Agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`

Dear all,

Recently, the DFINITY security team received a disclosure of a critical bug affecting the agent-js repository, in particular @dfinity/identity and @dfinity/auth-client.

The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using secure randomness. However, a recent change broke this guarantee and uses an insecure seed for key pair generation. Anyone calling Ed25519KeyIdentity.generate() without a parameter is affected.

The affected versions of the packages are >= v0.20.0-beta.0, < 1.0.1. A patch for the vulnerability is available in v1.0.1 for all the packages listed above. Developers are recommended to upgrade and deploy the fix immediately.

Since the principal 535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe associated to the insecure seed is compromised, one could lose funds held by the principal on ledgers or lose access to a canister where this principal is the controller. Users are asked to take proactive measures mentioned in the GitHub Advisory to protect their assets.

The security team also performed an impact analysis of the bug since the disclosure:

  • Canisters deployed by DFINITY aren’t affected by the bug.
  • The principal mentioned above does not hold funds on the ICP and SNS controlled ledgers

We encourage the ICP community to report any new issues or bugs found responsibly. Please refer to the Bug Bounty program for more information.

If you have any questions, please reach out to us in this thread or privately.



As a note of interest, the default account for this is 1e1838071cb875e59c1da64af5e04951bb3c1e94c1285bf9ff7480a645e1aa56

Looks like someone was using it to test something at some point: