Topic: Critiques and criticisms for a Bitcoin address generator (Read 833 times)

Do u have any idea what is being used by bitaddress.org and coinb.in? Are they secure?

It looks like getrandbits() attempts to implement the Mersenne Twister algorithm.  Unfortunately, there are weak implementations of that algorithm, and I don't know if python's implementation avoids all the known issues or not.  Perhaps most importantly:

"It can take a long time to start generating output that passes randomness tests, if the initial state is highly non-random—particularly if the initial state has many zeros. A consequence of this is that two instances of the generator, started with initial states that are almost the same, will usually output nearly the same sequence for many iterations, before eventually diverging."

I suspect (but don't know for certain) that the python implementation has improved initialization so that beginning with such a state is very unlikely.

Although, according to wikipedia:

"The algorithm in its native form is not cryptographically secure. The reason is that observing a sufficient number of iterations allows one to predict all future iterations."

Like I said, "this can't be stated often enough".  Thinking that a particular algorithm is secure, or hoping that an algorithm is secure, doesn't make it secure.  This is probably the hardest part of coding for bitcoin, and is an area where many well meaning programmers have created services that have lost people a lot of bitcoins when hackers with time and patience have discovered the weaknesses in the various methods that have been used for random number generation.  Developers that relied on the Android operating system failed.  Developers that relied on random.org failed.  Developers that relied on operating system functions failed.

It might be okay to rely on getrandbits() from python's Crypto library, it might not.  Personally, I won't be using your tool at all.

Here's a question to help you decide if you actually feel your tool is safe...

Lets say your tool becomes popular.  Lets say people start using it to create addresses that store hundreds of thousands (or even millions) of dollars worth of bitcoins.

If a weakness is discovered in the getrandbits() function and someone loses $500,000 worth of bitcoins to a hacker because of it, are you willing to be held personally financially responsible for your error in RNG choice and re-imburse that user?

This is why I'm not implementing my own random number generation. I'm using the PyCrypto module to generate random numbers of a large size (256bits).

This can't be stated often enough!

Understand that the security of your bitcoin address relies completely on the fact that any and all of the
115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936
possible private keys are all equally possible to have been chosen.

If your pseudo random number generation favors generating any numbers at all over any others at any time for any reason, then you can lose the security that bitcoin attempts to provide you and very smart (and very patient) hackers WILL find the weakness in your private key generation and exploit it.

It looks like you are using getrandbits(256) from the python Crypto library.  I don't know much about this library, so I don't know if there are any known weaknesses or risks with use of that function.

I didn't look at the code yet, but the pseudo random number generation is very difficult to get right.

It is great for a learning exercise for sure, but be very careful with real funds.  

Hi,

I have created a Bitcoin address generator in Python that I wish to use offline to generator addresses. This started as a learning exercise, but I would like to know if it would be wise to use it in the sense of creating a random and strong private / public key pair.

Feel free to offer critiques and criticisms as it’s a great way to learn best practices.

My Bitcoin address generator may be found here:

https://gist.github.com/TheRayTracer/0dcfe80fe51e5e60b1658932676c7972