This content delves into the vulnerabilities in the Dart/Flutter ecosystem, highlighting issues such as the predictable initial seed in the Dart SDK, the encryption vulnerability in Proton Wallet, and potential security risks in the Dart Tooling Daemon. The misuse of the standard PRNG in Dart and Flutter code can lead to predictable outcomes, making it vulnerable to attacks. Surprisingly, the secrets generated for authentication codes were found to be only 32 bits, allowing for potential brute force attacks. The content also discusses the implications of using the Secure Remote Password Protocol in Proton Wallet for user authentication, emphasizing the importance of secure practices in app development.
https://www.zellic.io/blog/proton-dart-flutter-csprng-prng/