Author: Jeremy Spilman 2013-08-16 19:37:50
Published on: 2013-08-16T19:37:50+00:00
The author advocates for the elimination of the "CS-PRNG" component from signing, as it adds no value and detracts from the benefits of deterministic signing. However, the CS-PRNG is still necessary for generating the root master key of an HD wallet, which creates a potential vulnerability if the single invocation of the CS-PRNG turns out to be weak. The author suggests that cumulative entropy collection over time through multiple invocations or multiple sources could mitigate this risk. The author also notes that compromised DSA signatures were one-off events, whereas a weak key in the BIP32 root could be more insidious and difficult to exploit. The author suggests using smartphone sensors to provide additional entropy for increased protection. Overall, the author advocates for minimizing the use of CS-PRNGs whenever possible and seeking best practices for using them with less trust.
Updated on: 2023-06-07T16:04:28.654341+00:00