Open patricknwn opened 6 years ago
To add some detail, even if it should be 44'/145'/0', many services use the 44'/0'/0' derivation path. In other words, hard-coding this to the new path will cause problems also.
For example:
44'/0'/0'
44'/145'/0'
0'
It should definitely be 44'/145'/0'. Using the BTC BIP44 derivation path 44'/0'/0' will cause users to share keys with BTC outputs which is a security risk.
Here is an example where it looks like this issue is causing a user to avoid the bitcoin.com wallet (I have not reproduced that user's full procedure that fails yet though).
I came to post the copay issue that discussed the scenarios and saw patricknwn had already edited into the original post. I think that issue is at least a good guide for the scenarios to be considered.
@pezcore hard coding to 145 will cause many seeds to be unusable in the bitcoin.com wallet. It's good as the default but there must be a way to use other paths, no?
@emergent-reasons Absolutely. The derivation path should be user-controllable with 145' as the default coin path as per SLIP-0044. Also it is important for the app to educate users about how BIP32 works: at the minimum it should be made clear that both a secret key and a derivation path are required to back up an account.
We're looking into this, excuse us for taking this long to respond.
When trying to import a wallet using my BIP-39 mnemonic seed, the derivation path defaults to m/44'/0'/0' which is the "old" BTC derivation path. I can succesfully import my wallet with this derivation path and see the one test transaction I made using that derivation path.
BCH wallets are expected to use the m/44'/145'/0' derivation path however for the first account, as per the SLIP-0044 list of coin types (https://github.com/satoshilabs/slips/blob/master/slip-0044.md). The wallet that I am trying to restore thus uses this m/44'/145'/0' derivation path.
When I'm trying to import my wallet using this m/44'/145'/0' derivation path, I get an error message that the derivation path is incorrect. The m/44'/0' path seems to be hardcoded for non-testnet wallets in the file Wallet/src/js/services/derivationPathHelper.js. On line 43 the function returns false if the coin_type is not either 0' (live) or 1' (testnet). It should support 145' too for BCH.
[EDIT]: it seems related to Copay issue #7216