iancoleman / bip39

A web tool for converting BIP39 mnemonic codes
https://iancoleman.io/bip39/
MIT License
3.6k stars 1.46k forks source link

Alternatives to the getCryptoRandom command for sourcing entropy #250

Open hatgit opened 6 years ago

hatgit commented 6 years ago

I was curious regarding the security risks of relying on entropy generated by the getRandomValue command, for those who use the BIP39 tool without supplying their own entropy (advanced function), as the W3 specification states that applications that use this Javascript API have records of the raw data. Does that mean that only this bip39 tool retains said info locally (and if used offline), where there is no counterparty on the other side of the API?

Would it be feasible to add another option for entropy generation such as the secrets module supplied by Python and in combination with some local python server that would run when the BIP39 tool is used in standalone format offline?

iancoleman commented 6 years ago

I think the key phrase in the W3 spec is "all messages exchanged" which this tool does not exchange any messages.

Would it be feasible to add another option for entropy generation

Yes feasible but why not just take the entropy from the external source and manually put it in the entropy field in this tool? This way all outgoing communications from this tool is explicitly avoided which is a far safer modus operandi.

hatgit commented 6 years ago

Thanks for pointing out the key part of the W3 spec. Regarding adding additional options beyond the default one that is used, I think adding more algorithms to generate the initial entropy would only enhance the tool when used on a standalone basis - and not meant to replace the option for users to supply their own entropy - as that should exist too. I guess I was imagining that when loading the tool you could have another option to choose the default algo to use to generate entropy, where getRandomValue was the default one, and a few others available too. Adding this as a source: https://github.com/w3c/webcrypto/blob/master/spec/Overview-WebCryptoAPI.xml Adding another source that I've seen used in a crypto hardwallet: https://docs.oracle.com/javase/8/docs/api/java/security/SecureRandom.html