Warn when using weak entropy and strong mnemonic

author Ian Coleman <ian@iancoleman.io>

Thu, 12 Apr 2018 02:16:05 +0000 (12:16 +1000)

committer Ian Coleman <ian@iancoleman.io>

Thu, 12 Apr 2018 02:16:05 +0000 (12:16 +1000)
author Ian Coleman <ian@iancoleman.io>
Thu, 12 Apr 2018 02:16:05 +0000 (12:16 +1000)
committer Ian Coleman <ian@iancoleman.io>
Thu, 12 Apr 2018 02:16:05 +0000 (12:16 +1000)
diff --git a/src/index.html b/src/index.html

index df5bf67fc93ef3fecc749b5c30104cf9a0d1d96d..40566105ffb84a7953caa77cb67d7008f8d3b0ac 100644 (file)
--- a/src/index.html
+++ b/src/index.html
@@ -113,6 +113,11 @@
                                              <option value="21">21 <span>Words</span></option>
                                              <option value="24">24 <span>Words</span></option>
                                          </select>
+                                        <p class="weak-entropy-override-warning hidden">
+                                            <span class="text-danger">
+                                                The mnemonic will appear more secure than it really is.
+                                            </span>
+                                        </p>
                                      </div>
                                  </div>
                                  <div class="col-sm-3">
diff --git a/src/js/index.js b/src/js/index.js

index 0a2d3626e70e34b5f46ee0f7ecc4d9b399fe9d1e..e96f4a90fcdd43b132a194cd444e401861da12b8 100644 (file)
--- a/src/js/index.js
+++ b/src/js/index.js
@@ -40,6 +40,7 @@
      DOM.entropyWordIndexes = DOM.entropyContainer.find(".word-indexes");
      DOM.entropyChecksum = DOM.entropyContainer.find(".checksum");
      DOM.entropyMnemonicLength = DOM.entropyContainer.find(".mnemonic-length");
+    DOM.entropyWeakEntropyOverrideWarning = DOM.entropyContainer.find(".weak-entropy-override-warning");
      DOM.entropyFilterWarning = DOM.entropyContainer.find(".filter-warning");
      DOM.phrase = $(".phrase");
      DOM.passphrase = $(".passphrase");
@@ -1190,6 +1191,17 @@
              mnemonicLength = parseInt(mnemonicLength);
              var numberOfBits = 32 * mnemonicLength / 3;
              bits = bits.substring(0, numberOfBits);
+            // show warning for weak entropy override
+            if (mnemonicLength / 3 * 32 > entropy.binaryStr.length) {
+                DOM.entropyWeakEntropyOverrideWarning.removeClass("hidden");
+            }
+            else {
+                DOM.entropyWeakEntropyOverrideWarning.addClass("hidden");
+            }
+        }
+        else {
+            // hide warning for weak entropy override
+            DOM.entropyWeakEntropyOverrideWarning.addClass("hidden");
          }
          // Discard trailing entropy
          var bitsToUse = Math.floor(bits.length / 32) * 32;
diff --git a/tests/spec/tests.js b/tests/spec/tests.js

index 945a9232adfffb91d514ed0f1befad6a1e3b2969..034b50fc805e5407ff0d547c636415b5b2da68d3 100644 (file)
--- a/tests/spec/tests.js
+++ b/tests/spec/tests.js
@@ -3530,4 +3530,36 @@ it('Does not show a warning if generating strong mnemonics', function(done) {
          });
  });
  
+it('Shows a warning if overriding weak entropy with longer mnemonics', function(done) {
+    driver.findElement(By.css('.use-entropy'))
+        .click();
+    driver.findElement(By.css('.entropy'))
+        .sendKeys("0123456789abcdef"); // 6 words
+    driver.executeScript(function() {
+        $(".mnemonic-length").val("12").trigger("change");
+    });
+    driver.findElement(By.css(".weak-entropy-override-warning"))
+        .getAttribute("class")
+        .then(function(classes) {
+            expect(classes).not.toContain("hidden");
+            done();
+        });
+});
+
+it('Does not show a warning if entropy is stronger than mnemonic length', function(done) {
+    driver.findElement(By.css('.use-entropy'))
+        .click();
+    driver.findElement(By.css('.entropy'))
+        .sendKeys("0123456789abcdef0123456789abcdef0123456789abcdef"); // 18 words
+    driver.executeScript(function() {
+        $(".mnemonic-length").val("12").trigger("change");
+    });
+    driver.findElement(By.css(".weak-entropy-override-warning"))
+        .getAttribute("class")
+        .then(function(classes) {
+            expect(classes).toContain("hidden");
+            done();
+        });
+});
+
  });
author	Ian Coleman <ian@iancoleman.io>
	Thu, 12 Apr 2018 02:16:05 +0000 (12:16 +1000)
committer	Ian Coleman <ian@iancoleman.io>
	Thu, 12 Apr 2018 02:16:05 +0000 (12:16 +1000)
src/index.html		patch \| blob \| blame \| history
src/js/index.js		patch \| blob \| blame \| history
tests/spec/tests.js		patch \| blob \| blame \| history