Published on: 2021-05-08T22:49:01+00:00
In a recent post on the bitcoin-dev mailing list, Tobias Kaupat introduced a proposed solution for a use case involving the protection of an existing mnemonic for a hardware wallet. The objective is to save the mnemonic in an encrypted form on a paper backup while maintaining backup properties such as error correction.Kaupat's solution involves several steps. First, the existing mnemonic is used to extract the related entropy. Then, a SHA526 hash is created from a user-defined password, which serves as the key for an AES CTR encryption of the entropy. The encrypted entropy is then used to derive a new mnemonic that can be stored on a paper backup. To restore the original mnemonic, one must know the password and repeat the process.During the discussion, Erik Aronesty suggested stretching the password using pbkdf2 or argon2 with around 30k rounds before hashing it. Kaupat agreed with this suggestion, particularly favoring pbkdf2 since it is already used in the BIP39 specification. He also expressed his preference for solutions based on provably secure algorithms rather than less secure "rot23 derivations" like Seedshift.The proposal put forth by Kaupat requires a security review, and he welcomes feedback and suggestions from the community. He has provided a GoLang implementation of his proposal on GitHub for reference.In addition to Kaupat's proposal, the post mentions another feature called "Seed XOR" offered by Coldcard release. This feature allows multiple standard BIP-39 seed phrases to be bitwise XOR'ed together, creating a new seed. It enables the splitting of an existing seed into multiple phrases or combining an existing seed phrase with a new one to generate a new random seed phrase and wallet. The XOR process can be done manually on paper, and each resulting part has its own checksum and functions as a decoy wallet.Overall, Kaupat's proposal presents a solution for securely encrypting and storing an existing mnemonic on a paper backup, while the Seed XOR feature provides an alternative method for manipulating seed phrases. Both proposals aim to address different use cases and security concerns within the bitcoin-dev community.
Updated on: 2023-08-02T03:44:04.962378+00:00