Author: Erik Aronesty 2021-05-06 13:19:31
Published on: 2021-05-06T13:19:31+00:00
In a bitcoin-dev mailing list, Tobias Kaupat started a discussion about a use case and a possible solution. The use case involves saving an existing mnemonic for a hardware wallet on a paper backup in a password-encrypted form. The suggested solution consists of taking the existing mnemonic, extracting the related entropy, creating a SHA526 hash (key) from a user-defined password, using the key as input for an AES CTR to encrypt the entropy, and deriving a new mnemonic from the encrypted entropy to be stored on a paper backup. The proposal needs a security review, and all encryption parameters are up for discussion. Existing solutions like "Seedshift" were found but considered less secure than the proposed solution. The proposal uses provably secure algorithms instead of a "rot23 derivation," which is less secure. It is recommended to stretch the password with pbkdf2 or argon2 with 30k rounds to validate these seeds easily. The original mnemonic can be restored by following the process again with the correct password. The email also includes a link to an example implementation in GoLang.
Updated on: 2023-06-14T20:41:02.332606+00:00