Bitcoin Forum
November 09, 2024, 06:58:52 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Bitcoin seed mnemonic one-time pad tool
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Bitcoin seed mnemonic one-time pad tool  (Read 285 times)
brndnmtthws (OP)
Newbie
*
Offline Offline

Activity: 13
Merit: 11


View Profile
December 06, 2018, 01:47:55 PM
Merited by DarkStar_ (5), ABCbits (2), NeuroticFish (1)
 #1
I posted this in an old thread, but the post got deleted. I guess the mods didn't appreciate me digging up on old thread Cheesy.

Anyway, I created a Python tool for using a one-time pad for seed phrase storage:

https://github.com/brndnmtthws/seed-otp

There's a fairly detailed discussion of the pros/cons of using this on the github readme.

I hope someone finds it useful!
NeuroticFish
Legendary
*
Offline Offline

Activity: 3850
Merit: 6583


Looking for campaign manager? Contact icopress!


View Profile
December 06, 2018, 08:53:55 PM
 #2
One minus I see is that the user has to store safely a string like AAwCnwGIAe0EWABWAI4AkAMjAFQBLgZjB1T1PJtz too. This is not that far from safekeeping a private key and you risk - then your trezor breaks (I didn't forget the use case) - that you don't remember what this AAwCnwGIAe0EWABWAI4AkAMjAFQBLgZjB1T1PJtz was for.

One plus is that one can safely keep the new seed at hand because it will not work with Trezor, Electrum or whatever.

I also have to say something about the word lists:

1. Keep one word list. If somebody will try to use a non-standard 65535 word list and will forget after some years what he used you may have some odd sort of bug reports there.
2. Keep one country. People will forget they've used this or that. Even worse, some will use incorrect files and will lose diacritics or other special characters and won't remember what they have to do to fix.

My mother tongue is not English, but on computers I stick to English because it reduce the chances for headaches.
███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████
███████████████████████		.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
brndnmtthws (OP)
Newbie
*
Offline Offline

Activity: 13
Merit: 11


View Profile
December 07, 2018, 12:56:49 PM
 #3
Quote from: ETFbitcoin on December 06, 2018, 05:35:24 PM
Interesting idea, even though BIP39 already have optional encryption. But IMO this only change the problem since you need to keep your OTP secure.
If i were to use your software, i'd encrypt the OTP with my own passphrase that i could remember and store it together with encrypted words.

Your readme.md is very neat BTW Smiley

Quote from: brndnmtthws on December 06, 2018, 01:47:55 PM
I posted this in an old thread, but the post got deleted. I guess the mods didn't appreciate me digging up on old thread Cheesy.

It's against forum rules, unless there's good reason to do it.

I don't think any of the wallet vendors implement the encryption part, AFAIK. But yes, you would have to store the key somewhere. You could actually write it down on paper as well, but that defeats the purpose. The point is to store the key and the seed differently, making it rather difficult to get both (or infer any information about the other).
hatshepsut93
Legendary
*
Offline Offline

Activity: 3038
Merit: 2161


View Profile
December 07, 2018, 06:23:41 PM
 #4
You can take it one step further and convert both one-time pad and the resulting ciphertext into the same mnemonic format as the original seed. This will allow users to enjoy the benefits of mnemonic format - ability to memorize it, being easy to write down on paper and easy to transfer from paper back to computer.
brndnmtthws (OP)
Newbie
*
Offline Offline

Activity: 13
Merit: 11


View Profile
December 07, 2018, 11:56:22 PM
 #5
Quote from: hatshepsut93 on December 07, 2018, 06:23:41 PM
You can take it one step further and convert both one-time pad and the resulting ciphertext into the same mnemonic format as the original seed. This will allow users to enjoy the benefits of mnemonic format - ability to memorize it, being easy to write down on paper and easy to transfer from paper back to computer.
That's a cool idea, I hadn't thought of that. It's definitely possible!

The only downside I can think of is that if you forget which is the key and which is the seed it might take a few attempts to figure it out. I suppose that's a reasonable trade off since you normally wouldn't have to restore from a backup very frequently.
hatshepsut93
Legendary
*
Offline Offline

Activity: 3038
Merit: 2161


View Profile
December 08, 2018, 12:39:24 AM
 #6
Quote from: brndnmtthws on December 07, 2018, 11:56:22 PM
Quote from: hatshepsut93 on December 07, 2018, 06:23:41 PM
You can take it one step further and convert both one-time pad and the resulting ciphertext into the same mnemonic format as the original seed. This will allow users to enjoy the benefits of mnemonic format - ability to memorize it, being easy to write down on paper and easy to transfer from paper back to computer.
That's a cool idea, I hadn't thought of that. It's definitely possible!

