-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Hardware-wallet]: passphrase protection #134
Comments
In trezor the passphrase is used to produce mnemonic in mnemonic_to_seed function and for "root node" in storage_getRootNode function In both cases the encryption method is: pbkdf2_hmac_sha512 |
@gz-c On current skycoin code: the firmware will generate the "same" addresses as the desktop app if given the same seed. According to what we said, I have been asked to do it the "trezor way" which conflicts with the behaviour of the skycoin desktop app. Here is the difference: The skycoin desktop app generates addresses straight from the "mnemnonic". In skycoin mnemonic=seed On trezor though there is an extra step to get the seed from the mnemonic: which means even if the passphrase is empty (and even if the salt is empty to), the seed is still a hash of the mnemonic. If I use the passphrase as an extra word in the mnemonic, I don't know how to combine it with the current behavior where the "seed" equals the "mnemonic". Because if I were to encrypt it the way trezor does it I do need to hash...! For information on the desktop application use the passphrase a the key of an encryption function that encrypts the stored seed. |
For the first address. Are you using trezor's deterministic address derivation method, or are you using skycoin's? If you're using trezor's, the address derivation doesn't match anyway. A simple way to add a passphrase in a Skycoin seed is append the passphrase to the mnemonic.
Desktop wallet encryption is irrelevant, I don't know why you're bringing it up. |
@gz-c if the passphrase is just "added to the mnemonic" there is a problem in this use case:
|
of course the user cannot modify the seed, if they want to add a seed passphrase it must be during creation. how is trezor any different? |
Thank you for this answer, I have enough to get started: It is gonna impact addressGen, signature and backup functons. Backup is tricky because we don't want the passphrase to appear on the screen during the backup process while at the same time we do want the seed to contain the passphrase. |
Add the possibility to use a passpharse protection on top of pin code protection.
the passphrase may be used later to encrypt wallet's memory
The text was updated successfully, but these errors were encountered: