Open iancoleman opened 7 years ago
I have been looking for a way to obfuscate if not securely encrypt my cryptosteel backed up mnemonics, rather than storing in cleartext, in case someone finds them, recognizes what they are, e.g. a fireman after the house burns down.
One path has been this idea https://github.com/iancoleman/bip39/issues/183#issuecomment-427062789
Using the cleartext mnemonic as input to some conversion to a hex string that then gets fed as entropy into this tool, to generate a different mnemonic and thus the actual wallet restore seed.
It would be a convenient shortcut to simply accept a valid mnemonic and only a valid mnemonic in the custom entropy field.
It should only generate a new mnenomic of the same length as the one input.
It should NOT (IMO) allow arbitrary brainwallet-type input text. But in either case, a big scary pop-up along the lines "DO NOT use words YOU have selected, only those generated by true entropy at random. Are you SURE these words are RANDOMLY generated?"
Note that I also plan to have a 12-word high entropy mnemonic, stored on cryptosteel hidden in a separate location for use as the BIP39 passphrase.
...
Suggestions welcome for another "standard" way to turn a mnemonic input into a deterministic hex output, 12-word to 32char, 24-word to 64char.
Instead of coming up with these clever obfuscation techniques, have you considered splitting your secret and not putting all your eggs in the same basket?
You need to share your obfuscation algorithm and vault keys with your inheritors anyways. By splitting the secret, you could also make sure none of them can get to the secret without enough shareholders collaborating.
I already have to secure multiple cryptosteel locations for two sets of Secrets, I am not looking to exponentially increase that burden.
Entropy should be able to source from the following character sets:
This means keyboard mashing will seem a lot more effective, but I think the current technique of filtering keyboard mashing to only hex characters is worse than using the full alphabet.