Open nervetrip opened 1 week ago
nervetrip
commented
1 week ago It looks like embit doesn't include a feature to derive a password: https://github.com/diybitcoinhardware/embit/blob/master/src/embit/bip85.py
But Coldcard's implementation seems fairly simple: https://github.com/Coldcard/firmware/blob/master/shared/drv_entro.py#L101
odudex
commented
5 days ago This can indeed be very helpful! Coldcard can simulate keystrokes through USB, but this would not be possible for most of our devices. Would it suffice to show the passwords on the screen? As QR codes, it could be dangerous; people would likely need to pass it through third-party apps before using it to log in. I would also add a step for choosing length, defaulting to 21 to match CC.
odudex
commented
4 days ago Available to test on 24.10.beta5!
nervetrip
commented
4 days ago Brilliant, it appears to work perfectly! This will be so helpful, appreciate the effort.
And variable password lengths makes it even better than Coldcard's implementation. Always using passwords of 21 characters could provide hints to an attacker that they are potentially BIP85 passwords.
I agree that QR codes for passwords might be risky for some use cases, but it seems like a mistake to not include the QR display feature. Let users decide if they want to use it or not based on their situation. Being able to scan the QR code would absolutely simplify my completely offline air gapped use case.
If it isn't too much effort to display passwords as QR codes, I personally would prefer having it as an option. Also, I don't want or like Coldcard's USB keyboard type feature for typing passwords. No worries that Krux can't do that.
odudex
commented
4 days ago Let users decide
You know how to convince me 😁
odudex
commented
3 days ago 24.10.beta6: Allow export BIP85 passwords to SD and as QR code
nervetrip
commented
3 days ago You know how to convince me 😁
Good to know! 😜 Thanks for adding this, will make a world of difference. Any thoughts on when it might make it into an official release?
nervetrip
commented
3 days ago I just realized there may be one more thing necessary to complete this feature. Setting a passphrase for a wallet only has the options to Type BIP39 Passphrase and Scan BIP39 Passphrase. Would be ideal to enter and scan BIP85 passwords (21 characters or any valid length) as well as BIP39 seeds.
jdlcdl
commented
3 days ago Would be ideal to enter and scan BIP85 passwords (21 characters or any valid length) as well as BIP39 seeds.
I suspect it will magically work as intended. While the qrcode will originate from a bip85 password, it will simply decode into text which is no different than if you'd created the password with tools/create-a-qrcode. You'll be able to use it like an encrypted-mnemonic key, or a bip39 passphrase, or anywhere else that is expecting to decode a qrcode into text.
nervetrip
commented
2 days ago I suspect it will magically work as intended.
Indeed, it does work, for both manually typing a password as well as scanning a password. The labels are deceptive since they say BIP39, but I can live with that. Removing BIP39 from the labels would make them more accurate, but perhaps that reduces the descriptiveness of the more common usage.
jdlcdl
commented
1 day ago The labels are deceptive since they say BIP39...
Please elaborate on this. When I try to create a bip85 base64 password, I am proposed to save the file to sdcard as "BIP85_password.txt" which seems correct to me... it is a default hint of where the password came from. When viewing the qrcode, it's just "Base64 Password" below the qrcode image...which also seems correct. When using Tools / Create QR Code, I get a label of "Custom QR Code" under the qrcode image, and can save to sdcard as CustomQR.pbm
If you're referring to setting a passphrase on top of your BIP39 mnemonic, then the labels "Scan BIP39 Passphrase" or "Type BIP39 Passphrase" are an important distinction... regardless of where the password/passphrase originated, it is going to be applied as a BIP39 passphrase which will end up changing the resulting BIP32 root master wallet and all derived xpubs/addresses beneath it.
nervetrip
commented
1 day ago the labels "Scan BIP39 Passphrase" or "Type BIP39 Passphrase" are an important distinction...it is going to be applied as a BIP39 passphrase...
This makes total sense now. I was reading BIP39 but was thinking BIP85. Keeping these labels as is makes the most sense. Please forgive my confusion.
It would be really nice if more BIP-85 applications were supported in Krux. I would especially appreciate the BIP-85 "PWD BASE64" application for password generation. Here's the relevant section of the BIP-85 spec: https://github.com/bitcoin/bips/blob/master/bip-0085.mediawiki#pwd-base64
For reference, Coldcard can be used to generate 21 character passwords instead of seed words for each BIP-85 index: https://coldcard.com/docs/bip85-passwords/
Coldcard currently offers the following BIP-85 applications (Krux offers only the first two):