Walletwasabi: Add Test Recovery Words Tab
We can serialize the hash of the recovery words to the wallet file and with that we can test them against a wallet.
Note, we should also include the password into the tester. (Since that's the 13th word.)
nopara73
All 10 comments
ref that tweet, here is what we did on Coldcard.
nvk
on 8 Apr 2019
I would agree with this if we weren't using bip38. The idea behind bip38 is protecting (encrypt) a secret with a password making impossible for an someone to recover it without knowing the encryption password. For Wasabi users this means that even if someone get access to the wallet file their money is still safe. Moreover, bip38 makes password hard to crack simply because it wouldn't make any sense to protect something with a password if that password is easy to break.
This proposal, if I understand it correctly, would weaken the password protection mechanism by providing a fast mechanism for check whether a password is correct or not for those having the mnemonic. I mean, the idea needing _something that you know_ + _something that you have_ will be reduced to _something that you have_.
Is this correct?
lontivero
on 9 Apr 2019
You already know if it is correct by accessing the wallet. But the fingerprint ID poses no extra risks, we used the same standard as the BIP32
https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#key-identifiers
nvk
on 9 Apr 2019
The only way to know if it is correct by accessing the wallet is by brute forcing the password and checking if the key is correct, that takes about a second in a decent computer. However, having the mnemonic and the fingerprint I could break the password easier because scrypt is not involved in the process. If I am wrong please explain me why.
lontivero
on 9 Apr 2019
We are talking about different things, see twitter thread. Fingerprint is a hash of a pubkey.
(mobile)
nvk
on 9 Apr 2019
We are talking about different things, I agree. It seems you use bip39 with passphrase (pbdkf2 is not for making passwords hard to crack) and we use bip39 + passphrase too but protected with bip38 which uses scrypt to resist brute-force attacks (using the extended word as password too). This is why I say that I would agree with this idea except for the fact that we use passphrase-protected key (you don't).
I doesn't make any sense to me to implement a bip that makes passwords resistant to brute-force attacks and at the same time introduce a mechanism that make passwords vulnerable to brute-force attacks.
lontivero
on 9 Apr 2019
lol, it's pretty simple I just realized
Just ask from the user and verify it against the encryptedsecret as follows:
- User knows the encrypted secret.
- Ask recovery words from user + 13rd word (password)
- Get the secret, encrypt it with the 13th word (password)
- You have an encrypted secret.
nopara73
on 24 Dec 2019
That is okay because it doesn't weaken the security.
lontivero
on 24 Dec 2019
Nice, but why don't we store the password encrypted 12 recovery words in the wallet file, as described here?
MaxHillebrand
on 24 Dec 2019
Explained here: https://github.com/zkSNACKs/WalletWasabi/issues/2049#issuecomment-568768026
nopara73
on 24 Dec 2019
Related issues
molnard
·
3Comments
gabridome
·
3Comments
MaxHillebrand
·
3Comments
MaxHillebrand
·
3Comments
trading2835
·
3Comments