Re: Feedback for BTC mini key generator

Quote from: raritycheck on August 19, 2024, 11:58:51 PM

Unfortunately we trusted another software and hence the keys were compromised but it's not just ours but a widespread RNG attack

It would be interesting if you mention that software for comparison.

Because it could be the entropy or the mini private key itself.
For example: the script in the OP produces a 256-bit entropy but about 34% of it is discarded when generating the mini private key.
So its overall security is reduced to about 2^168 which is still secure in today's standard. (e.g.: old unspent Casascius Coins)

Quote from: Quickseller on August 19, 2024, 01:39:32 PM

Also, the first digit of the mini key be '0', which even further reduces entropy (and perhaps is unnecessary).

The standard "0x00" at the start of SHA256(<mini_PrvKey>?) is for validity check only.
Ref: https://github.com/raritycheck/BTCMiniKeyGenerator/blob/a23567757fcc541cde0494f960682bca6d8a7d99/generator.py#L42-L46

The ECDSA Private key is calculated without the "?" at the end and has no first Byte restrictions.
Ref: https://github.com/raritycheck/BTCMiniKeyGenerator/blob/a23567757fcc541cde0494f960682bca6d8a7d99/generator.py#L69-L75