Author: Tobias Kaupat 2021-05-06 14:10:31
Published on: 2021-05-06T14:10:31+00:00
In a bitcoin-dev mailing list, Tobias Kaupat suggested a solution for a use case where an existing mnemonic (for a hardware wallet) should be saved on a paper backup in a password-encrypted form. The encrypted form should be a mnemonic itself to keep all backup properties like error correction. The proposed solution included taking the existing mnemonic and extracting the related entropy, creating a SHA526 hash (key) from a user-defined password, using the key as input for an AES CTR (empty IV) to encrypt the entropy, and deriving a new mnemonic from the encrypted entropy to be stored on a paper backup. To restore the original mnemonic, one must know the password and follow the process above again. Erik Aronesty suggested stretching the password with pbkdf2 or argon2 with like 30k rounds first rather than just hashing it. Tobias agreed that PDKDF2 makes sense since it is already used in BIP39.
Updated on: 2023-06-14T20:40:37.053842+00:00