The only downside I can think of is that if you forget which is the key and which is the seed it might take a few attempts to figure it out. I suppose that's a reasonable trade off since you normally wouldn't have to restore from a backup very frequently.

It actually wouldn't make any difference, since decryption is just addition modulo 2048 and both parts are of the same length, so ciphertext + key and key + ciphertext both yield the plaintext.

Also, the cool side effect is that you can use both the key and the ciphertext as some sort of decoy wallets. Providing you have copies and backups, you can give them up to physical attackers to lose only a fraction of your coins.
DaCryptoRaccoon
Hero Member
*****
Offline Offline

Activity: 1241
Merit: 623


OGRaccoon


View Profile
December 08, 2018, 12:55:31 AM
 #7
Looks good but I would have to warn users to read this before installing anything in PyPi...

There has been a massive malware push with repos from PyPi..

https://www.theregister.co.uk/2018/11/26/npm_repo_bitcoin_stealer/
┏━━━━━━━━━━━━━━━━━┓
┃     𝔱𝔥𝔬𝔲 𝔰𝔥𝔞𝔩𝔱 𝔴𝔬𝔯ⱪ 𝔣𝔬𝔯 𝔶𝔬𝔲𝔯 𝔟𝔞𝔤𝔰       ┃
┃                ➤21/M                      ┃
┃ ███▓▓  ███▓▓  ███▓▓  ███▓▓┃
brndnmtthws (OP)
Newbie
*
Offline Offline

Activity: 13
Merit: 11


View Profile
December 08, 2018, 01:56:26 AM
 #8
Quote from: hatshepsut93 on December 08, 2018, 12:39:24 AM
Quote from: brndnmtthws on December 07, 2018, 11:56:22 PM
Quote from: hatshepsut93 on December 07, 2018, 06:23:41 PM
You can take it one step further and convert both one-time pad and the resulting ciphertext into the same mnemonic format as the original seed. This will allow users to enjoy the benefits of mnemonic format - ability to memorize it, being easy to write down on paper and easy to transfer from paper back to computer.
That's a cool idea, I hadn't thought of that. It's definitely possible!

The only downside I can think of is that if you forget which is the key and which is the seed it might take a few attempts to figure it out. I suppose that's a reasonable trade off since you normally wouldn't have to restore from a backup very frequently.

It actually wouldn't make any difference, since decryption is just addition modulo 2048 and both parts are of the same length, so ciphertext + key and key + ciphertext both yield the plaintext.

Also, the cool side effect is that you can use both the key and the ciphertext as some sort of decoy wallets. Providing you have copies and backups, you can give them up to physical attackers to lose only a fraction of your coins.
That's true, but it also depends on how you encode the values.

I'm not sure it would work as decoy keys, because there is actually a checksum built into the BIP39. When you run the keys through the OTP it breaks the checksum. Unless you have a wallet that ignores the checksum, the words wouldn't work as a proper key (or at least, it's extremely unlikely they would work).
brndnmtthws (OP)
Newbie
*
Offline Offline

Activity: 13
Merit: 11


View Profile
December 08, 2018, 02:04:03 AM
 #9
Quote from: MagicByt3 on December 08, 2018, 12:55:31 AM
Looks good but I would have to warn users to read this before installing anything in PyPi...

There has been a massive malware push with repos from PyPi..

https://www.theregister.co.uk/2018/11/26/npm_repo_bitcoin_stealer/


You can always grab the source off GitHub if you're worried about it.

And strictly speaking, this problem exists with all software distribution, not just npm or pypi packages Smiley Unless you audit the source code and compile it yourself, there's no way to be 100% certain the code isn't compromised in some way, even if the binaries/packages themselves are signed. You can compile Linux from scratch if you want, but it takes a while: http://www.linuxfromscratch.org/ (oh and some hardware these days requires binary firmware blobs without any source code, such as wireless drivers)
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Bitcoin seed mnemonic one-time pad tool
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!