9s in the end of seed is not significant, possible different seed with same wallet address

[dikylung]

Prerequisites

If you are not suggesting a feature, you must be able to check all of the following (place an x inside the brackets to check the box). If you cannot check all of the boxes, this issue should not be reported on GitHub as it is not a bug:

• [x] I confirm that this is an issue with the IOTA Wallet and not an exchange
• [x] I confirm that this is an issue with the wallet, not IRI
• [x] For pending transactions: I confirm that I have tried reattaching and promoting multiple times (check this box if your issue is not related to a pending transaction)
• [x] I confirm that this is not an issue related to stolen/lost funds
• [x] For private key warnings: I confirm that I am not at risk of reusing an address, or another user has verified that I am not (check this box if your issue is not related to a private key reuse)
• [x] I confirm that this issue is present on the latest version of the wallet

Description

I just downloaded the latest Linux Ubuntu IOTA wallet with (.deb file and confirm the SHA256 SUM), and I'm trying to generate a new wallet for testing.

SEED 1: THISISJUSTASUPPOSETOBERANDOMSEEDFORIOTA999999999999999999999 (20x 9s in the end) and it produce this recv address (attached to tangle): NV9MUUQFAO9VRYHT9OBSTUQPILCULPSGUTOQC9LKMR9CCRMCJVKXAGABARCHVJOZOMOPDVMUMLWYHCKIYSAVEGJTLB

SEED 2: THISISJUSTASUPPOSETOBERANDOMSEEDFORIOTA9999999999999999999999 (21x 9s in the end, extra one 9 than SEED 1) and it produce this recv address (not attached to tangle yet): PTIJUQEIPBRGBBAENPRCODAQALMQIPMRTAX9HTRDFNMCDYKC9JYNTYUMSUU9JGGHMYLYYRNPCPENK9RSWBXSHS9ONZ

However with SEED 2, I can see address NV9MUUQFAO9VRYHT9OBSTUQPILCULPSGUTOQC9LKMR9CCRMCJVKXAGABARCHVJOZOMOPDVMUMLWYHCKIYSAVEGJTLB on the history part.

Steps to Reproduce

1. Login with SEED 1, and attach address to tangle.
2. Login with SEED 2, and check history at bottom of wallet.

Expected behavior: SEED 1 and SEED 2 produce 2 different wallet/private keys, thus logging in with SEED 2 doesn't show SEED 1 address/history.

Actual behavior: Login with SEED 2 can see SEED 1 history/address

Versions

Ubuntu 16.04 LTS IOTA Light Wallet 2.5.6 - IRI 1.4.1.6

[shufps]

Oh, good to know ...

I think (and I'm quite sure) it's about the trinary number system. It is not binary coded - a trit does have 3 "levels". And for a character set of 27 charaters (9A-Z) a character needs 3 trits.

Unfortunately 9 is equal to zero (000) and I look into the source code. When the seed is smaller than 81 characters it basically gets filled with zeros - that is aquivalent with appending 9s. As many as you want - it doesn't change the seed.

[shufps]

Confirmation:

while ((seed.length % 243) !== 0) { seed.push(0); }

243 bit does a trinary character-string with length of 81 need ...

[dikylung]

thanks for the confirm, I think there should be a check or warning to people entering 9 at the end is considered blank or null.

Or better, restrict of using 9's in the end of the seed at all, and reject the seed with less than X characters.