Closed BoGitter closed 2 years ago
merland
commented
2 years ago Thanks for this suggestion @BoGitter ! I tried to familiarize myself a little bit with the "Seed XOR" method, I haven't used it myself. A first clarifying question: Why don't you want to use the 24th word calculated by ColdCard? Both ColdCard and SeedPicker generate valid results, we just pick the checksum a bit differently. Involving SeedPicker in the Seed XOR method seems redundant and a bit confusing for the user.
merland
commented
2 years ago Also, SeedPicker does mention that there are multiple valid words, admittedly could be made more clear. Hover over the little question mark next the the resulting word, and you will see a tooltip text.
BoGitter
commented
2 years ago My goal was to verify the result of ColdCard's 24th word without depending on ColdCard. If ColdCard quits or all devices are gone, this would deal with my dependence on a ColdCard device when restoring.
merland
commented
2 years ago Ok, I see. However: Once you successfully import your seed phrase once in any kind of wallet, you can know for sure that the 24th word is valid and you never need to re-verify the seed phrase.
When I first created SeedPicker, no hardware solutions existed for calculating the 24th word, in fact this was the only reason for creating it. Now that ColdCard and other hardware wallets have implemented this feature, they are the preferred way of doing it if you already bought one. SeedPicker in offline mode on a secure machine is perfectly safe (and free!), but a dedicated single-purpose computer is - of course - much more convenient.
If you still want a browser tool to verify an existing seed phrase, I highly recommend https://iancoleman.io/bip39/. Offline mode on a secure machine, needless to say!
There is also another related issue - #16 - that we have not mentioned yet. Still unimplemented but I believe that would work for your situation as well. Please comment on that issue if you want it to happen.
BoGitter
commented
2 years ago The thing with XOR is that if you combine 2 seeds (e.g. your steel backup) to create your Resulting Seed Phrase, the 24th word is always missing. If there is no access to a ColdCard wallet, then you can't verify the seed phrase. That's why I was looking for an alternative to find the right 24th word of the Resulting Seed Phrase...
Thanks for help! Much appreciated!
merland
commented
2 years ago Ok, that's a bit odd... But what I said above is still valid: When you have done it once, you will never have to re-validate the 24th word.
The Seed XOR scheme is something quite ColdCard specific and 'non-standard'. So you should probably not expect anyone outside ColdCard to build any supporting tools for it. Personally, I think Seed XOR seems more confusing than helpful, most of its benefits can be achieved by using a good passphrase (or several), a more standardized method.
BoGitter
commented
2 years ago Some extra clarification, maybe you already saw it. After XORing seeds there is already a hint for the 24th word.
XOR = 643 71C 450 544 12E 0C0 7B3 4C6 706 7EF 4DD 08C 4BC 2B5 2BD 604 0A8 070 0B1 7B1 7ED 57E 555 3xx
It must start with the indicated digit 3 meaning the final word is between gas [300] - lend [3FF] and therefore the correct final word is indoor [398].
What you could do is an input text box for advanced XOR users where you ask for the first alphanumeric character of the 24th word of the Resulting Seed Phrase and then calculate the checksum. But I also understand it might be confusing for new users how to know what is meant by the first alphanumeric character.
A different approach could be to check if someone wants to check a "Raffle Checksum" or a "XOR Checksum" or you could even provide two completely different calculators with independent files. Or you can leave it all together of course...
BoGitter
commented
2 years ago Ok, that's a bit odd... But what I said above is still valid: When you have done it once, you will never have to re-validate the 24th word. The Seed XOR scheme is something quite ColdCard specific and 'non-standard'. So you should probably not expect anyone outside ColdCard to build any supporting tools for it. Personally, I think Seed XOR seems more confusing than helpful, most of its benefits can be achieved by using a good passphrase (or several), a more standardized method.
True, but this assumes you have it. My situation is where the Colcard is lost and you want to restore a backup which you have secured by using XOR. You end up with an incomplete backup of 23 words + 1 digit. That's why they recommend to save the 24th word somewhere, but I think it would be better if there is an alternative way to find the right checksum, for example via Seedpicker.
merland
commented
2 years ago I really appreciate your interest and your suggestion but I don't think this is a suitable feature for SeedPicker. Mainly because I want SeedPicker to be as simple as possible.
Another reason is that I would probably not recommend anyone to use a non-standard security scheme such as Seed XOR. Obfuscation can easily backfire...
BoGitter
commented
2 years ago Ok fair enough. Thanks for your help!
For others who want to manually find the right 24th word after XORing two or more seeds BIP39-Dice might be an option. Adjust rolls.txt and run python 24thword.py and pick the right one. No guarantees!
See Coldcard's Seed XOR. Scroll to Resulting Seed Phrase.
If you input the Resulting Seed Phrase
silent toe meat possible chair blossom wait occur this worth option bag nurse find fish scene bench asthma bike wage world quit primaryin Seedpicker, the 24th word is "all". The output of ColdCard's 24th word is "indoor". This is confusing for users who try to verify their seed.Suggestion At this moment Seedpicker automatically picks the alphabetically 1st outcome as discussed here and here and here which is the most user friendly and error avoiding way. But for SEED XOR users it might be confusing, because (1) you'll have to find out that there more checksums possible and (2) that Seedpicker always picks the first. Suggestions: