Implement tranformation from mnemonic phrase to seed

[sobuch]

No description provided.

[mvondracek]

We need to test program behaviour when mnemonic isn't valid UTF-8. #21 (comment)

[mvondracek]

Please add validation of user's password.

salt should be about 16 or more bytes
https://docs.python.org/3.7/library/hashlib.html#hashlib.pbkdf2_hmac

PA193_mnemonic_Slytherin/PA193_mnemonic_Slytherin/mnemonic.py

Lines 24 to 35 in 9907977

	def _generate_seed(mnemonic: str, seed_password: str = '') -> bytes:
	"""Generate seed from provided mnemonic phrase.
	Seed can be protected by password. If a seed should not be protected, the password is treated as `''`
	(empty string) by default.
	:rtype: bytes
	:return: Seed
	"""
	# the encoding of both inputs should be UTF-8 NFKD
	mnemonic = mnemonic.encode() # encoding string into bytes, UTF-8 by default
	passphrase = "mnemonic" + seed_password
	passphrase = passphrase.encode()
	return pbkdf2_hmac('sha512', mnemonic, passphrase, PBKDF2_ROUNDS, SEED_LEN)

PA193_mnemonic_Slytherin/PA193_mnemonic_Slytherin/mnemonic.py

Line 33 in 9907977

passphrase = "mnemonic" + seed_password

passphrase is used as salt.

seed_password should be at least 8 bytes long, otherwise raise instance of ValueError.

[lsolodkova]

salt should be about 16 or more bytes

Funny, but BIP-39 specification allows empty passwords.

If a passphrase is not present, an empty string "" is used instead.

Anyway, it's up to you, one more line of code isn't a problem.

[mvondracek]

I didn't check BIP-39, sorry. Thanks for info. Validation of passwrod is not needed as we should stick to the standard. :)

[mvondracek]

Related: #29

[mvondracek]

Concerning #29, what if we limit maximum password length to... let say 256 UTF-8 characters?

[lsolodkova]

It happens that for Latin (in particular, English) phrases all is fine; for Japanese (and other non-Latin), though, we have problems. Added some tests in 7310479.

what if we limit

If I don't see the code, I don't know how to break it. Btw, who must check the length of the password?

[mvondracek]

@lsolodkova , @sobuch

During today's lecture, some students asked if they can use PBKDF2 from standard library of Go and from standard library of Java, doc. Švenda told them they cannot -- they have to implement it and they can use only functions for hashes. So I told him that I explicitly asked about Python's PBKDF2 after previous lecture and that it was accepted. The result is there was some misunderstanding and we have to implement PBKDF2. We talked about it and it makes sense, because teams working in pure C would have great disadvantage.

Seed generation has to be implemented without hashlib.pbkdf2_hmac, just with hashing functions. It's _generate_seed or Mnemonic.toSeed depending on when #36 gets merged.

Related: #16

[lsolodkova]

depending on when #36 gets merged.

Should I work on that now or wait for #36 ?

[sobuch]

you could review #36 and then we can merge it :)

[mvondracek]

@lsolodkova #36 is already merged. Please have a look at the seed generation.

I also updated branch fix-_generate_seed_invalid-password-too-long from dev and fixed conflicts. Please keep in mind bug #29 when you implement PBKDF2 and set some reasonable limit for password.

[mvondracek]

#42 (comment)

[mvondracek]

I think this can be closed, what about you, @lsolodkova?

[lsolodkova]

Of course. Looking forward to any bugs and issues:)