Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Some extra relevant links:
https://github.com/libbitcoin/libbitcoin-system/pull/559
The pull request adding the vulnerability, the lack of review or collaboration is worth noticing. The prior code was already dubious in that AFAIK std::random_device library doesn't promise that the randomness is suitable for cryptography. I believe on common systems where this code was run the old code was not likely to be exploitable, but I wouldn't bet my money on it.
https://twitter.com/evoskuil/status/1688657656620167169
Developer commentary on this issue. I can't figure out what "long-documented intended usage" a seed command that mandates 128-bits of output but never has more than 32-bits of entropy would have.
https://archive.is/A7Jn6
The documentation the tweet references. I don't know how the 'Pseudorandom seeding' warning there would be distinguishable from warnings against CSPRNGs in favor of dice rolls or whatever. Nor can I figure out for whose convenience this function would serve except attackers.
https://archive.is/HDe8h
This xkcd comic has been instrumental to me.
I wrote a command-line utility a couple of years ago that I use myself regularly to generate secure and memorable passwords
https://github.com/ctsrc/Pgen
With this tool you can also see how many bits of entropy the passphrase generation settings you are using will result in.
For example, generating a 5 word password using the long wordlist
pgen -l -n 5
That’s excellent! I had the same idea I completed a few weeks ago in python trying to write it with the standard library and have it be easily auditable. You can check it out here if you want:
https://github.com/avnigo/nodice-cli
libbitcoin isn't a company. It's an alternative C++ implementation (https://github.com/libbitcoin) to the Bitcoin Core (https://github.com/bitcoin/bitcoin) implementation. Bitcoin Core is the one originally from Satoshi. Libbitcoin came in like 2011 or so iirc and was led by Amir Taaki. Libbitcoin is a lot less popular than Bitcoin Core, as you can see on the github stats.