Did you know? Crypto wallets generate keys/seeds using PRN…

Twetch ·

Did you know?

Crypto wallets generate keys/seeds using PRNGs (PSEUDO-RNGs). Make sure the wallets you use to store large quantities of coins are regularly audited by experts in cryptography. 🙏

https://www.schneier.com/academic/paperfiles/paper-prngs.pdf

Replies

Twetch ·

Badly designed (sometimes intentionally) wallets could help attackers regenerate keys/seeds.

No interaction with a wallet needed. Knowing the weakness in the PRNG of the wallet and/or device used is enough to generate users' keys/seeds and move the coins.

Twetch ·

This is the juicy stuff.
Thanks for sharing this file!

Twetch ·

Step-by-step instructions:

1. Reverse wallet's code
2. Identify PRNG
3. Analyse where PRNG seed comes from
4. Find a weakness (ie low entropy)
5. Generate millions of seeds to feed the PRNG
6. Check balance of addresses generated
7. Profit
(8. Go to jail)

Twetch ·

Any recommendations for safe wallet generators?

Twetch ·

How well designed is the @2540 wallet in order to prevent this?

Twetch ·

Sadly, no.

I don't know any Bitcoin SV wallet that runs regular security audits (pricey).

I know nChain does, but they don't make wallets: https://bit.ly/3aIoCaj

Something to explore for big holders: 🎲 + https://github.com/taelfrinn/Bip39-diceware

Twetch ·

If you use ElectrumSV with a hardware wallet, the hardware wallet is the PRNG. The notorious hardware wallets get regularly audited by security researchers.

Otherwise... https://steemit.com/programming/@profitgenerator/electrum-bitcoin-wallet-code-audit

Twetch ·

What about the phone wallets, where can I see if they are audited.

Twetch ·

Phone wallet = software wallet. No major difference. Ask the devs. 🙂