Merge pull request #2682 from subtly/cryptoFix

SEC-011

libdevcrypto/Common.cpp

@@ -300,7 +300,7 @@ h256 crypto::kdf(Secret const& _priv, h256 const& _hash)
 {
 	// H(H(r||k)^h)
 	h256 s;
-	sha3mac(Nonce::get().ref(), _priv.ref(), s.ref());
+	sha3mac(Secret::random().ref(), _priv.ref(), s.ref());
 	s ^= _hash;
 	sha3(s.ref(), s.ref());
 	
@@ -367,7 +367,7 @@ Secret Nonce::next()
 {
 	initialiseIfNeeded();
 	m_value = sha3(m_value);
-	return m_value;
+	return sha3(m_value);
 }
 
 void Nonce::resetInternal()

libdevcrypto/Common.h

@@ -189,6 +189,12 @@ h256 kdf(Secret const& _priv, h256 const& _hash);
 
 /**
  * @brief Generator for nonce material.
+ *The Nonce class should only be used when a non-repeating nonce 
+ * is required and, in its current form, not recommended for signatures.
+ * This is primarily because the key-material for signatures is 
+ * encrypted on disk whereas the seed for Nonce is not. 
+ * Thus, Nonce's primary intended use at this time is for networking 
+ * where the key is also stored in plaintext.
  */
 class Nonce
 {