Open juped opened 5 years ago
I've just gotten around to looking into this. I believe the rationale here is that the network seed is derived from the 256-bit management seed in the Urbit HD wallet -- the management seed is a BIP39 mnemonic, thus can encode a maximum of 256 bits of entropy.
There's actually no reason we need to enforce 256-bit seeds here, and in fact I think we shouldn't. "Advanced" users, i.e. those not using the HD wallet, should be free to use higher-entropy seeds.
Yeah the above all makes sense to me
for its two distinct 256-bit (32-byte) keys, but we're taking 256-bit (32 byte) manually entered seeds to generate both here, weakening the keyspace
i think it's still safe at that entropy level, so not a security issue. it's been a while and i'm out of touch, though, so take everything i say with a grain of salt