📅 Original date posted:2021-05-06 📝 Original message:Hi Tobias. The most recent ...

Why Nostr? What is Njump?

Peter D. Gray [ARCHIVE] /

npub10v…t058y

2023-06-07 22:52:28

in reply to nevent1q…6hs7

📅 Original date posted:2021-05-06
📝 Original message:Hi Tobias.

The most recent release of Coldcard now offers "Seed XOR" to solve
similar problems. It allows any numbers of standard BIP-39
compatible seed phrases to be bitwise XOR'ed together to make a new seed.

Coldcard can split an existing seed into 2, 3 or 4 new phrases, or
you can take your existing seed phrase, and XOR-in a new seed phrase
to arrive at a new random seed phrase (and wallet).

More details about this feature at: <https://seedxor.com>;

Best part is XOR is simple enough that the split or combine operation can
be worked out by hand on paper. (We even made a worksheet for this.)
The checksums on each of the XOR parts protects the final result, and
each "part" is a fully functional decoy wallet.

Hope that helps!

On Wed, May 05, 2021 at 07:32:05PM +0200, Tobias Kaupat wrote:
> Hi all,
> I want to start a discussion about a use case I have and a possible
> solution. I have not found any satisfying solution to this use case yet.
>
> *Use case:*
> An existing mnemonic (e.g. for a hardware wallet) should be saved on a
> paper backup in a password encrypted form. The encrypted form should be a
> mnemonic itself to keep all backup properties like error correction.
>
> *Suggested solution:*
> 1) Take the existing mnemonic and extract the related entropy
> 2) Create a SHA526 hash (key) from a user defined password
> 3) Use the key as input for an AES CTR (empty IV) to encrypt the entropy
> 4) Derive a new mnemonic from the encrypted entropy to be stored on a paper
> backup
...
> *Existing solutions*
> One solution I found is "Seedshift" which can be found here:
> https://github.com/mifunetoshiro/Seedshift
>
> But I consider it less secure and I would like to suggest a solution based
> on provably secure algorithms rather than a "rot23 derivation". Also using
> a date as password seems not very clever to me.
>
> Kind regards
> Tobias

---
@DocHEX || Coinkite || PGP: A3A31BAD 5A2A5B10

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20210506/a6b3fc68/attachment.sig>;

Author Public Key

npub10vqyu8x3f0lfttk98xc28ppuyufaz4df8x4aspa9w9xz5z05snzq7t058y

Show more details

Published at

2023-06-07 22:52:28

Kind type

1 Short Text Note

Event JSON

{ "id": "d2d5c75246e718e3e0d548a1d9843bcf1e05d6570cb5d7cfcf0453fc029ba113", "pubkey": "7b004e1cd14bfe95aec539b0a3843c2713d155a939abd807a5714c2a09f484c4", "created_at": 1686178348, "kind": 1, "tags": [ [ "e", "e11519c341ac153b44c66b1b04fa38247862a9f7c423be70a3fb8c9280689f6f", "", "root" ], [ "e", "6fbe96f00cc7f3911250e507c1a5dad847e2adc07c7f1489cb88a76fc21aee21", "", "reply" ], [ "p", "fbc0dc09eada05ffa5a564b38ccb327361123c79ebc02db66c2040a487cd8141" ] ], "content": "📅 Original date posted:2021-05-06\n📝 Original message:Hi Tobias.\n\nThe most recent release of Coldcard now offers \"Seed XOR\" to solve\nsimilar problems. It allows any numbers of standard BIP-39\ncompatible seed phrases to be bitwise XOR'ed together to make a new seed.\n\nColdcard can split an existing seed into 2, 3 or 4 new phrases, or\nyou can take your existing seed phrase, and XOR-in a new seed phrase\nto arrive at a new random seed phrase (and wallet).\n\nMore details about this feature at: \u003chttps://seedxor.com\u003e\n\nBest part is XOR is simple enough that the split or combine operation can\nbe worked out by hand on paper. (We even made a worksheet for this.)\nThe checksums on each of the XOR parts protects the final result, and\neach \"part\" is a fully functional decoy wallet.\n\nHope that helps!\n\nOn Wed, May 05, 2021 at 07:32:05PM +0200, Tobias Kaupat wrote:\n\u003e Hi all,\n\u003e I want to start a discussion about a use case I have and a possible\n\u003e solution. I have not found any satisfying solution to this use case yet.\n\u003e \n\u003e *Use case:*\n\u003e An existing mnemonic (e.g. for a hardware wallet) should be saved on a\n\u003e paper backup in a password encrypted form. The encrypted form should be a\n\u003e mnemonic itself to keep all backup properties like error correction.\n\u003e \n\u003e *Suggested solution:*\n\u003e 1) Take the existing mnemonic and extract the related entropy\n\u003e 2) Create a SHA526 hash (key) from a user defined password\n\u003e 3) Use the key as input for an AES CTR (empty IV) to encrypt the entropy\n\u003e 4) Derive a new mnemonic from the encrypted entropy to be stored on a paper\n\u003e backup\n...\n\u003e *Existing solutions*\n\u003e One solution I found is \"Seedshift\" which can be found here:\n\u003e https://github.com/mifunetoshiro/Seedshift\n\u003e \n\u003e But I consider it less secure and I would like to suggest a solution based\n\u003e on provably secure algorithms rather than a \"rot23 derivation\". Also using\n\u003e a date as password seems not very clever to me.\n\u003e \n\u003e Kind regards\n\u003e Tobias\n\n---\n@DocHEX || Coinkite || PGP: A3A31BAD 5A2A5B10\n\n-------------- next part --------------\nA non-text attachment was scrubbed...\nName: signature.asc\nType: application/pgp-signature\nSize: 488 bytes\nDesc: not available\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20210506/a6b3fc68/attachment.sig\u003e", "sig": "be1c957abf1c2305c4d25568ad2aa3797554a0ed59853df4f507427c4c679650fa9b57997361dda49b1f3eabbd345716a45459645c42796757e1ffac63b517d6" }