User enters seed - add warning if word not in dictionary #8968
Comments
|
Copy suggestion, now reflected in Figma:
|
|
Duplicate of #8810 By default, words outside the dictionary should not be allowed because it will diverge from standard, making it only recoverable in Status, not in MetaMask or any other following the standard. Also, it's a security weakness to allow users to enter a low entropy seed, read more about this here https://github.com/MyCryptoHQ/support.mycrypto.com/blob/a5b2bcd34088d93a6ac4bfdaefcab40b42159485/src/content/private-keys-passwords/parity-phrases-are-no-longer-supported.md#but-whyyyyy |
|
But what of this use case @3esmit?
Can't the user import a valid seed phrase from another wallet? |
Yes, this should happen.
I don't see how does a word would "intentionally does not match our dictionary, and comes from another wallet", if that's the case is the other wallet which would not be following the mnemonic standard. Personally I am not against allowing custom words in the dictionary, but the standard is: it would diverge from standard and they would only work in Status (or other wallets supporting this custom dictionary mnemonic). |
|
So I'll admit, I have no idea how derivation paths or seed phrases work. But it sounds like Status dictionary = common. And if a word doesn't match our dictionary, it can't also be a correct mnemonic coming from MEW or Trust or another wallet either? In which case, this should really only be an error about misspelling/incorrect seed phrase. And should be prevented. |
|
so it seems the question we have to answer is : do we keep on accepting a seed which includes word which are outside of BIP39 'official' lists here : https://github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md Two options I don't know if there was a particular reason why we let the user use any word in his list of 12 words. @dmitryn do you know ? |
If Status, MEW and Trust are following the mnemonic specification correctly, no. If a word doesn't match BIP39 dictionary, it is not a valid BIP39 (or whatever is supported) seed phrase; it can be a valid mnemonic of other specification, which isn't supported. If Status want to support multiple specifications, would be a positive aggregation, but for me seems like everyone is already using BIP39. Opening words outside dictionary of BIP39, i.e. allowing invalid BIP39 seed phrases, does not seem to bring benefit to users, and will probably cause interoperability issues, recovery mistakes and low entropy seeds (with potential loss of funds). Instead of this, I suggest:
|
|
@guylouis @rachelhamlin @3esmit 1: 2: the other wallets check this, and don't allow importing the second one. |
|
@yenda |
|
I guess is a different issue now. |
|
Ok I agree with Ricardo we should not allow it |
Situation
When a user imports a multiaccount by typing in his 12 words seed phrase:
Improvement
Upon detection of a word that is not in our dictionnary, we will show a warning pop-up.
This pop-up will thus show if there is a mispelling, or the user types a seed phrase in a language we don't support
Definition of the popup
WARNING : exact copy is not ok on figma or image below. Copy should be :
"This looks like a custom seed phrase and doesn't match the Status dictionary. This could also mean some words are misspelled. If so, you'll end up creating a new account.
Continue
Cancel"
https://www.figma.com/file/dEIljL7UPbXgsZUA0Q4qlE5E/Onboarding?node-id=927%3A14702
cc @rachelhamlin @andmironov @hesterbruikman
The text was updated successfully, but these errors were encountered: