HomePhabricator

[electrum] use python's standard library `secrets` for randrange

Description

[electrum] use python's standard library secrets for randrange

Summary:
The public libraries are more trustworthy than third-party libs when it comes to security.
See https://docs.python.org/3/library/secrets.html

This is a partial backport of electrum#5947
https://github.com/spesmilo/electrum/pull/5947/commits/004acb906d33ea3a13c87b7b05c67a33e1d3e3d9: ecc: abstract away some usage of python-ecdsa: randrange

and
https://github.com/spesmilo/electrum/commit/120da2783b032be0a58d01c1ef40a23dcff88f2b: util.randrange: use stdlib 'secrets' module instead of 'python-ecdsa'
https://github.com/spesmilo/electrum/commit/2c2e3f8ca40b97c9959b5e424cbf69cde53384cf: util.randrange: expand docstring

Depends on D16664

Test Plan:
Delete the rpcuser and rpcpassword lines from the config file (~/.electrum-abc/config), run Electrum ABC, check that the two lines are generated again in the config file.

The code touched in mnemo.py is dead code is kept for historical reason. We still support restoring legacy electrum seed phrases even though we now only generate BIP39 seed phrases for new wallets. So we might as well keep the function for generating such legacy seeds for testing purposes. But there is no way to test it through the application. The change is pretty trivial, so it should be fine.

Reviewers: #bitcoin_abc, bytesofman

Reviewed By: #bitcoin_abc, bytesofman

Subscribers: bytesofman

Differential Revision: https://reviews.bitcoinabc.org/D16665

Details

Provenance
SomberNight <somber.night@protonmail.com>Authored on Feb 4 2020, 17:17
PiRKCommitted on Aug 28 2024, 06:26
PiRKPushed on Aug 28 2024, 06:26
Reviewer
Restricted Project
Differential Revision
D16665: [electrum] use python's standard library `secrets` for randrange
Parents
rABCfa1fa0ba9184: [e.cash] Add button and bip70 label to wallets page
Branches
Unknown
Tags
Unknown