Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Recovery phrase verification should use randomized word indices #24683

Closed
josheleonard opened this issue Aug 15, 2022 · 1 comment · Fixed by brave/brave-core#14633
Closed

Recovery phrase verification should use randomized word indices #24683

josheleonard opened this issue Aug 15, 2022 · 1 comment · Fixed by brave/brave-core#14633
Assignees
@josheleonard
Labels
feature/web3/wallet Integrating Ethereum+ wallet support front-end-change This task is a front end task and doesn't need any C++ changes onboarding Front-end related to helping a new user learn about features within the browser. OS/Desktop priority/P3 The next thing for us to work on. It'll ride the trains. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/include security
Milestone
1.44.x - Release

Comments

@josheleonard
Copy link

josheleonard commented Aug 15, 2022
edited
Loading

Description

brave/brave-core#13146 (comment)
When creating a new wallet during onboarding, the user is always asked to verify the first, third, and last words of their recovery phase.
We should randomize these words to deter users from not properly backing-up their recovery phrase

Steps to Reproduce

  1. Reset Wallet
  2. Create New Wallet
  3. Continue to the Verify recovery phrase onboarding step

Actual result:

The user is only ever asked to verify the first, third and last words of their recovery phrase

Expected result:

The user is asked to verify 3 randomly selected words from their recovery phrase

cc @kdenhartog
@josheleonard josheleonard added QA/Yes release-notes/include onboarding Front-end related to helping a new user learn about features within the browser. OS/Desktop front-end-change This task is a front end task and doesn't need any C++ changes labels Aug 15, 2022
@josheleonard josheleonard added this to the 1.44.x - Nightly milestone Aug 15, 2022
@josheleonard josheleonard self-assigned this Aug 15, 2022
This was referenced Aug 15, 2022
Merged
Merged
@rebron rebron added the feature/web3/wallet Integrating Ethereum+ wallet support label Aug 17, 2022
@jamesmudgett jamesmudgett moved this to In Progress in Web3 Aug 19, 2022
Repository owner moved this from In Progress to Done in Web3 Aug 22, 2022
@srirambv
Copy link
Contributor

Verification passed on

Brave 1.44.95 Chromium: 106.0.5249.40 (Official Build) (64-bit)
Revision fab1d91915d2722d6339aaa7f4e9ce44f1e9b103-refs/branch-heads/5249@{#442}
OS Linux
  • Verified steps from brave/brave-core#14633
  • Verified recovery phrase verification has randomized word indices for each wallet creation
24683-Linux.mp4

Verification passed on

Brave 1.44.95 Chromium: 106.0.5249.40 (Official Build) (64-bit)
Revision fab1d91915d2722d6339aaa7f4e9ce44f1e9b103-refs/branch-heads/5249@{#442}
OS Windows 11 Version 21H2 (Build 22000.978)
  • Verified steps from brave/brave-core#14633
  • Verified recovery phrase verification has randomized word indices for each wallet creation
24683-Windows.mp4

Verification passed on

Brave 1.44.95 Chromium: 106.0.5249.40 (Official Build) (arm64)
Revision fab1d91915d2722d6339aaa7f4e9ce44f1e9b103-refs/branch-heads/5249@{#442}
OS macOS Version 12.4 (Build 21F79)
  • Verified steps from brave/brave-core#14633
  • Verified recovery phrase verification has randomized word indices for each wallet creation
24683-macOS.mov

@kjozwiak kjozwiak mentioned this issue Sep 27, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@josheleonard josheleonard

Labels
feature/web3/wallet Integrating Ethereum+ wallet support front-end-change This task is a front end task and doesn't need any C++ changes onboarding Front-end related to helping a new user learn about features within the browser. OS/Desktop priority/P3 The next thing for us to work on. It'll ride the trains. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/include security
Projects
Web3
Archived in project
Milestone
1.44.x - Release
Development

Successfully merging a pull request may close this issue.

feat: randomize phrase word indices to verify brave/brave-core
3 participants
@rebron @srirambv @josheleonard