Warn when generating low entropy mnemonics

author: Ian Coleman <ian@iancoleman.io> 2018-04-12 11:46:44 +1000
committer: Ian Coleman <ian@iancoleman.io> 2018-04-12 12:08:52 +1000
commit: 85c906727a24ab97a3c2908c72ad37ad988ecb01 (patch)
tree: a2481ff3c2c8965c2086c0cbf317ead5d988f6d3
parent: d1b4c8c579b34924fbce919c423f3c9baab81083 (diff)
download: BIP39-85c906727a24ab97a3c2908c72ad37ad988ecb01.tar.gz
BIP39-85c906727a24ab97a3c2908c72ad37ad988ecb01.tar.zst
BIP39-85c906727a24ab97a3c2908c72ad37ad988ecb01.zip
3 files changed, 45 insertions, 1 deletions
diff --git a/src/index.html b/src/index.html
index 2ee79c0..df5bf67 100644
--- a/src/index.html
+++ b/src/index.html
@@ -48,7 +48,12 @@
                                            <option value="21">21</option>
                                            <option value="24">24</option>
                                        </select>
-                                        <span>words</span>
+                                        <span>words</span>.
+                                        <p class="warning help-block hidden">
+                                            <span class="text-danger">
+                                                Mnemonics with less than 12 words have low entropy and may be guessed by an attacker.
+                                            </span>
+                                        </p>
                                    </div>
                                </div>
                            </div>
diff --git a/src/js/index.js b/src/js/index.js
index ee47509..0a2d362 100644
--- a/src/js/index.js
+++ b/src/js/index.js
@@ -88,6 +88,7 @@
    DOM.bip141path = $("#bip141-path");
    DOM.bip141semantics = $(".bip141-semantics");
    DOM.generatedStrength = $(".generate-container .strength");
+    DOM.generatedStrengthWarning = $(".generate-container .warning");
    DOM.hardenedAddresses = $(".hardened-addresses");
    DOM.useBitpayAddressesContainer = $(".use-bitpay-addresses-container");
    DOM.useBitpayAddresses = $(".use-bitpay-addresses");
@@ -114,6 +115,7 @@
    function init() {
        // Events
+        DOM.generatedStrength.on("change", generatedStrengthChanged);
        DOM.network.on("change", networkChanged);
        DOM.bip32Client.on("change", bip32ClientChanged);
        DOM.useEntropy.on("change", setEntropyVisibility);
@@ -155,6 +157,16 @@
    // Event handlers
+    function generatedStrengthChanged() {
+        var strength = parseInt(DOM.generatedStrength.val());
+        if (strength < 12) {
+            DOM.generatedStrengthWarning.removeClass("hidden");
+        }
+        else {
+            DOM.generatedStrengthWarning.addClass("hidden");
+        }
+    }
    function networkChanged(e) {
        clearDerivedKeys();
        clearAddressesList();
diff --git a/tests/spec/tests.js b/tests/spec/tests.js
index 571047f..945a923 100644
--- a/tests/spec/tests.js
+++ b/tests/spec/tests.js
@@ -3503,4 +3503,31 @@ it('Uses vprv for bitcoin testnet p2wpkh', function(done) {
    });
 });
+it('Shows a warning if generating weak mnemonics', function(done) {
+    driver.executeScript(function() {
+        $(".strength option[selected]").removeAttr("selected");
+        $(".strength option[value=6]").prop("selected", true);
+        $(".strength").trigger("change");
+    });
+    driver.findElement(By.css(".generate-container .warning"))
+        .getAttribute("class")
+        .then(function(classes) {
+            expect(classes).not.toContain("hidden");
+            done();
+        });
+});
+it('Does not show a warning if generating strong mnemonics', function(done) {
+    driver.executeScript(function() {
+        $(".strength option[selected]").removeAttr("selected");
+        $(".strength option[value=12]").prop("selected", true);
+    });
+    driver.findElement(By.css(".generate-container .warning"))
+        .getAttribute("class")
+        .then(function(classes) {
+            expect(classes).toContain("hidden");
+            done();
+        });
+});
 });
author	Ian Coleman <ian@iancoleman.io>	2018-04-12 11:46:44 +1000
committer	Ian Coleman <ian@iancoleman.io>	2018-04-12 12:08:52 +1000
commit	85c906727a24ab97a3c2908c72ad37ad988ecb01 (patch)
tree	a2481ff3c2c8965c2086c0cbf317ead5d988f6d3
parent	d1b4c8c579b34924fbce919c423f3c9baab81083 (diff)
download	BIP39-85c906727a24ab97a3c2908c72ad37ad988ecb01.tar.gz BIP39-85c906727a24ab97a3c2908c72ad37ad988ecb01.tar.zst BIP39-85c906727a24ab97a3c2908c72ad37ad988ecb01.zip

