Author: Thomas Voegtlin 2013-10-31 09:13:43
Published on: 2013-10-31T09:13:43+00:00
The writer wants to include a version number in the seed phrase because there are multiple ways to define the tree structure used with BIP32, and it is too early to make final decisions on that or achieve a common standard. Encapsulating a version number in the seed phrase might not be important for other wallets as it is for Electrum. The writer will implement it for Electrum in such a way that other wallets can use the same format. Strengthening the proposal might not be necessary for Electrum because it does not let the user choose their seed phrase. However, if a few bits of the seed phrase are allocated for metadata, then strengthening can be part of it. The writer agrees with Pieter Wuille that they need to agree on what they are solving first before standardizing on something like encoding the tree structure inside the seed. Information about the wallet structure is less secret than key data and can be backed up anywhere without any repercussions. In the case of Electrum, there is a strong reason to want this encapsulated together with the seed, but it's not really a requirement for most wallets. Any key derivation scheme that starts from random strings can be augmented with metadata by enforcing property-bits on a hash of the string. Regarding other requirements, the writer wonders why they want the transformation to be bidirectional. If it is just about generating master seeds, one direction should be enough, and allows far nicer properties with security. If they settle on a standard for 'brainwallets', the writer would prefer if it had at least some strengthening built-in to decrease the impact of worst-case situations. If the reason is backward-compatibility, any client that supports seeds already can keep supporting whatever they supported before. Only if it matches both encoding schemes, there is a potential collision, and in that case, the user could just be asked.
Updated on: 2023-06-07T18:21:27.614819+00:00