Author: Hugo Nguyen 2021-02-11 19:11:11
Published on: 2021-02-11T19:11:11+00:00
In a discussion on the bitcoin-dev mailing list, Hugo Nguyen shared a scheme where the encryption key is generated by applying SHA256 twice to a token. However, Dmitry Petukhov pointed out that this scheme might be vulnerable to rainbow table attacks. Hugo thanked Dmitry for pointing out the vulnerability and suggested using a key derivation function designed for passwords like PBKDF2 instead of SHA256. But this would add another code dependency for vendors if their device firmware does not already have the required key derivation function. Hugo then proposed using BIP32 seed words list to generate the encryption key instead. The encryption key could be just six words, but it would be derived the same way as BIP39 which also uses PBKDF2 as a key derivation function. All hardware wallets should have this functionality already. However, there could be potential confusion between entering the main key and entering the shared key for multisig setup. Therefore, the approaches can be combined by specifying a key derivation function suitable for passwords and sharing a password and/or the derived key via a secure channel. If the hardware wallet supports the derivation function, it can derive the key from the password. Otherwise, the key can be entered raw or via mnemonic.
Updated on: 2023-06-14T17:30:57.371861+00:00