[Bug] Phrases using common words between wordlists will fail unless passing lower index in Mnemonic.Words #3211
Comments
dabura667
changed the title
|
Chance of randomly generating a phrase that is valid for French and contains only words that are both in English and French: 1 in 100 quadrillion phrases. |
|
btw: Chinese Traditional / Simplified wordlists have a MUCH higher convergence rate... However, luckily (?) we don't need to worry, as we can't support zh-CN and zh-TW right now, so we only have zh-CN (simplified) on Crowdin. |
|
Thanks a lot for this detailed report! We will check it. |
|
@matiu Found this: Between L65 and L66 we could add the lines: while (!Mnemonic.isValid(m.toString())) {
var m = new Mnemonic(wordsForLang[language])
};This would basically check to see if the generated phrase will be Validated correctly when entered, and regenerate if not. This way, at least, we know that Copay can not generate phrases that it will not be able to validate. |
|
Yes, that is good idea. But, since we manage the bitcore-payment-protocol libs, we will try to fix it there directly. Given that the error is so unlikely, and if it happens the funds will safe anyways, we will update bitcore-payment-protocol for the next release. Thanks a lot for the report, great catch! |
|
I was about to say... haha. but to be honest, I am not sure how you would fix it in bitcore-mnemonic. The method of "search every word and find the first wordlist that contains every word." seems like a fine method. Maybe "search all wordlists even if a match is found, and if it matches multiple wordlists, check the checksum against all matched wordlists and return true if any one of them matches." would be better. |
and others
Here are 3 phrases, all using only the common words of English and French.
One only checks OK on the English wordlist, one only checks OK on the French wordlist, and the last one checks OK on both lists.
Entering all three into Copay using the following locale settings will yield the following results:
'en':
'fr':
The expected behavior would be:
'en':
'fr':
Suggestion:
Depending on the locale of Copay, pass a wordlist to bitcore-mnemonic in this line:
https://github.com/bitpay/bitcore-wallet-client/blob/b342e6d8f9be23a904dbff3219028bc47a47e322/lib/credentials.js#L86
like this:
var m = new Mnemonic(words, localewordlist);There is a possibility (though very small) that a French phrase generated by Copay can not be recovered in Copay due to this. (Unless you are checking the mnemonic output again using Mnemonic.isValid() after generating.
The text was updated successfully, but these errors were encountered: