Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make sure that proper random source is used #36

Closed
tomusdrw opened this issue Mar 29, 2017 · 3 comments
Closed

Make sure that proper random source is used #36

tomusdrw opened this issue Mar 29, 2017 · 3 comments
Milestone
RC0

Comments

@tomusdrw
Copy link
Contributor

Related openethereum/wordlist#2

There is no Buffer nor Uint8Array available, so we need something that works in pure JS and has good enough entropy.
@debris
Copy link
Contributor

debris commented Mar 29, 2017

so, what about #37? does it work?

@tomusdrw
Copy link
Contributor Author

Yes, it works but falls back to:
https://github.com/paritytech/wordlist/blob/master/index.js#L60

So it uses Math.random() which is not crypto-secure:
http://stackoverflow.com/questions/5651789/is-math-random-cryptographically-secure

@debris
Copy link
Contributor

debris commented Apr 1, 2017

so I think, we should generate random words / numbers on rust side

@debris debris added this to the RC0 milestone Apr 8, 2017
debris added a commit that referenced this issue Apr 10, 2017
@debris
fixed #36, proper random source
241297f
@debris debris closed this as completed in 0418c48 Apr 10, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
RC0
Development

No branches or pull requests
2 participants
@tomusdrw @debris