Moved to bitcoin/bips#910
-
-
Save ethankosakovsky/268c52f018b94bea29a6e809381c05d6 to your computer and use it in GitHub Desktop.
Even worse would be people extracting full paths and putting the master seed manager seed into a standard wallet, so the HMAC there is almost a feature in making that unsupported/incompatible with BIP32 derivation paths below the derived seed.
Very true. No-one needs this standard to in order to export a BIP32 XPRV into another wallet that's looking for it. We'd just be suggesting a subpath to use, which isn't very interesting. Applying HMAC512 as a "firewall" or operational "barrier" is consistent with the rest of this standard and how it works.
So I'll change Coldcard (back) to making XPRV from the HMAC entropy, unless someone gives a reason otherwise.
Even worse would be people extracting full paths and putting the master seed manager seed into a standard wallet, so the HMAC there is almost a feature in making that unsupported/incompatible with BIP32 derivation paths below the derived seed.
Very true. No-one needs this standard to in order to export a BIP32 XPRV into another wallet that's looking for it. We'd just be suggesting a subpath to use, which isn't very interesting. Applying HMAC512 as a "firewall" or operational "barrier" is consistent with the rest of this standard and how it works.
So I'll change Coldcard (back) to making XPRV from the HMAC entropy, unless someone gives a reason otherwise.
out of interest which application do you have in mind for the XPRV? is there a coldcard mode for importing them?
Yes, Coldcard supports XPRV as a master secret (held in secure element). That's why it came up when I implemented this.
I have added the reference to Coldcard implementation Coldcard/firmware#39, to the BIP pull request. Everything looks good from my side. Just awaiting the BIP number assignment.
This proposal has become BIP85
few comments:
I don't think any current wallets support importing XPRV?
If I understand you propose to special case new export/import type XPRV to not use HMAC unlike other seed types
that trick would only work for this new XPRV type if other types are going through HMAC, if you wanted to handle on single coldcard both seed derivation and wallet derived from those seeds, maybe be better to work generically across key types?
eg you could type the seed into the same coldcard, and the wallet path and proceed as usual
or add user interface to select seed from the same cold card seed manager
however I think it may be undesirable for security reasons: you don't want to run other code on the seed manager because it's very high value, eg if there was a bug in the wallet code. For this reason ideally I think the seed manager device should be a single function coldcard, other HWW re-purposed, or an always offline computer with no network card, say locked in a physical safe.
Even worse would be people extracting full paths and putting the master seed manager seed into a standard wallet, so the HMAC there is almost a feature in making that unsupported/incompatible with BIP32 derivation paths below the derived seed.