This is a bug with security implications. It is much easier to guess the value
of k within a 64 byte range. This would lead to compromised private keys.
The cryptography interface of bitcore is extremely poor. I recommend:
* Get rid of the C++ code, since it makes everything more difficult with little benefit
* Refactor all crypto, and have easily auditable bignum, point, ecdsa, and key classes
* Then actually audit the crypto
...this is the standard way to sign messages in bitcoin-qt. Note that the
format of a compressed signature, for messages, is quite distinct from DER
format, which is used in transactions. This commit also adds support for
recovering the public key from a signature, which is necessary for this. The
code for public key recover is taken from bitcoinjs-lib.
