Ever wondered how those "weak key" exploits actually work? I made a research tool for it

Been down the rabbit hole of Bitcoin key generation vulnerabilities lately. Ended up building a CLI tool to reproduce and analyze them. What it does: Generates keys the "wrong way" — brainwallets, weak PRNGs (MT19937, LCG, Xorshift), that MultiBit HD bug, old Electrum derivation Analyzes if a key might have come from a vulnerable source (brute-forces 2^32 seed space etc.) Scans wordlists against target addresses ```sh the classic brainwallet vuke single "correct horse battery staple" --transform sha256 check if a key is a Milksad victim vuke analyze --analyzer milksad <private_key> ``` Covers: - Milksad (CVE-2023-39910) — libbitcoin's 32-bit MT19937 disaster - Brainwallets — SHA256(password), still being exploited - LCG/Xorshift PRNGs — glibc rand(), JS Math.random() - MultiBit HD, Electrum pre-BIP39, Armory Pure Rust, MIT license, optional GPU acceleration. GitHub: https://github.com/oritwoen/vuke Install: cargo install vuke One of my Bitcoin security research projects — also made kangaroo (https://github.com/oritwoen/kangaroo), boha (https://github.com/oritwoen/boha), and vgen (https://github.com/oritwoen/vgen) if you're into this stuff. For research/education only, obviously. Happy to chat about the vulns if anyone's curious. submitted by /u/iredni [link] [comments]

from hacking: security in practice https://ift.tt/4H2oZck