4

I am writing a C++ application that creates a Bitcoin address. I am having a hard time installing openssl for windows and making it work for visual studio.

So, I am asking myself, if I create a private key, let's say a hex string of 64 chars, by simply executing rand() multiple times, and then create a Bitcoin public address from that, would it be secure?

And if I add more randomness by requesting the user to move the mouse randomly and gathering data as random seeds?

WereAskingIt
  • 41
  • 1

2 Answers2

3

Using the mouse is a good choice to generate entropy, but there are better methods for generating good random numbers.

For generating a single bitcoin address for personal use, the random generator is likely good enough, but is much much much weaker than a properly random key.

If this is for any kind of system that will be generating many addresses (and therefore be a reasonably attractive target for baddies) it is very much not secure enough.

For any given OS/hardware/programming language combination, quite a bit can be deduced about the state of the random generator, especially if people can make multiple addresses, so that they can gather data. From there its a hop skip and a jump to be predicting other peoples addresses/keys. This becomes an even much worse problem if this is deployed as any kind of shared service in the cloud where the same instance of a generator may be making keys for many users

Use of a real crypographic psudeorandom generator is like 2-3 extra lines of code, and very worth the effort.

Jason Coyne
  • 1,583
  • 2
  • 10
  • 10
  • I upvote you for the whole logic even if there are better ways to enhance entropy than using merely a mouse. –  Aug 22 '15 at 05:44
  • I agree there are better ways than the mouse, but he specifically asked about it, so I answered. – Jason Coyne Aug 23 '15 at 02:49
  • I disagree that rand() is "likely good enough"; predictable randomness for generating keys is a serious vulnerability – paj28 Aug 23 '15 at 08:25
  • @paj28 : It is. But for a single key, on a personal machine, its not really predictable. All of the things that would let you predict (machine state, time, etc) would be unknown to anyone who wanted to crack his key. As I celarly said, its trival to use a secure random, so he should. But the actual practical effect _IN THIS PARTICULAR SITUATION_ are very low. – Jason Coyne Dec 21 '17 at 15:43
  • People are actively [searching the blockchain](https://pastebin.com/jCDFcESz) for weak keys. If this was on a 32-bit machine then there's a good change it would be found. I guess on 64-bit it becomes a bit more implausible. – paj28 Dec 21 '17 at 16:44
1

No - using rand() for this purpose is not secure.

The problem with rand() is that it only has a small amount of internal state, I think 32-bits. When you call it multiple times, you get more than 32-bits of data out of it, but there are only 2^32 possible states. So if you use 2048-bits to generate a key, there's only 2^32 different keys that the setup could possibly generate. If an attacker knows you have used rand() they can setup a brute force of those 2^32 possible keys, and this would complete in reasonable time. They would then know the private key that corresponds to your public key, and would be able to spend your Bitcoins.

There was a vulnerability in Debian OpenSSL related to weak randomness.

Using mouse movement is acceptable for generating additional randomness. However, I would recommend instead using the CryptGenRandom function.

Nathan Parker
  • 257
  • 2
  • 9
paj28
  • 32,736
  • 8
  • 92
  • 130