Dr. Hax on Nostr: With that finding, I'm going to call it a night. To be cleae, I believe this is just ...

With that finding, I'm going to call it a night.

To be cleae, I believe this is just a compatibility bjf, not a security issue. So no need to panic.

I'll keep digging and submit a patch when I get it sorted.

quoting nevent1q…lesz

Yeah, here's my proof of work.

Library:
https://pypi.org/project/bitcoinlib/

Test vectors from: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki

Python code to repro the error:

from bitcoinlib.keys import HDKey
m = HDKey.from_seed('000102030405060708090a0b0c0d0e0f')
assert m.wif_public() == 'xpub661MyMwAqRbcFtXgS5sYJABqqG9YLmC4Q1Rdap9gSE8NqtwybGhePY2gZ29ESFjqJoCu1Rupje8YtGqsefD265TMg7usUDFdp6W1EGMcet8'
assert m.wif_private() == 'xprv9s21ZrQH143K3QTDL4LXw2F7HEK3wJUD2nW2nRk4stbPy6cq3jPPqjiChkVvvNKmPGJxWUtg6LnF5kejMRNNU3TGtRBeJgk33yuGBxrMPHi'

c1 = m.subkey_for_path("m/0")
assert c1.wif_public() == 'xpub68Gmy5EdvgibQVfPdqkBBCHxA5htiqg55crXYuXoQRKfDBFA1WEjWgP6LHhwBZeNK1VTsfTFUHCdrfp1bgwQ9xv5ski8PX9rL2dZXvgGDnw'
# fails here ^

assert c1.wif_private() == 'xprv9uHRZZhk6KAJC1avXpDAp4MDc3sQKNxDiPvvkX8Br5ngLNv1TxvUxt4cV1rGL5hj6KCesnDYUhd7oWgT11eZG7XnxHrnYeSvkzY7d2bhkJ7'