Closed jonjonez closed 1 week ago
This does not seem like a good solution (although may be I have misunderstood it). It is trivial to determine that the encrypted seed words do not pass a checksum test. You cannot actually store any funds in the decoy wallet. For this use case, why not use a BIP39 passphrase?
Closing in favour of using BIP39 passphrase for this use case.
Seed-otp is the best way to hide a secret (BIP39 mnemonic) by scrambling a real BIP39 (which the user actually uses) and the output is a decoy seed (another BIP39 mnemonic) where combined with a secret key (OTP-key) together with the decoy seed encrypted = regenerates the true BIP39 Mnemonic again.
See more details in the github project: https://github.com/brndnmtthws/seed-otp/blob/master/README.md
This is the epitome of security that was missing, normally users encrypt their mnemonics using tools that can put their funds at risk, whether due to misuse or a compromised tool, when sensitive data is not leaked.
The only problem with Seed-otp is that it produces its seed encrypted by new words that do not contain a checksum.
This can protect users in cases of plausible deniability (extortion etc), where he presents this decoy seed (but without a checksum, so there is no way it can be used to finance funds to convince someone that this is their "real" wallet).
I really like the sparrow wallet as it is one of the only wallets that are innovating right now. And I'd really like to see a similar solution like this.