search

paulmillr / scure-bip39

Secure, audited & minimal implementation of BIP39 mnemonic phrases
https://paulmillr.com/noble/#scure
MIT License
122 stars 30 forks source link

Salt prepending "mnemonic" #18

Closed curtis-h closed 1 year ago

curtis-h commented 1 year ago

Great library, really appreciate your work!

I'm wondering if the salt() should be transforming the passphrase by prepending "mnemonic"?

const salt = (passphrase: string) => nfkd(`mnemonic${passphrase}`);

As far as I can tell this is undocumented, and could catch developers unawares, if they haven't dived in to the code, creating a passphrase different to what they expect.

Some ideas I've had for possible alternatives:

Happy to make a PR if it helps :)

paulmillr commented 1 year ago

this is undocumented

https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#user-content-From_mnemonic_to_seed

curtis-h commented 1 year ago

Sorry I was not aware of that, thankyou for letting me know :)