1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
Return-Path: <peter@coinkite.com>
Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])
by lists.linuxfoundation.org (Postfix) with ESMTP id AFF74C0001
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 6 May 2021 13:01:43 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp1.osuosl.org (Postfix) with ESMTP id AB5FC83B6B
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 6 May 2021 13:01:43 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -0.5
X-Spam-Level:
X-Spam-Status: No, score=-0.5 tagged_above=-999 required=5
tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from smtp1.osuosl.org ([127.0.0.1])
by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id fXay6qNRGqqq
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 6 May 2021 13:01:42 +0000 (UTC)
X-Greylist: delayed 00:05:03 by SQLgrey-1.8.0
Received: from smtp114.ord1d.emailsrvr.com (smtp114.ord1d.emailsrvr.com
[184.106.54.114])
by smtp1.osuosl.org (Postfix) with ESMTPS id 9313183B0D
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 6 May 2021 13:01:42 +0000 (UTC)
X-Auth-ID: peter@coinkite.com
Received: by smtp7.relay.ord1d.emailsrvr.com (Authenticated sender:
peter-AT-coinkite.com) with ESMTPSA id 5C809201E9;
Thu, 6 May 2021 08:56:38 -0400 (EDT)
Date: Thu, 6 May 2021 08:56:37 -0400
From: "Peter D. Gray" <peter@coinkite.com>
To: Tobias Kaupat <Tobias@kaupat-hh.de>
Message-ID: <20210506125637.GF1239@coinkite.com>
Reply-To: Peter Gray <peter@coinkite.com>
References: <CAPyCnfvqVT00C2TZ86GXf856jNJqPXY0duRa1CfdCqC0ecC6xA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature"; boundary="xcivb/T/gnJQjo5J"
Content-Disposition: inline
In-Reply-To: <CAPyCnfvqVT00C2TZ86GXf856jNJqPXY0duRa1CfdCqC0ecC6xA@mail.gmail.com>
Organization: Coinkite Inc. (www.coinkite.com)
X-Classification-ID: 97e1937a-bd19-4d5b-8f99-17a0ab2aadb3-1-1
X-Mailman-Approved-At: Thu, 06 May 2021 15:48:29 +0000
Cc: bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] Encryption of an existing BIP39 mnemonic without
changing the seed
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 06 May 2021 13:01:43 -0000
--xcivb/T/gnJQjo5J
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi Tobias.
The most recent release of Coldcard now offers "Seed XOR" to solve
similar problems. It allows any numbers of standard BIP-39
compatible seed phrases to be bitwise XOR'ed together to make a new seed.
Coldcard can split an existing seed into 2, 3 or 4 new phrases, or
you can take your existing seed phrase, and XOR-in a new seed phrase
to arrive at a new random seed phrase (and wallet).
More details about this feature at: <https://seedxor.com>
Best part is XOR is simple enough that the split or combine operation can
be worked out by hand on paper. (We even made a worksheet for this.)
The checksums on each of the XOR parts protects the final result, and
each "part" is a fully functional decoy wallet.
Hope that helps!
On Wed, May 05, 2021 at 07:32:05PM +0200, Tobias Kaupat wrote:
> Hi all,
> I want to start a discussion about a use case I have and a possible
> solution. I have not found any satisfying solution to this use case yet.
>=20
> *Use case:*
> An existing mnemonic (e.g. for a hardware wallet) should be saved on a
> paper backup in a password encrypted form. The encrypted form should be a
> mnemonic itself to keep all backup properties like error correction.
>=20
> *Suggested solution:*
> 1) Take the existing mnemonic and extract the related entropy
> 2) Create a SHA526 hash (key) from a user defined password
> 3) Use the key as input for an AES CTR (empty IV) to encrypt the entropy
> 4) Derive a new mnemonic from the encrypted entropy to be stored on a pap=
er
> backup
=2E..
> *Existing solutions*
> One solution I found is "Seedshift" which can be found here:
> https://github.com/mifunetoshiro/Seedshift
>=20
> But I consider it less secure and I would like to suggest a solution based
> on provably secure algorithms rather than a "rot23 derivation". Also using
> a date as password seems not very clever to me.
>=20
> Kind regards
> Tobias
---
@DocHEX || Coinkite || PGP: A3A31BAD 5A2A5B10
--xcivb/T/gnJQjo5J
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEERYl3mt/BTzMnU06oo6MbrVoqWxAFAmCT54QACgkQo6MbrVoq
WxDsJAgAn+O9CvNpwES6LtLVUrmekggWGLa9nIonNHYrvf+v0YyJBwF6psplfjTR
p7h47zqszHtAgC1VDCT/Gs0zSzuoXn/jlOde+WkYbAupFbRMCgHBgRmY9iI1SGTT
BkBAGLgYvDH7/20e3WYt5jo2PReUv7TEtNJCHxhvwY1LR+4TntfWmnGb9gNBAlMQ
x6ue6nZLENmrV6mVB6KuCwx6O31QTPlSJJMTWtIIRDQOt36BRSRu+BmPM3IIUQWa
dNcwAmtWoO4zVcby8CyS3A8IgsUf5lk7yqTKJU6+MgDZlEJJUNE4cx/QOL1c2/Ia
hlB80kOOVqeZdsWknsDdOz1INOqKVQ==
=mRFk
-----END PGP SIGNATURE-----
--xcivb/T/gnJQjo5J--
|