user. Malicious people have figured this out and drained funds on any account they can find.

This is not something that anyone can really mitigate. You choose a crypto wallet, and assume that the programmers did their homework. Part of me wants to say that only means that you don't know any programmers, but even if the guys who coded the wallet were trying to do a good job, the error was introduced at a lower level. (There is always a lower level, unless you are designing BIOS microcode for Intel or AMD.)

No comments:

Post a Comment

Comment Moderation is in place. Your comment will be visible as soon as I can get to it. Unless it is SPAM, and then it will never see the light of day.

Be Nice. Personal Attacks WILL be deleted. And I reserve the right to delete stuff that annoys me.