Description
Seed generation for wallet keys uses rand_hc::Hc128Rng::from_entropy(). Although HC-128 is a recognized stream cipher seeded once from the OS, the idiomatic secure choice for wallet seeds is OsRng / ThreadRng, which reseed continuously. A one-time seed-expand design means that any compromise of the initial entropy snapshot exposes every subsequently generated wallet, and the code departs from what xrpl-py / xrpl.js use.
Location
Impact / Severity
Critical — Cryptographic-RNG selection. Compromise of the single initial entropy seed exposes every wallet generated during the process lifetime. Switch to OsRng (or a vetted reseeding CSPRNG) for all secret-material generation.
Adversarial Agent Notes
Verdict: ACCEPT. HC-128 is eSTREAM-portfolio and not broken, so the practical risk is moderate, but the choice is inconsistent with every other XRPL SDK. No demo test — RNG quality isn't testable in a unit test.
Description
Seed generation for wallet keys uses
rand_hc::Hc128Rng::from_entropy(). Although HC-128 is a recognized stream cipher seeded once from the OS, the idiomatic secure choice for wallet seeds isOsRng/ThreadRng, which reseed continuously. A one-time seed-expand design means that any compromise of the initial entropy snapshot exposes every subsequently generated wallet, and the code departs from what xrpl-py / xrpl.js use.Location
Impact / Severity
Critical — Cryptographic-RNG selection. Compromise of the single initial entropy seed exposes every wallet generated during the process lifetime. Switch to
OsRng(or a vetted reseeding CSPRNG) for all secret-material generation.Adversarial Agent Notes
Verdict: ACCEPT. HC-128 is eSTREAM-portfolio and not broken, so the practical risk is moderate, but the choice is inconsistent with every other XRPL SDK. No demo test — RNG quality isn't testable in a unit test.