Warn when using weak entropy and strong mnemonic

2026-04-05 18:43:47 +00:00 · 2018-04-12 12:16:05 +10:00
parent 85c906727a
commit 645945a00f
3 changed files with 49 additions and 0 deletions
--- a/src/index.html
+++ b/src/index.html
@@ -113,6 +113,11 @@
                                            <option value="21">21 <span>Words</span></option>
                                            <option value="24">24 <span>Words</span></option>
                                        </select>
+                                        <p class="weak-entropy-override-warning hidden">
+                                            <span class="text-danger">
+                                                The mnemonic will appear more secure than it really is.
+                                            </span>
+                                        </p>
                                    </div>
                                </div>
                                <div class="col-sm-3">
--- a/src/js/index.js
+++ b/src/js/index.js
@@ -40,6 +40,7 @@
    DOM.entropyWordIndexes = DOM.entropyContainer.find(".word-indexes");
    DOM.entropyChecksum = DOM.entropyContainer.find(".checksum");
    DOM.entropyMnemonicLength = DOM.entropyContainer.find(".mnemonic-length");
+    DOM.entropyWeakEntropyOverrideWarning = DOM.entropyContainer.find(".weak-entropy-override-warning");
    DOM.entropyFilterWarning = DOM.entropyContainer.find(".filter-warning");
    DOM.phrase = $(".phrase");
    DOM.passphrase = $(".passphrase");
@@ -1190,6 +1191,17 @@
            mnemonicLength = parseInt(mnemonicLength);
            var numberOfBits = 32 * mnemonicLength / 3;
            bits = bits.substring(0, numberOfBits);
+            // show warning for weak entropy override
+            if (mnemonicLength / 3 * 32 > entropy.binaryStr.length) {
+                DOM.entropyWeakEntropyOverrideWarning.removeClass("hidden");
+            }
+            else {
+                DOM.entropyWeakEntropyOverrideWarning.addClass("hidden");
+            }
+        }
+        else {
+            // hide warning for weak entropy override
+            DOM.entropyWeakEntropyOverrideWarning.addClass("hidden");
        }
        // Discard trailing entropy
        var bitsToUse = Math.floor(bits.length / 32) * 32;
--- a/tests/spec/tests.js
+++ b/tests/spec/tests.js
@@ -3530,4 +3530,36 @@ it('Does not show a warning if generating strong mnemonics', function(done) {
        });
 });

+it('Shows a warning if overriding weak entropy with longer mnemonics', function(done) {
+    driver.findElement(By.css('.use-entropy'))
+        .click();
+    driver.findElement(By.css('.entropy'))
+        .sendKeys("0123456789abcdef"); // 6 words
+    driver.executeScript(function() {
+        $(".mnemonic-length").val("12").trigger("change");
+    });
+    driver.findElement(By.css(".weak-entropy-override-warning"))
+        .getAttribute("class")
+        .then(function(classes) {
+            expect(classes).not.toContain("hidden");
+            done();
+        });
+});
+
+it('Does not show a warning if entropy is stronger than mnemonic length', function(done) {
+    driver.findElement(By.css('.use-entropy'))
+        .click();
+    driver.findElement(By.css('.entropy'))
+        .sendKeys("0123456789abcdef0123456789abcdef0123456789abcdef"); // 18 words
+    driver.executeScript(function() {
+        $(".mnemonic-length").val("12").trigger("change");
+    });
+    driver.findElement(By.css(".weak-entropy-override-warning"))
+        .getAttribute("class")
+        .then(function(classes) {
+            expect(classes).toContain("hidden");
+            done();
+        });
+});
+
 });