Reposting a thread from my buddy @SPA which he just shared on Twitter here:
https://twitter.com/superphatarrow/status/1687445412909645824
In RHR rip #264 https://twitter.com/rabbitholerecap/status/1687165706222313473, at about 1h27 @ODELL mentions to @MartyBent that someone is going for the @HRF @BorderWallets Bounty by removing the entropy grid. I am not sure if Matt is still referring to @stack_wallet at this point or if it is some other wallet team.
We called the grid the entropy grid because that is where the seed entropy comes from. There is no entropy in the pattern because there is no randomness in the pattern. The pattern is picked by the user to be easy to remember.
Matt mentions that the team's rationale is that this is OK for a short time it takes to cross a border.
No, it's not and people will lose funds if everyone that uses this version is sharing the same default wallet grid.
I guarantee it.
Humans are terrible at randomness and there will be a list of most common patterns, just as there is lists of most common passwords each year.
An attacker can generate millions of the most common patterns and generate addresses from them to look for in the UTXO set
As soon as one of them turns up, it can automatically be swept to the attacker's wallet
Please don't make a 0-entropy wallet.