Episode 83: The Milk Sad Vulnerability
Ep. 83

Episode 83: The Milk Sad Vulnerability

Episode description

In this episode, Aaron (@AaronvanW) and Sjors (@provoost) discuss a vulnerability in Libbitcoin dubbed “Milk Sad”, which allowed people to generate private key seeds with such weak entropy that their private keys could be brute forced and their coins stolen. Aaron and Sjors examine how this vulnerability (could have) ended up in Libbitcoin as well as in Andreas Antonopoulos’ book Mastering Bitcoin, to what extent it should be considered a bug, and more.
For more information on Milk Sad, see: https://milksad.info/
Libbitcoin lead developer Eric Voskuil on Milk Sad: https://youtu.be/3uwl5xDdc7c

Addendum 2023-08-18: The Mersenne Twister pseudo-random number generated was not intended to be cryptographically secure. So my claim that it was thought to be secure was incorrect. It’s simply the wrong tool for the job (of creating a private key with real money at stake).

Sjors New Book: https://www.amazon.com/Bitcoin-Technical-innovations-Sjors-Provoost/dp/9090360425

THIS EPISODE’S SPONSORS:

⁠Voltage Cloud⁠

⁠Bitcoin 2024 Nashville⁠

⁠Bitcoin Magazine⁠

⁠Bitcoin Amsterdam⁠

Lower your time preference and lock-in your BITCOIN 2024 conference tickets today! Use the code BMLIVE for a 10% Discount! - https://b.tc/conference/2024

No chapters are available for this episode.