This is a bug with security implications. It is much easier to guess the value
of k within a 64 byte range. This would lead to compromised private keys.
The cryptography interface of bitcore is extremely poor. I recommend:
* Get rid of the C++ code, since it makes everything more difficult with little benefit
* Refactor all crypto, and have easily auditable bignum, point, ecdsa, and key classes
* Then actually audit the crypto
...this is the standard way to sign messages in bitcoin-qt. Note that the
format of a compressed signature, for messages, is quite distinct from DER
format, which is used in transactions. This commit also adds support for
recovering the public key from a signature, which is necessary for this. The
code for public key recover is taken from bitcoinjs-lib.
Generating random numbers properly depends on the platform. The new
getRandomBuffer method does the right thing on the right platform. It will
sometimes fail due to insufficient entropy. The getPseudoRandomBuffer class is
also provided that will never fail, but it is not cryptographically secure and
should not be used for keys.
