search

merland / seedpicker

Create your own BIP39 seed phrase, securely and transparently.
http://seedpicker.net
MIT License
44 stars 20 forks source link

Feature Request: Add Root Fingerprint to Output #23

Closed mflaxman closed 3 years ago

mflaxman commented 3 years ago

It turns out this is required for interoperability with Coldcard as well as Spectre.

The easiest way to do this now is as follows, but it's obviously sketchy (destroys much of the security benefit of seedpicker!):

  1. Calculate last word for abandon repeated 23x here (will correctly return art): http://seedpicker.net/calculator/last-word.html
  2. Open up an Electrum console and input 24 words into this script: 
    >> from electrum import keystore
>> ks = keystore.from_bip39_seed("abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon art", passphrase="", derivation="m/48'/0'/0'/2'")
>> ks.get_root_fingerprint()
'5436d724'

    Screen Shot 2020-08-20 at 10 52 49 AM

Code snippet on how to calculate root fingerpint here: https://github.com/spesmilo/electrum/blob/9d0bb295e6f55a2bff9f5b6770fa744c16af6e8a/electrum/keystore.py#L685-L690

This one may be easier to read: https://github.com/lyndsysimon/bip32utils/blob/56f5a56d1c54e648f35b670a87efabbca08fffae/bip32utils/BIP32Key.py#L244-L266

Maybe for UX purposes, you'd want to hide this behind Show more (for advanced users)?

merland commented 3 years ago

Thanks for this feature request. I'd be happy to implement it, seems straightforward. Agree that it would fit under Show more, for now anyway. A bit occupied with other projects but will try to fit it in. Also: thanks for mentioning SeedPicker on btcguide! :)

mflaxman commented 3 years ago

Forgot to mention my own code snippet in golang to calculate this (just research code not cleaned up yet, but in case it helps)!

https://github.com/mflaxman/human-rng-golang

merland commented 3 years ago

I'm not so good at python (or golang), so I thought I'd look up the standard recipe for cooking a root fingerprint. Is this in any of the BIPs? I couldn't find it.

mflaxman commented 3 years ago

There isn't really, it's just something coldcard picked up for registering xpubs in a multisig and then Spectre copied :(

Maybe this 2-line code snippet is more clear? It's the master parent xpub (no derivation needed).

https://github.com/cryptoadvance/specter-desktop/blob/5cc92c989f6d071da6d936c06e0ba5629f03b7ce/src/cryptoadvance/specter/helpers.py#L126-L128

merland commented 3 years ago

This was really helpful, thanks! I was able to run the specter snippet and got a js unit test working now.

merland commented 3 years ago

This is implemented on seedpicker.net now (Cache reset may be necessary).
Please advise on wording and appearance.

mflaxman commented 3 years ago

The functionality looks great, thanks! I tested it against my python and golang scripts for zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo buddy and it correctly returns 669dce62.

I did notice a security vulnerability on this PR that I think should be addressed ASAP: https://github.com/merland/seedpicker/commit/8421201e0229ff0e68fea5613cc30311716530ee#r41919841

mflaxman commented 3 years ago

Btw, I'm closing this as it's done, right? Love the new feature!