Merge pull request #6001 from SomberNight/20200228_make_seed_not_bip39

mnemonic: make sure newly generated seeds are not valid as bip39

electrum/keystore.py

@@ -877,13 +877,18 @@ def bip39_to_seed(mnemonic, passphrase):
         b'mnemonic' + passphrase.encode('utf-8'), iterations = PBKDF2_ROUNDS)
 
 
-def bip39_is_checksum_valid(mnemonic: str) -> Tuple[bool, bool]:
+def bip39_is_checksum_valid(
+        mnemonic: str,
+        *,
+        wordlist: Wordlist = None,
+) -> Tuple[bool, bool]:
     """Test checksum of bip39 mnemonic assuming English wordlist.
     Returns tuple (is_checksum_valid, is_wordlist_valid)
     """
     words = [normalize('NFKD', word) for word in mnemonic.split()]
     words_len = len(words)
-    wordlist = Wordlist.from_file("english.txt")
+    if wordlist is None:
+        wordlist = Wordlist.from_file("english.txt")
     n = len(wordlist)
     i = 0
     words.reverse()

electrum/mnemonic.py

@@ -188,6 +188,7 @@ class Mnemonic(Logger):
         return i
 
     def make_seed(self, *, seed_type=None, num_bits=None) -> str:
+        from .keystore import bip39_is_checksum_valid
         if seed_type is None:
             seed_type = 'segwit'
         if num_bits is None:
@@ -210,6 +211,11 @@ class Mnemonic(Logger):
                 raise Exception('Cannot extract same entropy from mnemonic!')
             if is_old_seed(seed):
                 continue
+            # Make sure the mnemonic we generate is not also a valid bip39 seed
+            # by accident. Note that this test has not always been done historically,
+            # so it cannot be relied upon.
+            if bip39_is_checksum_valid(seed, wordlist=self.wordlist) == (True, True):
+                continue
             if is_new_seed(seed, prefix):
                 break
         self.logger.info(f'{len(seed.split())} words')