Bitcoin Forum
June 25, 2024, 05:14:02 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: How secure is this code to generate Address-Key pair?  (Read 213 times)
CounterEntropy (OP)
Full Member
***
Offline Offline

Activity: 214
Merit: 278


View Profile
September 09, 2020, 06:48:33 PM
 #1

https://github.com/BitcoinPHP/BitcoinECDSA.php/blob/master/src/BitcoinPHP/BitcoinECDSA/BitcoinECDSA.php

Also, what if I keep $extra = 'FSQF5356dsdsqdfEFEQ3fq4q6dq4s5d' at L:852 as is? Will it be possible to re-generate the Address-Key pair if I dont change this?
pooya87
Legendary
*
Offline Offline

Activity: 3486
Merit: 10666



View Profile
September 10, 2020, 03:15:48 AM
Merited by ABCbits (1)
 #2

Quote
How secure is this code to generate Address-Key pair?
the biggest problem with this library that i see is lack of tests. a cryptography library that deals with sensitive things such as ECC must have a lot more tests than the handful of them this library has in BitcoinECDSATest.php
so i wouldn't use it for anything important.

Also, what if I keep $extra = 'FSQF5356dsdsqdfEFEQ3fq4q6dq4s5d' at L:852 as is? Will it be possible to re-generate the Address-Key pair if I dont change this?
that "extra" is used while generating a random key, with or without it you won't be able to re-generate the same key. it is used as some sort of extra entropy to be appended to the entropy generated by OpenSSL (according to the method name) and then hashed using SHA256.
but usually these extra entropies are generated on the fly not hard coded.

.
.BLACKJACK ♠ FUN.
█████████
██████████████
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
████████████████
░██████████████
████████████
███████████████░██
██████████
CRYPTO CASINO &
SPORTS BETTING
▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
█████████
.
ABCbits
Legendary
*
Offline Offline

Activity: 2912
Merit: 7579


Crypto Swap Exchange


View Profile
September 11, 2020, 11:43:52 AM
Merited by Saidasun (1)
 #3

You need to audit security/cryptography expert to know how secure is it. I can't find anything that mentions audit on both source code and GitHub's issue feature.

If there's no particular reason to use that library, consider use https://github.com/bitcoin/bitcoin/tree/master/src/secp256k1

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Saidasun
Sr. Member
****
Offline Offline

Activity: 334
Merit: 275


View Profile
September 16, 2020, 04:18:55 PM
 #4

Is there any specific reason you want to use that libary instead of https://github.com/bitcoin/bitcoin/tree/master/src/secp256k1?

Unless there is a specific reason that you have not currently given I do not see any reason why you would use that instead of the above libary especially when it considering trust and the issues that a untested libary might bring up.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!