Author: Tobias Kaupat 2021-05-05 17:32:05
Published on: 2021-05-05T17:32:05+00:00
The author of the post is seeking a solution to a use case in which an existing mnemonic must be saved on paper backup in an encrypted form. The suggested solution is to extract the related entropy from the existing mnemonic, create a SHA526 hash key from a user-defined password, use the key as input for an AES CTR (empty IV) to encrypt the entropy, and then derive a new mnemonic from the encrypted entropy to be stored on a paper backup. Hints can be added to the paper backup to make it clear that the mnemonic is encrypted. To restore the original mnemonic, one must know the password and follow the process again. The author provides an example implementation in GoLang, but notes that all encryption parameters are up for discussion and the proposal needs a security review. The author also explains why the existing BIP-39 passphrase cannot be used, as any attempt to add a passphrase to an existing mnemonic without one will result in a different seed and private key. The post concludes with a mention of an existing solution called "Seedshift" but the author considers it less secure and prefers a solution based on provably secure algorithms rather than a "rot23 derivation".
Updated on: 2023-05-21T02:24:05.579653+00:00