In recovery, we need to refuse any mnemonic with words out of our supported BIP-39 dictionaries

[yenda]

Problem

As a user I want to have only BIP39 seedphrases so that I won't be using a memory wallet which is inherently unsafe.

Description

Updated description on 31/10/19. Issue is ready for pick-up. [RH]

#9005 (comment)

We MUST not let the user enter invalid seedphrases (not valid based on BIP39)

The roadmap for this feature:

step 1/ (like Trust wallet does, most minimalist approach) user enters seed, if mnemonic is not correct (some words are not part of dictionary, or the checksum is not ok) then when user validates mnemonic we show a minimalist error message "seed phrase not correct" and the user corrects his sentence with no special indication of what's wrong
step 2/ while a user types a word and it turns out it's not in our supported dictionaries we prompt a warning that this word is not in dictionary
step 3/ we do autocomplete of words

Acceptance Criteria

The scope of this issue is step 1 only.

• Words are validated against a known dictionary
• Word count is validated
• Checksum is validated
• If the seedphrase entered does not match dictionary, has wrong word count or is not checksum validated, display error copy: Your seed phrase is not correct. Please try again.

Implementation notes

[guylouis]

@dmitryn @andmironov
any design work needed here ?

[yenda]

yes we need a design for the auto completion of the words

[guylouis]

pinging @rachelhamlin too here

given the number of things to complete for v1, we could consider to go for a stepped approach:

• step 1/ (like Trust wallet does, most minimalist approach) user enters seed, if mnemonic is not correct (some words are not part of dictionary, or the checksum is not ok) then when user validates mnemonic we show a minimalist error message "seed phrase not correct" and the user corrects his sentence with no special indication of what's wrong
• step 2/ while a user types a word and it turns out it's not in our supported dictionaries we prompt a warning that this word is not in dictionary
• step 3/ we do autocomplete of words

wdyt ?

[3esmit]

Agree with step based. Step 1 is the MVP, Step 2 and Step 3 are UX improvements.

[guylouis]

This issue is thus about step 1, and will be closed once step 1 is done.

No design work needed.

If words are bad, or checksum is bad, error message can be : "Your seed phrase is not correct, please try again"

Improvements will be provided with #9084

[hesterbruikman]

Additional step here for which I'm curious if it's feasible at all:

step 4/ prevent native on-screen keyboard from auto completing the seed phrase. Currently having the first 2 letters of my phrase is all I need to recover:)

[andmironov]

Here's the current design. There's a word count and a popup we display after the user hits "Next" if the seed phrase has words that are not in our dictionary

[guylouis]

changed name of issue to "In recovery, we need to refuse any mnemonic with words out of our supported BIP-39 dictionaries" to distinguish it from newly created #9393

[flexsurfer]

after discussion with @gravityblast we decided to implement validation in status-go status-im/status-go#1663

[StatusSceptre]

Can I close this one @flexsurfer? Or do we need to build the error message?

[flexsurfer]

no, because we still need to make changes in status-react after status-go part will be ready

[acolytec3]

@flexsurfer once we finalize my PR, is the work on the status-react side to replace all of the phrase validation related functions in ethereum.mnemonic with a single call to the ValidMnemonic in status-go since that validates word length, words being in the dictionary, and checksum?

[flexsurfer]

probably we could still validate length in status-react, and if the length is valid, then validate in status-go

[acolytec3]

@flexsurfer Understood. I'll work up a local branch and see if I can get it to call the new Go method. Not 100% sure I've got everything set up right on the status-go side but we'll see.