From 645945a00fe588064d33dca49f75f27e08b8f11e Mon Sep 17 00:00:00 2001
From: Ian Coleman <ian@iancoleman.io>
Date: Thu, 12 Apr 2018 12:16:05 +1000
Subject: [PATCH] Warn when using weak entropy and strong mnemonic

---
 src/index.html      |  5 +++++
 src/js/index.js     | 12 ++++++++++++
 tests/spec/tests.js | 32 ++++++++++++++++++++++++++++++++
 3 files changed, 49 insertions(+)

diff --git a/src/index.html b/src/index.html
index df5bf67..4056610 100644
--- a/src/index.html
+++ b/src/index.html
@@ -113,6 +113,11 @@
                                             <option value="21">21 <span>Words</span></option>
                                             <option value="24">24 <span>Words</span></option>
                                         </select>
+                                        <p class="weak-entropy-override-warning hidden">
+                                            <span class="text-danger">
+                                                The mnemonic will appear more secure than it really is.
+                                            </span>
+                                        </p>
                                     </div>
                                 </div>
                                 <div class="col-sm-3">
diff --git a/src/js/index.js b/src/js/index.js
index 0a2d362..e96f4a9 100644
--- a/src/js/index.js
+++ b/src/js/index.js
@@ -40,6 +40,7 @@
     DOM.entropyWordIndexes = DOM.entropyContainer.find(".word-indexes");
     DOM.entropyChecksum = DOM.entropyContainer.find(".checksum");
     DOM.entropyMnemonicLength = DOM.entropyContainer.find(".mnemonic-length");
+    DOM.entropyWeakEntropyOverrideWarning = DOM.entropyContainer.find(".weak-entropy-override-warning");
     DOM.entropyFilterWarning = DOM.entropyContainer.find(".filter-warning");
     DOM.phrase = $(".phrase");
     DOM.passphrase = $(".passphrase");
@@ -1190,6 +1191,17 @@
             mnemonicLength = parseInt(mnemonicLength);
             var numberOfBits = 32 * mnemonicLength / 3;
             bits = bits.substring(0, numberOfBits);
+            // show warning for weak entropy override
+            if (mnemonicLength / 3 * 32 > entropy.binaryStr.length) {
+                DOM.entropyWeakEntropyOverrideWarning.removeClass("hidden");
+            }
+            else {
+                DOM.entropyWeakEntropyOverrideWarning.addClass("hidden");
+            }
+        }
+        else {
+            // hide warning for weak entropy override
+            DOM.entropyWeakEntropyOverrideWarning.addClass("hidden");
         }
         // Discard trailing entropy
         var bitsToUse = Math.floor(bits.length / 32) * 32;
diff --git a/tests/spec/tests.js b/tests/spec/tests.js
index 945a923..034b50f 100644
--- a/tests/spec/tests.js
+++ b/tests/spec/tests.js
@@ -3530,4 +3530,36 @@ it('Does not show a warning if generating strong mnemonics', function(done) {
         });
 });
 
+it('Shows a warning if overriding weak entropy with longer mnemonics', function(done) {
+    driver.findElement(By.css('.use-entropy'))
+        .click();
+    driver.findElement(By.css('.entropy'))
+        .sendKeys("0123456789abcdef"); // 6 words
+    driver.executeScript(function() {
+        $(".mnemonic-length").val("12").trigger("change");
+    });
+    driver.findElement(By.css(".weak-entropy-override-warning"))
+        .getAttribute("class")
+        .then(function(classes) {
+            expect(classes).not.toContain("hidden");
+            done();
+        });
+});
+
+it('Does not show a warning if entropy is stronger than mnemonic length', function(done) {
+    driver.findElement(By.css('.use-entropy'))
+        .click();
+    driver.findElement(By.css('.entropy'))
+        .sendKeys("0123456789abcdef0123456789abcdef0123456789abcdef"); // 18 words
+    driver.executeScript(function() {
+        $(".mnemonic-length").val("12").trigger("change");
+    });
+    driver.findElement(By.css(".weak-entropy-override-warning"))
+        .getAttribute("class")
+        .then(function(classes) {
+            expect(classes).toContain("hidden");
+            done();
+        });
+});
+
 });
-- 
2.41.0