Electrum uses a verification system for seeds, I am interested in the standard wallet only now.
It has:
def is_new_seed(x, prefix=version.SEED_PREFIX):
import mnemonic
x = mnemonic.normalize_text(x)
s = hmac_sha_512("Seed version", x.encode('utf8')).encode('hex')
return s.startswith(prefix)
Which basically after generating a random number of N entropy, check the seed for the new version seed, which is a SHA512 encoded seed with the phrase "Seed version", and which must start with "01"
For example:
015a2cb3e1eb920445455c380f4fdd026f17bd18e3ab06ecd7fda65e5340cebf955c228eaa88ff997a70a6172cd3960c3e237b462e6d2a61f259b5955a5cf510
It generates the following seed:
shaft dizzy alarm core deposit mandate off mixed cover size refuse protect
Now this procedure probably means an entropy loss, since we are shrinking down the haystack in order to find an output that starts with 01, which means that the first character of that string is fixed not random.
How much entropy does the seed lose by performing this versioning system on it?