bip39 icon indicating copy to clipboard operation
bip39 copied to clipboard

Published 20 hours ago verified publisher icon iancoleman

Entropy should work with more character sets

Open iancoleman opened this issue 7 years ago • 4 comments

Entropy should be able to source from the following character sets:

  • lowercase [a-z]
  • uppercase [A-Z]
  • alphabetic [a-zA-Z]
  • alphanumeric [a-zA-Z0-9]
  • alphasymbolic [a-zA-Z0-9 + ascii7 symbols]

This means keyboard mashing will seem a lot more effective, but I think the current technique of filtering keyboard mashing to only hex characters is worse than using the full alphabet.

iancoleman avatar Jun 20 '17 01:06 iancoleman

I have been looking for a way to obfuscate if not securely encrypt my cryptosteel backed up mnemonics, rather than storing in cleartext, in case someone finds them, recognizes what they are, e.g. a fireman after the house burns down.

One path has been this idea https://github.com/iancoleman/bip39/issues/183#issuecomment-427062789

Using the cleartext mnemonic as input to some conversion to a hex string that then gets fed as entropy into this tool, to generate a different mnemonic and thus the actual wallet restore seed.

It would be a convenient shortcut to simply accept a valid mnemonic and only a valid mnemonic in the custom entropy field.

It should only generate a new mnenomic of the same length as the one input.

It should NOT (IMO) allow arbitrary brainwallet-type input text. But in either case, a big scary pop-up along the lines "DO NOT use words YOU have selected, only those generated by true entropy at random. Are you SURE these words are RANDOMLY generated?"

Note that I also plan to have a 12-word high entropy mnemonic, stored on cryptosteel hidden in a separate location for use as the BIP39 passphrase.

...

Suggestions welcome for another "standard" way to turn a mnemonic input into a deterministic hex output, 12-word to 32char, 24-word to 64char.

hansbkk avatar Mar 28 '22 05:03 hansbkk

Instead of coming up with these clever obfuscation techniques, have you considered splitting your secret and not putting all your eggs in the same basket?

  • https://github.com/paritytech/banana_split
  • https://github.com/iancoleman/shamir
  • https://github.com/internet-of-people/slip39-rust

You need to share your obfuscation algorithm and vault keys with your inheritors anyways. By splitting the secret, you could also make sure none of them can get to the secret without enough shareholders collaborating.

wigy-opensource-developer avatar Mar 28 '22 06:03 wigy-opensource-developer

https://blog.keys.casa/shamirs-secret-sharing-security-shortcomings

https://en.bitcoin.it/wiki/Shamir_Secret_Snakeoil

hansbkk avatar Mar 28 '22 21:03 hansbkk

I already have to secure multiple cryptosteel locations for two sets of Secrets, I am not looking to exponentially increase that burden.

hansbkk avatar Mar 28 '22 21:03 hansbkk