[Hardware-wallet]: passphrase protection

[mpsido]

Add the possibility to use a passpharse protection on top of pin code protection.

the passphrase may be used later to encrypt wallet's memory

[mpsido]

In trezor the passphrase is used to produce mnemonic in mnemonic_to_seed function and for "root node" in storage_getRootNode function

In both cases the encryption method is: pbkdf2_hmac_sha512

[mpsido]

On trezor web app they say:

[mpsido]

@gz-c
I had another look at trezor's code concerning passphrase after our previous conversation on telegram:

On current skycoin code: the firmware will generate the "same" addresses as the desktop app if given the same seed.

According to what we said, I have been asked to do it the "trezor way" which conflicts with the behaviour of the skycoin desktop app.

Here is the difference:

The skycoin desktop app generates addresses straight from the "mnemnonic". In skycoin mnemonic=seed

On trezor though there is an extra step to get the seed from the mnemonic:
mnemonic + salt + passphrase + (some hash function pbkdf2_hmac_sha512) = final seed.
(salt is a fixed string equal to "mnemonic" in trezor code here )

which means even if the passphrase is empty (and even if the salt is empty to), the seed is still a hash of the mnemonic.

If I use the passphrase as an extra word in the mnemonic, I don't know how to combine it with the current behavior where the "seed" equals the "mnemonic". Because if I were to encrypt it the way trezor does it I do need to hash...!

For information on the desktop application use the passphrase a the key of an encryption function that encrypts the stored seed.
The passphrase is just there to decrypt the stored seed.

[gz-c]

In skycoin mnemonic=seed

For the first address.

Are you using trezor's deterministic address derivation method, or are you using skycoin's?

If you're using trezor's, the address derivation doesn't match anyway.

A simple way to add a passphrase in a Skycoin seed is append the passphrase to the mnemonic.

For information on the desktop application use the passphrase a the key of an encryption function that encrypts the stored seed.
The passphrase is just there to decrypt the stored seed.

Desktop wallet encryption is irrelevant, I don't know why you're bringing it up.

[mpsido]

@gz-c if the passphrase is just "added to the mnemonic" there is a problem in this use case:

1. the user creates a wallet with a mnemonic of his own, at this point he does not configure a passphrase yet.
2. he protects his wallet with a pin code, he feels confident enough to start doing transactions with it.
3. he gets coins on the addresses he generated with his seeds.
4. he wants to protect the wallet even more because now he has more coins, he decides to configure a passphrase.
5. from now on the addresses are generated using the new seed: new seed=mnemonic+passphrase.
6. the addresses generated with this new seed are not the same as the "old seed". his old wallet is not protected and he can't sign transactions on the old addresses when he inputs the passphrase.
   6 bis: the normal functioning is prohibit usage of wallet without passphrase as soon as a passphrase is configured, which means he can't even use his old wallet anymore.

[gz-c]

of course the user cannot modify the seed, if they want to add a seed passphrase it must be during creation. how is trezor any different?

[mpsido]

Thank you for this answer, I have enough to get started:

It is gonna impact addressGen, signature and backup functons.

Backup is tricky because we don't want the passphrase to appear on the screen during the backup process while at the same time we do want the seed to contain the passphrase.

[mpsido]

Creating issues :

• Fixed sending transactions with number of inputs/outputs multiple of … hardware-wallet-go#17
• https://github.com/skycoin/hardware-wallet-js/issues/30
• GDB doesn't work on Ubuntu 18.04+ hardware-wallet#37