undefined | Better HN

0 pointsdoodlesdev2y ago0 comments

Couldn't they have used CryptMT [0] instead of MT19937 (or whatever mersenne twister implementation they had)? Saying mersenne twister should not be used is a bit misleading as it all depends on the specific implementations and needs of the application.

Anyhow, they could still have used webcrypto through WASM or even through JavaScript (as they can send the data back). This is really not a problem with WASM but moreso with the stupid implementation of this wallet.

edit: According to this PR they were indeed using std::mt19937 [1]. In fact I would go further ahead and say this is a general issue of C++ itself which just does not provide good PRNGs in the stdlib at all, with multiple ways of achieving different (but similarly broken) PRNG results.

[0]: https://en.m.wikipedia.org/wiki/CryptMT

[1]: https://github.com/trustwallet/wallet-core/pull/2240

0 comments

lxgr2y ago

Ironically, they probably even did that (depending on their implementation of std::random_device).

The problem is what they did with that random seed once they had retrieved it (i.e. seed a non-cryptographic Mersenne Twister with only 32 bits of it).

j / k navigate · click thread line to collapse