BIP39 passphrase ignored

[gfeitscher]

Hi,

it seems when creating a new wallet, setting the optional BIP39 passphrase does not make a difference for the derived Bitcoin address (and presumably the private keys). The same mnemonic/secret gives the same address whether a passphrase is used or not.

How I checked: In Vault, I set up a new wallet with an additional BIP39 passphrase. Then I re-imported that wallet using the mnemonic/secret from the first time, but now without specifying the BIP39 passphrase -- and it gave me the exact same public address, which should not happen.

I also cross checked using https://iancoleman.io/bip39/: The public address corresponds to the mnemonic/secret only, the BIP39 passphrase is ignored.

I'm on Airgap Vault 28519, 3.7.0

[AndreasGassmann]

https://user-images.githubusercontent.com/680814/119865459-f75cac00-bf1b-11eb-9dad-fd320509f2f0.MOV

I just tested this by creating 2 separate accounts with the same mnemonic. The mnemonic I used was

abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about

Checking with the BIP39 tool, I get the same result.

Your flow is slightly different, I'll try some other combinations to reproduce it. Are you sure the account you had before re-importing the wallet was actually the one with the BIP39 passphrase?

[gfeitscher]

Thanks! And sorry, I retract my issue. I mistook the passphrase one can optionally enter directly after writing down the secret/mnemonic for a BIP39 optional passphrase. Don't know if anyone else is confused by that or just me. I looked through the documentation but couldn't find a detailed description of what the various passphrases exactly do. Anyway, love your app and will keep using it!

[AndreasGassmann]

Our new documentation has an FAQ entry regarding the different passphrases. The new documentation is still work in progress, so it's currently hard to find. But you can read about the differences here: https://support.airgap.it/FAQ#what-is-the-difference-between-a-secret-seed-phrase-recovery-key-and-password

[AndreasGassmann]

But thank you for your report. We are aware that the different passwords and passphrases can be confusing. We need to find a way to make it clear what their purpose is for users that are new to our apps.