Return-Path: Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id AFF74C0001 for ; Thu, 6 May 2021 13:01:43 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id AB5FC83B6B for ; Thu, 6 May 2021 13:01:43 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -0.5 X-Spam-Level: X-Spam-Status: No, score=-0.5 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fXay6qNRGqqq for ; Thu, 6 May 2021 13:01:42 +0000 (UTC) X-Greylist: delayed 00:05:03 by SQLgrey-1.8.0 Received: from smtp114.ord1d.emailsrvr.com (smtp114.ord1d.emailsrvr.com [184.106.54.114]) by smtp1.osuosl.org (Postfix) with ESMTPS id 9313183B0D for ; Thu, 6 May 2021 13:01:42 +0000 (UTC) X-Auth-ID: peter@coinkite.com Received: by smtp7.relay.ord1d.emailsrvr.com (Authenticated sender: peter-AT-coinkite.com) with ESMTPSA id 5C809201E9; Thu, 6 May 2021 08:56:38 -0400 (EDT) Date: Thu, 6 May 2021 08:56:37 -0400 From: "Peter D. Gray" To: Tobias Kaupat Message-ID: <20210506125637.GF1239@coinkite.com> Reply-To: Peter Gray References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="xcivb/T/gnJQjo5J" Content-Disposition: inline In-Reply-To: Organization: Coinkite Inc. (www.coinkite.com) X-Classification-ID: 97e1937a-bd19-4d5b-8f99-17a0ab2aadb3-1-1 X-Mailman-Approved-At: Thu, 06 May 2021 15:48:29 +0000 Cc: bitcoin-dev@lists.linuxfoundation.org Subject: Re: [bitcoin-dev] Encryption of an existing BIP39 mnemonic without changing the seed X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 May 2021 13:01:43 -0000 --xcivb/T/gnJQjo5J Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Tobias. The most recent release of Coldcard now offers "Seed XOR" to solve similar problems. It allows any numbers of standard BIP-39 compatible seed phrases to be bitwise XOR'ed together to make a new seed. Coldcard can split an existing seed into 2, 3 or 4 new phrases, or you can take your existing seed phrase, and XOR-in a new seed phrase to arrive at a new random seed phrase (and wallet). More details about this feature at: Best part is XOR is simple enough that the split or combine operation can be worked out by hand on paper. (We even made a worksheet for this.) The checksums on each of the XOR parts protects the final result, and each "part" is a fully functional decoy wallet. Hope that helps! On Wed, May 05, 2021 at 07:32:05PM +0200, Tobias Kaupat wrote: > Hi all, > I want to start a discussion about a use case I have and a possible > solution. I have not found any satisfying solution to this use case yet. >=20 > *Use case:* > An existing mnemonic (e.g. for a hardware wallet) should be saved on a > paper backup in a password encrypted form. The encrypted form should be a > mnemonic itself to keep all backup properties like error correction. >=20 > *Suggested solution:* > 1) Take the existing mnemonic and extract the related entropy > 2) Create a SHA526 hash (key) from a user defined password > 3) Use the key as input for an AES CTR (empty IV) to encrypt the entropy > 4) Derive a new mnemonic from the encrypted entropy to be stored on a pap= er > backup =2E.. > *Existing solutions* > One solution I found is "Seedshift" which can be found here: > https://github.com/mifunetoshiro/Seedshift >=20 > But I consider it less secure and I would like to suggest a solution based > on provably secure algorithms rather than a "rot23 derivation". Also using > a date as password seems not very clever to me. >=20 > Kind regards > Tobias --- @DocHEX || Coinkite || PGP: A3A31BAD 5A2A5B10 --xcivb/T/gnJQjo5J Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEERYl3mt/BTzMnU06oo6MbrVoqWxAFAmCT54QACgkQo6MbrVoq WxDsJAgAn+O9CvNpwES6LtLVUrmekggWGLa9nIonNHYrvf+v0YyJBwF6psplfjTR p7h47zqszHtAgC1VDCT/Gs0zSzuoXn/jlOde+WkYbAupFbRMCgHBgRmY9iI1SGTT BkBAGLgYvDH7/20e3WYt5jo2PReUv7TEtNJCHxhvwY1LR+4TntfWmnGb9gNBAlMQ x6ue6nZLENmrV6mVB6KuCwx6O31QTPlSJJMTWtIIRDQOt36BRSRu+BmPM3IIUQWa dNcwAmtWoO4zVcby8CyS3A8IgsUf5lk7yqTKJU6+MgDZlEJJUNE4cx/QOL1c2/Ia hlB80kOOVqeZdsWknsDdOz1INOqKVQ== =mRFk -----END PGP SIGNATURE----- --xcivb/T/gnJQjo5J--