Issue 490 in bitcoinj: ECKey.hashCode can trigger ArrayIndexOutOfBoundsException
364 views
Skip to first unread message
bitc...@googlecode.com
Dec 3, 2013, 7:22:08 PM12/3/13
to bitc...@googlegroups.com
Status: New
Owner: andreas....@googlemail.com
Labels: Type-Defect Priority-Medium
New issue 490 by andreas....@googlemail.com: ECKey.hashCode can trigger
ArrayIndexOutOfBoundsException
http://code.google.com/p/bitcoinj/issues/detail?id=490
Consider this key:
base58
5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAbuatmU
privkey
0000000000000000000000000000000000000000000000000000000000000000
Its pubkey is only one byte long and thus triggers
ArrayIndexOutOfBoundsException in the hashCode implementation. Try running
this:
new
DumpedPrivateKey(NetworkParameters.prodNet(), "5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAbuatmU").getKey().hashCode();
Granted, this is a very made up case. Anyhow, I wonder if perhaps there is
other keys that would fail because they are maybe just 10 bytes shorter
than "normal".
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Owner: andreas....@googlemail.com
Labels: Type-Defect Priority-Medium
New issue 490 by andreas....@googlemail.com: ECKey.hashCode can trigger
ArrayIndexOutOfBoundsException
http://code.google.com/p/bitcoinj/issues/detail?id=490
Consider this key:
base58
5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAbuatmU
privkey
0000000000000000000000000000000000000000000000000000000000000000
Its pubkey is only one byte long and thus triggers
ArrayIndexOutOfBoundsException in the hashCode implementation. Try running
this:
new
DumpedPrivateKey(NetworkParameters.prodNet(), "5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAbuatmU").getKey().hashCode();
Granted, this is a very made up case. Anyhow, I wonder if perhaps there is
other keys that would fail because they are maybe just 10 bytes shorter
than "normal".
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
bitc...@googlecode.com
Dec 4, 2013, 5:06:56 AM12/4/13
to bitc...@googlegroups.com
Updates:
Status: Invalid
Comment #1 on issue 490 by he...@google.com: ECKey.hashCode can trigger
ArrayIndexOutOfBoundsException
http://code.google.com/p/bitcoinj/issues/detail?id=490
It breaks because zero is not a valid EC private key. See SEC1 section
3.2.1 step 1:
"Randomly or pseudorandomly select an integer in the interval [1, n-1]"
Bouncy Castle does this. Thus a private key of zero will never be generated
by a valid EC key generation algorithm.
I don't think any valid public key is ever likely to be less than 4 bytes
long, which is what hashCode requires.
Status: Invalid
Comment #1 on issue 490 by he...@google.com: ECKey.hashCode can trigger
ArrayIndexOutOfBoundsException
http://code.google.com/p/bitcoinj/issues/detail?id=490
It breaks because zero is not a valid EC private key. See SEC1 section
3.2.1 step 1:
"Randomly or pseudorandomly select an integer in the interval [1, n-1]"
Bouncy Castle does this. Thus a private key of zero will never be generated
by a valid EC key generation algorithm.
I don't think any valid public key is ever likely to be less than 4 bytes
long, which is what hashCode requires.
bitc...@googlecode.com
Dec 4, 2013, 5:13:51 AM12/4/13
to bitc...@googlegroups.com
Comment #2 on issue 490 by andreas....@googlemail.com: ECKey.hashCode can
trigger ArrayIndexOutOfBoundsException
http://code.google.com/p/bitcoinj/issues/detail?id=490
Ok, I'd like to propose to not accept invalid keys like that. Currently
people can import an invalid key into one's wallet and thus make it
corrupt. I'd say either the DumpedPrivateKey constructor or the getKey()
method should throw an exception.
Reply all
Reply to author
Forward
0 new messages