profanity2 icon indicating copy to clipboard operation
profanity2 copied to clipboard

Not much safer warning

Open k06a opened this issue 2 years ago • 4 comments

Hi, it seems your implementation is not MUCH safer than original, see this issue: https://github.com/johguse/profanity/issues/61. Original profanity could be hacked in seconds/minutes with few hours of precompile. I suspect precompile table can be increased thousands of times algorithmically. Using 1000x bigger table and having 1000x more GPU core than average computer would allow to hack every 4000-th vanity address if I count correctly.

Consider calling rd() eight times in a row for achieving 256 bits of non-deterministic seed private key.

Or check out version of @1inch: https://github.com/1inch/profanity2 – it introduces “safety by design” by non-generating any private keys anymore, but finding shift for private key by provided public key of it.

k06a avatar Oct 18 '22 23:10 k06a

Hey @k06a! Thanks for looking over the repo. I've added your suggested changes, and updated the README to point to 1inch's profanity2.

evmcheb avatar Oct 19 '22 15:10 evmcheb

Hi @evmcheb BTW, I meant not to use mt19937_64 at all, because it adds nor safety, nor randomness :)

k06a avatar Oct 19 '22 18:10 k06a

@evmcheb -- wanted to see if this was fixed.. thanks!

jacklevin74 avatar Nov 22 '22 23:11 jacklevin74

@jacklevin74 you can use this version https://github.com/1inch/profanity2 to avoid any security concerns.

k06a avatar Nov 25 '22 13:11 k06a