These issues all stem from the RC4-based RNG implementation (with insecure fallback entropy) in Tom Wu's jsbn library, published here: http://www-cs-students.stanford.edu/~tjw/jsbn/
Please refer to Tom Wu's URL, or this more up-to-date fork of Tom Wu's code (published to NPM): https://github.com/andyperlitch/jsbn -- my repository on GitHub was only ever intended to be a straight mirror of Tom Wu's code (created over 7 years ago!). I'll probably delete my mirror repository given that there are now better JavaScript bignum alternatives, and in light of this report. Jason > On 9 Apr 2018, at 22:11, m...@musalbas.com wrote: > > Here's the code in question: https://github.com/jasondavies/jsbn/pull/7 > > Best, > > Mustafa -- Jason Davies, http://www.jasondavies.com/ _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev