Did you know? Crypto wallets generate keys/seeds using PRN…
Did you know?
Crypto wallets generate keys/seeds using PRNGs (PSEUDO-RNGs). Make sure the wallets you use to store large quantities of coins are regularly audited by experts in cryptography. 🙏
https://www.schneier.com/academic/paperfiles/paper-prngs.pdf
Replies
Badly designed (sometimes intentionally) wallets could help attackers regenerate keys/seeds.
No interaction with a wallet needed. Knowing the weakness in the PRNG of the wallet and/or device used is enough to generate users' keys/seeds and move the coins.
This is the juicy stuff.
Thanks for sharing this file!
Step-by-step instructions:
1. Reverse wallet's code
2. Identify PRNG
3. Analyse where PRNG seed comes from
4. Find a weakness (ie low entropy)
5. Generate millions of seeds to feed the PRNG
6. Check balance of addresses generated
7. Profit
(8. Go to jail)
Any recommendations for safe wallet generators?
How well designed is the @2540 wallet in order to prevent this?
Sadly, no.
I don't know any Bitcoin SV wallet that runs regular security audits (pricey).
I know nChain does, but they don't make wallets: https://bit.ly/3aIoCaj
Something to explore for big holders: 🎲 + https://github.com/taelfrinn/Bip39-diceware
If you use ElectrumSV with a hardware wallet, the hardware wallet is the PRNG. The notorious hardware wallets get regularly audited by security researchers.
Otherwise... https://steemit.com/programming/@profitgenerator/electrum-bitcoin-wallet-code-audit
What about the phone wallets, where can I see if they are audited.
Phone wallet = software wallet. No major difference. Ask the devs. 🙂