On the 21th of June 2018, the release of the new wallet applications for Nano
was announced on
Reddit.
Shortly after that, another
announcement
was made telling users of the Android app to transfer their funds to a wallet
with a seed that was not generated by the app. I quickly looked up the source
code and found that the app was using a random number generator that is not
cryptographically secure. Let’s analyze how bad this really is. Spoiler: it’s
bad.
2018-07-02
As most Go programmers probably know, strings are immutable in Go. This has its
advantages, but there are a few reasons why one would want to make changes to
strings. One good reason is security. Having sensitive information like
passwords lingering around in memory isn’t great, as they could end up on disk
if the OS decides to write a piece of your program’s memory to disk to free up
some RAM.
2018-06-19