no seed phrase validation when generating key

near / near-cli

General purpose command line tools for interacting with NEAR Protocol

https://docs.near.org

MIT License

193 stars 92 forks source link

no seed phrase validation when generating key #915

Closed hanakannzashi closed 1 year ago

hanakannzashi commented 2 years ago

Describe the bug why invalid phrase can alse generate key-pair?

![test](https://user-images.githubusercontent.com/95295094/149619177-3527ccd2-7f22-4cad-9c10-7fe3af8dd592.png)

think-in-universe commented 2 years ago

this seems to be an issue to me. should we validate a given BIP319 seed phrase before generating keys with it?

@thisisjoshford @volovyk-s

volovyks commented 2 years ago

I'm not sure if we should restrict such a possibility. I have heard several times that people are generating keys from the non-standard set of words or even a single word/string. For example Crossword Puzzle.

think-in-universe commented 2 years ago

I agree. I don't think it's a severe issue considering CLI is for developers.

@hanakannzashi do you have any use cases that may bring security concerns?