Added seed generator to login interface

[ghost]

I believe this wallet desperately needs a default seed generator to prevent attacks from phishers and to make it easier for new users to set up a wallet. This is a very basic implementation of a seed generator located in the login form of the wallet.

Example of attack: https://www.reddit.com/r/Iota/comments/7rgcsz/help_my_iota_about_to_be_stolen/

[avihai-developer]

This is bad idea to generate seed via code
I recommend to let the user create seed like this:

[lra]

This is bad idea to generate seed via code

Why is it bad? It's as bad as suggesting to use /dev/urandom, we just need to use a better implementation, like relying on outside entropy, like any other crypto wallet.

The idea of this PR is great, let's use a better random source.

[avihai-developer]

Because machines can't create real random

[ghost]

By that logic, humans could also not create true randomness.

This implementation uses the Web Cryptography API as a source of entropy, which is considered to be cryptographically secure (which means the random number generation is based on collection of unpredictable data by your system) and is thereby fine to use for seed generation. It is literally nothing different than what the majority of IOTA users already use to generate their seed (as @lra mentioned /dev/urandom). Having this is definitely better than letting users run right into the trap.

Also, I understand the idea of introducing more sources of entropy to the generation like how some seed generators track mouse movement. However, this is not strictly necessary. The random number generation used is unpredictable as is and many widely used cryptographic systems rely on this kind of entropy collection already.

[PVBKXWYUMYTJ]

Народ, я хочу нормальный генератор 256 символов пароля в кошельке , чтобы он создавался автоматически, также адрес автоматически привязывался , и автоматически переключался на актуальный не глючный сервер, а также чтобы я мог запустить ноду в 1 клик, а не мучатся, в биткоин кошельке все сделано нормально, почему у вас кошелек такой немного убогий по юзабельности.

[ouya99]

Had same UI idea with a new button to generate seed, did not want to deal with CSS though. So i have a pull request to just re-add the old seedGen as in version 2.2 of the iota wallet. Why not just do a simple fix , either this pull request or just go back to previous implementation?

[avihai-developer]

@lra @mrlaunchnil
I sorry you right
using window.crypto.getRandomValues to generate seed is secure enough

[lra]

Why not just do a simple fix , either this pull request or just go back to previous implementation?

That's a good question, this is one of the biggest problem of IOTA right now, and it's easy to fix.

No idea why it's not being fixed...