Wallet seed is based on BIP39 entropy as opposed to seed

[yeastplume]

Currently, the wallet's seed is being generated directly from BIP39 entropy, whereas it should be being fed through 2048 rounds of PBKDF2 with a password (even if blank). This should be rectified for new wallets (with a simple call to 'to seed'), with a mechanism to ensure older mnemonics can still be used to restore.

[yeastplume]

As discussed in the wallet dev channel, this is unfortunate that we're not properly adhering to the BIP39 spec, but there is no way to migrate wallets to this change without a severe mess. In short:

• Both the entropy and PBKDF2(entropy) are equally valid wallet seeds. If a user were to attempt to restore from a phrase in a wallet that had support for PBKDF2 + Legacy, a restore would need to scan the entire chain for both versions to determine which that particular seed should support. This would become even messier if a user recovered from seed with a phrase, then did a few transactions, then did a further check to find older output.
• There are no particular security benefits to the PBKDF2 version over the entropy (we're not using a BIP39 passphrase)

We do need to document the recovery process somewhere, particularly as it's non standard. I'll open a separate issue for that.