Skip to content

BIP32: Incorrect seed bit-length validation for master key generation #4209

Description

@kuliq23

I found that DeterministicKey createMasterPrivateKey provides input check for byte[] seed .

        checkArgument(seed.length > 8, () ->
                "seed is too short and could be brute forced");

However, the constraints defined in BIP32

Generate a seed byte sequence S of a chosen length (between 128 and 512 bits; 256 bits is advised) from a (P)RNG.

are different. I wonder whether there is a specific reason for this, or whether this effectively 9-byte lower bound was chosen arbitrarily. In any case, I would recommend adhering to the specification as closely as possible.

Found using the bitcoinfuzz tool.

Metadata

Metadata

Assignees

No one assigned

    Labels

    EnhancementRequest for enhancement, or the implementation of onegood first issueGood for newcomers

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions