@gmaxwell,
Do you think this vulnerability had anything to do with the hack reported here: https://bitcointalksearch.org/topic/m.62602139
Th OP of that post claimed he used Bitpay's libraries, bitcore-mnemonic and bitcore-lib to create mnemonic phrase (which I assume is represented as a WIF master key.) Do you know if these libraries rely on libbitcoin?
Topic: If you used "bx seed" you probably already lost your bitcoins, but if... - page 2. (Read 556 times)
August 11, 2023, 12:35:37 PM
August 10, 2023, 08:39:35 PM
Isn't "bx seed" supposed to be weak? I mean the docs clearly state that this is generating a "pseudorandom" seed and can "introduce cryptographic weakness". Why would a wallet use this in first place?
https://github.com/libbitcoin/libbitcoin-explorer/wiki/bx-seed
https://github.com/libbitcoin/libbitcoin-explorer/wiki/bx-seed
"It's dangerous to go alone! Take this."
You're reading the "warning" the the benefit of unadulterated hindsight, you already know the function is dangerous because it uses an insecure PRNG with a 32-bit seed. The audience for a warning doesn't know that, so you have to forget what you know and read it from their perspective.
Anyone who compiles this code themselves (and I'm pretty sure that's necessary, no organization was building + distributing binaries) is taking a leap into the world of trusting their own judgement in any case.
FWIW, there are binaries. I wouldn't be surprised to learn that they were frequently used, as it's long been the case that this software has been difficult to get to compile, as NotATether recently learned. 
August 10, 2023, 02:49:44 PM
Isn't "bx seed" supposed to be weak? I mean the docs clearly state that this is generating a "pseudorandom" seed and can "introduce cryptographic weakness". Why would a wallet use this in first place?
https://github.com/libbitcoin/libbitcoin-explorer/wiki/bx-seed
https://github.com/libbitcoin/libbitcoin-explorer/wiki/bx-seed
"pseudorandom" isn't any kind of meaningful warning, all (typical) RNGs are pseudorandom. Not providing sufficient entropy to seed the RNG is something altogether different. The only alternative is an expensive HRNG (a separate rackmountable entropy generator, in essence), and even then I seem to remember that this only improves the quality of the entropy seeding (i.e. the RNG still produces pseudorandom numbers).
stating more plainly what the security properties of the code really is would help, but I'm not sure it would have made a difference in these recent thefts.
the quality of the entropy seeding an RNG is so fundamental to secure use of cryptography, and yet truly understanding how and why are immense tasks for any human. so I do sympathize with those who were stolen from, because I'm not happy with my own grasp of the issues. but we may, in the end, have no choice but to do so, i somehow doubt this is the last time that inadequate assessments of cryptography in software will burn people, whether cryptocurrency or otherwise
August 10, 2023, 08:49:37 AM
Isn't "bx seed" supposed to be weak? I mean the docs clearly state that this is generating a "pseudorandom" seed and can "introduce cryptographic weakness". Why would a wallet use this in first place?
https://github.com/libbitcoin/libbitcoin-explorer/wiki/bx-seed
Or is the problem somewhere in the code affecting other commands like "bx hd-new" because the doc doesn't say anything about being weak there.
https://github.com/libbitcoin/libbitcoin-explorer/wiki/bx-hd-new
https://github.com/libbitcoin/libbitcoin-explorer/wiki/bx-seed
Or is the problem somewhere in the code affecting other commands like "bx hd-new" because the doc doesn't say anything about being weak there.
https://github.com/libbitcoin/libbitcoin-explorer/wiki/bx-hd-new
August 10, 2023, 08:19:06 AM
Clearly, there is a shortage of trustworthy bitcoin tools.
And there should not be an expectation of trustworthy tools. Many tools start of with a good reputation and attracts a ton of users who do not regularly review the code, making it possible for them to turn dubious without notice.We should not trust any tool no matter how long it has been functioning effectively.
- Jay -
August 10, 2023, 01:17:45 AM
Never knew bx seed was so popular to be honest.
Fortunately, I'm actively creating my own wallet software which *can* generate seeds and private keys (securely), and now I'm thinking about making a command-line interface which exposes these commands as well.
Clearly, there is a shortage of trustworthy bitcoin tools.
Fortunately, I'm actively creating my own wallet software which *can* generate seeds and private keys (securely), and now I'm thinking about making a command-line interface which exposes these commands as well.
Clearly, there is a shortage of trustworthy bitcoin tools.
August 09, 2023, 12:14:40 PM
August 09, 2023, 12:12:08 PM
If you used "bx seed" you probably already lost your bitcoins, but if you did and you still have them. MOVE THEM NOW. It turns out that in late 2016 it was changed from using the OS provided secure entropy to using 32-bits of timestamp fed into an insecure generator. If you used it prior to the introduction of the vulnerability I would still recommend moving any coins you have left.
Do not update and continue to use it. The author insists the insecure behavior was intentional and expressed disinterest in changing it.
https://news.ycombinator.com/item?id=37054862
Do not update and continue to use it. The author insists the insecure behavior was intentional and expressed disinterest in changing it.
https://news.ycombinator.com/item?id=37054862
Jump to: