Thanks for the info! So it seems if k is chosen correctly there is no way it can leak data even after an improbably large number of transactions are posted.
But there must still be some source of randomness for k besides just the message data? Otherwise signing the same message twice (like re-connecting to a web3 app via signed message, no transaction involved) would reveal your private key.
You need to include both the message and the private key in the hash. Since signing the same message twice with the same private key produces the same signature, it doesn't leak any additional information.
But there must still be some source of randomness for k besides just the message data? Otherwise signing the same message twice (like re-connecting to a web3 app via signed message, no transaction involved) would reveal your private key.