In this episode, Aaron (@AaronvanW) and Sjors (@provoost) discuss a vulnerability in Libbitcoin dubbed “Milk Sad”, which allowed people to generate private key seeds with such weak entropy that their private keys could be brute forced and their coins stolen. Aaron and Sjors examine how this vulnerability (could have) ended up in Libbitcoin as well as in Andreas Antonopoulos’ book Mastering Bitcoin, to what extent it should be considered a bug, and more.
For more information on Milk Sad, see: https://milksad.info/
Libbitcoin lead developer Eric Voskuil on Milk Sad: https://youtu.be/3uwl5xDdc7c
Addendum 2023-08-18: The Mersenne Twister pseudo-random number generated was not intended to be cryptographically secure. So my claim that it was thought to be secure was incorrect. It’s simply the wrong tool for the job (of creating a private key with real money at stake).
THIS EPISODE’S SPONSORS:
Lower your time preference and lock-in your BITCOIN 2024 conference tickets today! Use the code BMLIVE for a 10% Discount! - https://b.tc/conference/2024