Ethereum: Understanding the Random Number Source for Getnewaddress
In Bitcoin Core, the getnewaddress function is a critical component that generates new addresses for transactions. One of its most important parameters is an optional argument called “prng”, which stands for “random number generator”. This parameter is used to specify the randomness source for generating addresses. In this article, we will go into detail about how the Bitcoin Core API (bitcoind) uses the random number source for ‘getnewaddress’.
Internal PRNG
The getnewaddress function in bitcoind uses an internal random number generator (PRNG). The implementation is based on the “Pseudo-Random Number Generator” algorithm, which is a widely used method for generating cryptographically secure pseudo-random numbers. This PRNG is designed to produce unpredictable and uniformly distributed results, making it suitable for cryptographic applications.
Feed from “/dev/random” or “/dev/random”
The getnewaddress function in bitcoind takes its random number source from either /dev/random
(on Unix-like systems) or /dev/urandom
(on Windows). This means that the output of getnewaddress
is not cryptographically secure and can be easily predicted. The random numbers are generated using a non-deterministic algorithm, making them suitable for certain applications.
Security Concerns
The use of an internal PRNG in bitcoind’s getnewaddress
function has raised security concerns among some users and developers. Although the PRNG is designed to produce an unpredictable result, it can still be predictable if the underlying hardware or software configuration allows it.
Specifically, the following issues have been reported:
- Hardware-based attacks: If a user has a Hardware Random Number Generator (HRNG) connected, such as a Trusted Random Number Generator (TRNG), entering this input into “getnewaddress” may reveal sensitive information. While most HRNGs are designed with security in mind, some older or less secure designs may be vulnerable to attack.
- Software-based attacks: Similarly, software-based attacks using “/dev/random” or “/dev/urandom” can still pose a threat if the underlying system configuration is insecure.
Secure Alternatives
To mitigate these risks, developers and users may consider implementing additional security measures:
- Hardware-based Secure Random Number Generation (SRNG): Using an SRNG, such as a Trusted Random Number Generator (TRNG), to input “getnewaddress” can ensure that the result is highly unpredictable and resistant to attacks.
- Using Secure Random Number Sources: Developers can also use secure random number sources from trusted sources, such as
/dev/urandom
or/dev/random
. This ensures that the input is cryptographically secure.
Conclusion
Although the Bitcoin Core API (bitcoind) `getnewaddress'' uses an internal PRNG to generate random numbers, its security has raised concerns among some users and developers. To mitigate these risks, it is recommended to use hardware-based SRNG or secure random number sources such as
/dev/urandom’ from trusted sources.
For more information on secure random number generation practices and how to implement additional security measures, see the following resources:
- [Bitcoin Core API Documentation](
- [Secure Random Number Generator (SRNG) Guidelines](
- [Trusted Random Number Generator (TRNG) Security Considerations](
Note: This article is for informational purposes only and should not be used as a substitute for professional advice or secure coding practices.