HD Aezeed export incomplete/invalid

BlueWallet / BlueWallet

Bitcoin wallet for iOS & Android. Built with React Native

https://bluewallet.io

MIT License

2.72k stars 818 forks source link

HD Aezeed export incomplete/invalid #5871

Open Mathias-U1F596 opened 12 months ago

Mathias-U1F596 commented 12 months ago

Precondition: An HD Aezeed wallet is imported using 24 words as cipher seed and a string as cipher seed passphrase.

When exporting an HD Aezeed wallet the cipher seed (24 words) is shown as text and QR code correctly. However, the cipher seed passphrase is missing. That invalidates the wallet backup leading in potential loss of funds.

Overtorment commented 11 months ago

We discussed this a while ago with @ncoelho

Basically, for every wallet that pass a passphrase we dont display the passphrase on the backup screen.

Not Aezeed specific.

Overtorment commented 11 months ago

Ok, I've looked up our discussuons, and basically we treat passwords for seeds as a part of plausible deniability feature, that's why they are not displayed on the backup screen. You just have to keep your pass separate from your seed (like, in your head)

Mathias-U1F596 commented 11 months ago

A reference to the discussion could be useful here.
For the user experience, it should be pointed out in several places that the wallet cannot be backed up without further knowledge.
An option to secure with a passphrase would leave the decision on this security issue to the user.

Overtorment commented 11 months ago

summon @ncoelho

Overtorment commented 10 months ago

ok so apparently for Aezeed you cant use different passwords to have plausible deniability. wrong password will not decrypt the wallet at all.

@ncoelho what if we will display password for Aezeed wallet, but for BIP39 wallet with password we will display text "There is also a password for this wallet that is not shown"