mnemonic.make_seed: add "extra_entropy" arg, and expose it to CLI/RPC #8839
Commits on Feb 21, 2024
-
mnemonic.make_seed: add "extra_entropy" arg, and expose it to CLI/RPC
This is useful for the following threat-model: > The randomness generated by the CPU/OS is assumed weak, but otherwise the user trusts the CPU/OS to execute code as-is. > The user can inspect the source code to see what they provide as custom entropy is used in a sane way. As the extra entropy is simply XOR-ed in, into the OS-generated randomness, it cannot be used as a footgun. Note this significantly differs from the old custom_entropy option [0] that existed between version ~2.0 and 3.1.2 [1]: - the old option *replaced* the OS-entropy with the user-provided entropy - e.g. if the user provided what looked like 64 bits of entropy, and by default we wanted to create a 132 bit seed, the resulting seed only used 132-64=68 bits of os.urandom() - hence I think the old option was a footgun -- it required expert knowledge to use properly - instead, the new option mixes the user-provided entropy with os.urandom(), in a way that can never make the result have less entropy - with the old option, the "custom_entropy" arg was an int, of which every "bit" was used as-is - for example, if the user wanted to provide some dice rolls, e.g. "6 3 5 2 6 6 2", and they passed the int "6352662" (base 10), they lost a lot of entropy by not using high decimal digits - i.e. the user was required to know *how* to convert their entropy to the expected format (e.g. dice rolls as base6, and then convert to base10) - instead, the new option takes an arbitrary string, which is then hashed internally, hence it is not possible to misuse the API - e.g. it is safe to provide dice rolls as a string, e.g. "6 3 5 2 6 6 2" or "6352662" or in any imaginable way - the old option exposed a "check_seed" CLI command, that could be used to verify the user-provided entropy was used as part of the seed-generation. This is not possible with the new option. related spesmilo#523 (comment) [0]: https://github.com/spesmilo/electrum/blame/883f9be7d15cf1aba16895a0848f0d7af99f2ff3/lib/mnemonic.py#L149 [1]: 5e5134b
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.