bitcoinj/bitcoinj

BIP32: Incorrect seed bit-length validation for master key generation

Open

#4 209 ouverte le 17 mai 2026

Voir sur GitHub
 (2 commentaires) (0 réactions) (0 assignés)Java (2 509 forks)batch import
Enhancementgood first issue

Métriques du dépôt

Stars
 (4 687 stars)
Métriques de merge PR
 (Aucune PR mergée en 30 j)

Description

I found that DeterministicKey createMasterPrivateKey provides input check for byte[] seed .

        checkArgument(seed.length > 8, () ->
                "seed is too short and could be brute forced");

However, the constraints defined in BIP32

Generate a seed byte sequence S of a chosen length (between 128 and 512 bits; 256 bits is advised) from a (P)RNG.

are different. I wonder whether there is a specific reason for this, or whether this effectively 9-byte lower bound was chosen arbitrarily. In any case, I would recommend adhering to the specification as closely as possible.

Found using the bitcoinfuzz tool.

Guide contributeur