Ethereum: Understanding the Random Number Source for getnewaddress
In Bitcoin Core, the getnewaddress function is a critical component that generates new addresses for transactions. One of its key parameters is an optional argument called prng, which stands for “random number generator.” This parameter is used to source randomness for generating addresses. In this article, we’ll delve into the details of how Bitcoin Core API (bitcoind) uses the random number source for getnewaddress.
Internal PRNG
The getnewaddress function in bitcoind uses an internal Random Number Generator (PRNG). The implementation is based on the “Pseudo-Random Number Generator” algorithm, which is a widely used method for generating cryptographically secure pseudo-random numbers. This PRNG is designed to produce unpredictable and uniformly distributed output, making it suitable for cryptographic applications.
Fed from /dev/random or /dev/urandom
The getnewaddress function in bitcoind feeds its random number source from either /dev/random (on Unix-like systems) or /dev/urandom (on Windows). This means that the output of getnewaddress is not cryptographically secure and can be easily predictable. The random numbers are generated using a non-deterministic algorithm, which makes them suitable for certain applications.
Security concerns
The use of an internal PRNG in bitcoind’s getnewaddress function has raised security concerns among some users and developers. While the PRNG is designed to produce unpredictable output, it can still be predictable if the underlying hardware or software configuration allows for it.
In particular, the following issues have been reported:
- Hardware-based attacks
: If a user has a Hardware Random Number Generator (HRNG) plugged in, such as a Trusted Random Number Generator (TRNG), feeding this input to
getnewaddresscan potentially reveal sensitive information. While most HRNGs are designed with security in mind, some older or less secure models may be vulnerable to attacks.
- Software-based attacks: Similarly, software-based attacks using
/dev/randomor/dev/urandomcan still pose a threat if the underlying system configuration is insecure.
Secure alternatives
To mitigate these risks, developers and users can consider implementing additional security measures:
- Hardware-based secure random number generation (SRNG): Using an SRNG, such as a Trusted Random Number Generator (TRNG), to feed into
getnewaddresscan ensure that the output is highly unpredictable and resistant to attacks.
- Using secure random number sources: Developers can also use secure random number sources like
/dev/urandomor/dev/randomfrom trusted sources, ensuring that the input is cryptographically secure.
Conclusion
While getnewaddress in Bitcoin Core API (bitcoind) uses an internal PRNG to generate random numbers, its security has raised concerns among some users and developers. To mitigate these risks, using a hardware-based SRNG or secure random number sources like /dev/urandom from trusted sources is recommended.
For further information on secure random number generation practices and implementing additional security measures, please refer to the following resources:
- [Bitcoin Core API documentation](
- [Secure Random Number Generator (SRNG) guidelines](
- [Trusted Random Number Generator (TRNG) security considerations](
Note: This article is intended for informational purposes only and should not be used as a substitute for professional advice or secure coding practices.
Leave a Reply