-
Notifications
You must be signed in to change notification settings - Fork 176
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🔥 💀 [ Critical ] bx seed generates insecure seed phrases for bx 3.x #726
Comments
RTFM |
You’re in the wrong repo, that is neither the bx documentation nor a Libbitcoin repo. https://github.com/libbitcoin/libbitcoin-explorer/wiki |
somebody should tell whoever wrote that that he lost people a million bucks then |
People are responsible for their own security, and of course - to RTFM. |
The command works as documented and intended. The book is dated, the commit is around 8 years old. Maybe make a PR into the book repo and discuss with its author. |
https://milksad.info/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39910
TL;DR;
bx seed
command for bx 3.x uses Mersenne Twister limited to 32 bits of entropy, leading to brute-forceable seed phrases for wallets. Generate a new wallet ( using a more secure tool, LOL ), and transfer funds ASAP.The text was updated successfully, but these errors were encountered: