Blogpost no.5: update technical information

_posts/2024-01-23-research-update-5.md

@@ -18,7 +18,7 @@ Using the newly available information, we managed to reproduce some of their fin
 
 ## Vulnerability TL;DR
 
-Open source code shows that [a core component](https://github.com/trustwallet/trezor-crypto-ios/commits/master/) of the `Trust Wallet` app for iOS generated new cryptocurrency wallets using unsafe functions in the `trezor-crypto` library that were not meant for production. As a result, their wallet entropy is based on a weak PRNG with 32-bit state that is seeded with easy-to-guess time values. This makes all wallets generated with vulnerable app versions easy to brute force remotely, like the weak `bx seed` mechanism in Libbitcoin. Both weaknesses were attacked on-chain at the same time in July 2023.
+Open source code shows that [a core component](https://github.com/trustwallet/trezor-crypto-ios/commits/master/) of the `Trust Wallet` app for iOS generated new cryptocurrency wallets using unsafe functions in the `trezor-crypto` library that were not meant for production. As a result, their wallet entropy is based on a weak PRNG with 31-bit initial state that is seeded with easy-to-guess time values. This makes all wallets generated with vulnerable app versions easy to brute force remotely, like the weak `bx seed` mechanism in Libbitcoin. Both weaknesses were attacked on-chain at the same time in July 2023.
 
 If you want to understand this better, we recommend taking a look at the [Trust Wallet's Fomo3D Summer: Fresh Discovery of Low Entropy Flaw From 2018](https://secbit.io/blog/en/2024/01/19/trust-wallets-fomo3d-summer-vuln/) disclosure of the SECBIT team.
 
@@ -34,7 +34,7 @@ The newly disclosed vulnerability comes in two forms. Together with the previous
 | vulnerable Trust Wallet iOS app - **variant A** | Mid-2018 | `LCG16807` `MINSTD_RAND0`<br/> + `trezor-crypto` [2e528be](https://github.com/trezor/trezor-crypto/commit/2e528be1e91dd48c0e55061fbdd40ccf8b285559) | this article | CVE-2024-23660 ? |
 | vulnerable Trust Wallet iOS app - **variant B** | Mid-2018 | `LCG16807` `MINSTD_RAND0`<br/> + `trezor-crypto` [009850](https://github.com/trezor/trezor-crypto/commit/009850f6c9afcf60b4c6280afd46868b1a7a1fdd) | this article | CVE-2024-23660 ? |
 
-Each weak PRNGs variant make for different ranges of weak wallets. This article is _exclusively_ about the two newly discovered variants, and does not cover the Mersenne Twister based vulnerability.
+Each weak PRNGs variant creates different ranges of weak wallets. This article is _exclusively_ about the two newly discovered variants, and does not cover the Mersenne Twister based vulnerability.
 
 ## Early Results
 
@@ -44,7 +44,7 @@ srand((unsigned)time(NULL));
 ```
 `time(NULL)` returns the _seconds_ since 1970-01-01 00:00:00, representing the "random" base for `srand()` to pick the first PRNG state setting. Developers may know this time format as [Unix time](https://en.wikipedia.org/wiki/Unix_time).
 
-For our initial experiments, we assume that the devices running the code had reasonably correct date and clock settings at the time they generated new wallets. The PRNG has a 32-bit state, but we used the known `srand()` behavior to focus our initial search onto a smaller subset of wallets which correspond to certain creation dates. This optimization speeds up the initial work.
+For our initial experiments, we assume that the devices running the code had reasonably correct date and clock settings at the time they generated new wallets. The PRNG has a 31-bit state, but we used the known `srand()` behavior to focus our initial search onto a smaller subset of wallets which correspond to certain creation dates. This optimization speeds up the initial work.
 
 ### Over 6500 Weak Wallets 🔥
 Within the wallet ranges with 12 mnemonic words (128 bits), we found the following: