In recent years, we've had several very important updates on Bitcoin protocol, such as
BIP32, BIP39, Segwit, taproot, etc. But what got me most excited is the BIP85 and I'll try to explain why throughout this post.
To understand what BIP-85 is, I recommend reading my topic with all the possible references I found at the time, where I tried to explain it in the best way I could:
How to backup multiple seeds derived from one: BIP-85BIP-85 has as one of its main functions explored by the wallets that support it, generating child seed phrases from your parent seed phrase, in addition, it can also generate xprivs, private keys, etc. What is less explored is that through BIP-85, we can mathematically generate Base64 characters that serve as a perfect password (depending on your point of view) based on its
parent seed phrase and
BIP-39 passphrase (if enabled).
See it.
One of the few software that fully explores the functionality of the BIP-85 is Coldcard (MK4 and Q) and on this page, the iancoleman .html script only explores the traditional BIP-85 (it doesn't explore the BIP-85 passwords).
If you want to go directly to the technique's execution, go straight to the '
How-to'.
MotivationWell, technically I'm not using it yet, but my grandma has a lot of difficulty storing the passwords for her digital life, she writes down her passwords in her notebook, but then loses them or takes too long to find them.
So I downloaded keepassDx on her Android, created a database and a temporary master password (until I had a better idea), but she was still unable to use it due to the complexity (considering that she is in her 70y old and is not very familiar with the digital environment).
So I had to think of a password that balances convenience without compromising basic security principles and without running risk of losing that password if it's storing login credentials other than conventional credentials, which cannot be reset (like bitcoin wallets, seedphrases, passphrases, etc).
How-to:So I had an idea: I went to generate a new password derived from one of my
seed phrases + BIP39 Passphrase, for this I used the
bitcoiner.guide script, like
iancoleman, can be generated offline and saved a copy of the .html to run on any device (mainly offline).
After
typing my backup seed phrase + Passphrase BIP39:
I went to
BIP85: Deterministic Entropy > Selected the
password length (e.g: 15) > and the index number
(BIP85 PWD Index) and the result is a random and robust password like this:
I used the password generated by BIP-85 as the
master password for the KeepassDx database, in KeepassDx we can also access the database only with biometrics (fingerprint only, not facial), this way I killed two birds with one stone:
She doesn't need to enter the password generated by the BIP-85 every time she accesses, she can simply use her fingerprint, if KeepassDx no longer requests biometrics, she accesses it by typing the password, and if she loses the password, it will no longer be the end of the world, as long as the following are not lost:
The parent backup seed phrase;
BIP39 passphrase;
Password Length;
Index.
With access to this information, simply use the BIP85 Passwords compatible tool (like
this or coldcard) and restore access to the keepass database.
This method is very useful if you store Bitcoin wallet passwords, secondary passphrases depending on your objective: password managers, veracrypt and etc. where you cannot lose the password.
Of course, I could use 12-word mnemonic words as a keepass password, but that's up to you, it depends on each user's paranoia, some think complex passwords like those generated by the BIP-85 are more secure, I'm tending towards passphrases like: 'chase acoustic lyrics' than complex passwords.
Like I said, it's just an experiment that has already helped me solve a very common problem: losing passwords that cannot be reset by common methods.
I'll stop here now, this got very long, I'll continue if there's any discussion, use it sparingly and adapt it as best suits you.
