Warn when generating low entropy mnemonics

diff --git a/src/index.html b/src/index.html
index 2ee79c06072cb558e6f025a2275db3db744726e9..df5bf67fc93ef3fecc749b5c30104cf9a0d1d96d 100644 (file)
--- a/src/index.html
+++ b/src/index.html
@@ -48,7 +48,12 @@
                                             <option value="21">21</option>
                                             <option value="24">24</option>
                                         </select>
-                                        <span>words</span>
+                                        <span>words</span>.
+                                        <p class="warning help-block hidden">
+                                            <span class="text-danger">
+                                                Mnemonics with less than 12 words have low entropy and may be guessed by an attacker.
+                                            </span>
+                                        </p>
                                     </div>
                                 </div>
                             </div>

diff --git a/src/js/index.js b/src/js/index.js
index ee475092c265d83b741855fd0dfdaa0c7c04b2c7..0a2d3626e70e34b5f46ee0f7ecc4d9b399fe9d1e 100644 (file)
--- a/src/js/index.js
+++ b/src/js/index.js
@@ -88,6 +88,7 @@
     DOM.bip141path = $("#bip141-path");
     DOM.bip141semantics = $(".bip141-semantics");
     DOM.generatedStrength = $(".generate-container .strength");
+    DOM.generatedStrengthWarning = $(".generate-container .warning");
     DOM.hardenedAddresses = $(".hardened-addresses");
     DOM.useBitpayAddressesContainer = $(".use-bitpay-addresses-container");
     DOM.useBitpayAddresses = $(".use-bitpay-addresses");
@@ -114,6 +115,7 @@
 
     function init() {
         // Events
+        DOM.generatedStrength.on("change", generatedStrengthChanged);
         DOM.network.on("change", networkChanged);
         DOM.bip32Client.on("change", bip32ClientChanged);
         DOM.useEntropy.on("change", setEntropyVisibility);
@@ -155,6 +157,16 @@
 
     // Event handlers
 
+    function generatedStrengthChanged() {
+        var strength = parseInt(DOM.generatedStrength.val());
+        if (strength < 12) {
+            DOM.generatedStrengthWarning.removeClass("hidden");
+        }
+        else {
+            DOM.generatedStrengthWarning.addClass("hidden");
+        }
+    }
+
     function networkChanged(e) {
         clearDerivedKeys();
         clearAddressesList();

diff --git a/tests/spec/tests.js b/tests/spec/tests.js
index 571047f340fcbf12960797ba2090bcbbf6829a3b..945a9232adfffb91d514ed0f1befad6a1e3b2969 100644 (file)
--- a/tests/spec/tests.js
+++ b/tests/spec/tests.js
@@ -3503,4 +3503,31 @@ it('Uses vprv for bitcoin testnet p2wpkh', function(done) {
     });
 });
 
+it('Shows a warning if generating weak mnemonics', function(done) {
+    driver.executeScript(function() {
+        $(".strength option[selected]").removeAttr("selected");
+        $(".strength option[value=6]").prop("selected", true);
+        $(".strength").trigger("change");
+    });
+    driver.findElement(By.css(".generate-container .warning"))
+        .getAttribute("class")
+        .then(function(classes) {
+            expect(classes).not.toContain("hidden");
+            done();
+        });
+});
+
+it('Does not show a warning if generating strong mnemonics', function(done) {
+    driver.executeScript(function() {
+        $(".strength option[selected]").removeAttr("selected");
+        $(".strength option[value=12]").prop("selected", true);
+    });
+    driver.findElement(By.css(".generate-container .warning"))
+        .getAttribute("class")
+        .then(function(classes) {
+            expect(classes).toContain("hidden");
+            done();
+        });
+});
+
 });