diff --git a/src/index.html b/src/index.html index 2ee79c0..df5bf67 100644 --- a/src/index.html +++ b/src/index.html
@@ -48,7 +48,12 @@
48	<option value="21">21</option>	48	<option value="21">21</option>
49	<option value="24">24</option>	49	<option value="24">24</option>
50	</select>	50	</select>
51	<span>words</span>	51	<span>words</span>.
		52	<p class="warning help-block hidden">
		53	<span class="text-danger">
		54	Mnemonics with less than 12 words have low entropy and may be guessed by an attacker.
		55	</span>
		56	</p>
52	</div>	57	</div>
53	</div>	58	</div>
54	</div>	59	</div>


diff --git a/src/js/index.js b/src/js/index.js index ee47509..0a2d362 100644 --- a/src/js/index.js +++ b/src/js/index.js
@@ -88,6 +88,7 @@
88	DOM.bip141path = $("#bip141-path");	88	DOM.bip141path = $("#bip141-path");
89	DOM.bip141semantics = $(".bip141-semantics");	89	DOM.bip141semantics = $(".bip141-semantics");
90	DOM.generatedStrength = $(".generate-container .strength");	90	DOM.generatedStrength = $(".generate-container .strength");
		91	DOM.generatedStrengthWarning = $(".generate-container .warning");
91	DOM.hardenedAddresses = $(".hardened-addresses");	92	DOM.hardenedAddresses = $(".hardened-addresses");
92	DOM.useBitpayAddressesContainer = $(".use-bitpay-addresses-container");	93	DOM.useBitpayAddressesContainer = $(".use-bitpay-addresses-container");
93	DOM.useBitpayAddresses = $(".use-bitpay-addresses");	94	DOM.useBitpayAddresses = $(".use-bitpay-addresses");
@@ -114,6 +115,7 @@
114		115
115	function init() {	116	function init() {
116	// Events	117	// Events
		118	DOM.generatedStrength.on("change", generatedStrengthChanged);
117	DOM.network.on("change", networkChanged);	119	DOM.network.on("change", networkChanged);
118	DOM.bip32Client.on("change", bip32ClientChanged);	120	DOM.bip32Client.on("change", bip32ClientChanged);
119	DOM.useEntropy.on("change", setEntropyVisibility);	121	DOM.useEntropy.on("change", setEntropyVisibility);
@@ -155,6 +157,16 @@
155		157
156	// Event handlers	158	// Event handlers
157		159
		160	function generatedStrengthChanged() {
		161	var strength = parseInt(DOM.generatedStrength.val());
		162	if (strength < 12) {
		163	DOM.generatedStrengthWarning.removeClass("hidden");
		164	}
		165	else {
		166	DOM.generatedStrengthWarning.addClass("hidden");
		167	}
		168	}
		169
158	function networkChanged(e) {	170	function networkChanged(e) {
159	clearDerivedKeys();	171	clearDerivedKeys();
160	clearAddressesList();	172	clearAddressesList();


diff --git a/tests/spec/tests.js b/tests/spec/tests.js index 571047f..945a923 100644 --- a/tests/spec/tests.js +++ b/tests/spec/tests.js
@@ -3503,4 +3503,31 @@ it('Uses vprv for bitcoin testnet p2wpkh', function(done) {
3503	});	3503	});
3504	});	3504	});
3505		3505
		3506	it('Shows a warning if generating weak mnemonics', function(done) {
		3507	driver.executeScript(function() {
		3508	$(".strength option[selected]").removeAttr("selected");
		3509	$(".strength option[value=6]").prop("selected", true);
		3510	$(".strength").trigger("change");
		3511	});
		3512	driver.findElement(By.css(".generate-container .warning"))
		3513	.getAttribute("class")
		3514	.then(function(classes) {
		3515	expect(classes).not.toContain("hidden");
		3516	done();
		3517	});
		3518	});
		3519
		3520	it('Does not show a warning if generating strong mnemonics', function(done) {
		3521	driver.executeScript(function() {
		3522	$(".strength option[selected]").removeAttr("selected");
		3523	$(".strength option[value=12]").prop("selected", true);
		3524	});
		3525	driver.findElement(By.css(".generate-container .warning"))
		3526	.getAttribute("class")
		3527	.then(function(classes) {
		3528	expect(classes).toContain("hidden");
		3529	done();
		3530	});
		3531	});
		3532
3506	});	3533	});