From a5d14ba45bf6786aed0676ca5a449270263426a2 Mon Sep 17 00:00:00 2001
From: Mike Hearn <mike@plan99.net>
Date: Sun, 24 Nov 2013 23:59:42 +0100
Subject: [PATCH] HDW: Add some docs and a safety check to HDKeyDerivation.

---
 .../main/java/com/google/bitcoin/crypto/HDKeyDerivation.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/com/google/bitcoin/crypto/HDKeyDerivation.java b/core/src/main/java/com/google/bitcoin/crypto/HDKeyDerivation.java
index df979587..32c03d0d 100644
--- a/core/src/main/java/com/google/bitcoin/crypto/HDKeyDerivation.java
+++ b/core/src/main/java/com/google/bitcoin/crypto/HDKeyDerivation.java
@@ -39,11 +39,14 @@ public final class HDKeyDerivation {
     /**
      * Generates a new deterministic key from the given seed, which can be any arbitrary byte array. However resist
      * the temptation to use a string as the seed - any key derived from a password is likely to be weak and easily
-     * broken by attackers (this is not theoretical, people have had money stolen that way).
+     * broken by attackers (this is not theoretical, people have had money stolen that way). This method checks
+     * that the given seed is at least 64 bits long.
      *
      * @throws HDDerivationException if generated master key is invalid (private key 0 or >= n).
+     * @throws IllegalArgumentException if the seed is less than 8 bytes and could be brute forced.
      */
     public static DeterministicKey createMasterPrivateKey(byte[] seed) throws HDDerivationException {
+        checkArgument(seed.length > 8, "Seed is too short and could be brute forced");
         // Calculate I = HMAC-SHA512(key="Bitcoin seed", msg=S)
         byte[] i = HDUtils.hmacSha512(MASTER_HMAC_SHA512, seed);
         // Split I into two 32-byte sequences, Il and Ir.