From 569a3b4fab68a61db8c0e6f2362728dd5850c3f5 Mon Sep 17 00:00:00 2001
From: ThomasV <thomasv@electrum.org>
Date: Thu, 22 Sep 2016 14:37:08 +0200
Subject: [PATCH] make sure seed last word is uniformly distributed. count
 prefix length as entropy

---
 lib/mnemonic.py | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/lib/mnemonic.py b/lib/mnemonic.py
index 4ead59ba6..8e0f788af 100644
--- a/lib/mnemonic.py
+++ b/lib/mnemonic.py
@@ -160,13 +160,14 @@ class Mnemonic(object):
         return i % custom_entropy == 0
 
     def make_seed(self, num_bits=128, prefix=version.SEED_PREFIX, custom_entropy=1):
-        n = int(math.ceil(math.log(custom_entropy,2)))
-        # bits of entropy used by the prefix
-        k = len(prefix)*4
-        # we add at least 16 bits
-        n_added = max(16, k + num_bits - n)
-        print_error("make_seed", prefix, "adding %d bits"%n_added)
-        my_entropy = ecdsa.util.randrange( pow(2, n_added) )
+        # increase num_bits in order to obtain a uniform distibution for the last word
+        bpw = math.log(len(self.wordlist), 2)
+        num_bits = int(math.ceil(num_bits/bpw)) * bpw
+        # handle custom entropy; make sure we add at least 16 bits
+        n_custom = int(math.ceil(math.log(custom_entropy, 2)))
+        n = max(16, num_bits - n_custom)
+        print_error("make_seed", prefix, "adding %d bits"%n)
+        my_entropy = ecdsa.util.randrange(pow(2, n))
         nonce = 0
         while True:
             nonce += 1