-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Enhancement] Add additional BIP-85 applications, especially Base64 Passwords #468
Comments
It looks like embit doesn't include a feature to derive a password: But Coldcard's implementation seems fairly simple: |
This can indeed be very helpful! |
Available to test on 24.10.beta5! |
Brilliant, it appears to work perfectly! This will be so helpful, appreciate the effort. And variable password lengths makes it even better than Coldcard's implementation. Always using passwords of 21 characters could provide hints to an attacker that they are potentially BIP85 passwords. I agree that QR codes for passwords might be risky for some use cases, but it seems like a mistake to not include the QR display feature. Let users decide if they want to use it or not based on their situation. Being able to scan the QR code would absolutely simplify my completely offline air gapped use case. If it isn't too much effort to display passwords as QR codes, I personally would prefer having it as an option. Also, I don't want or like Coldcard's USB keyboard type feature for typing passwords. No worries that Krux can't do that. |
You know how to convince me 😁 |
24.10.beta6: Allow export BIP85 passwords to SD and as QR code |
Good to know! 😜 Thanks for adding this, will make a world of difference. Any thoughts on when it might make it into an official release? |
I just realized there may be one more thing necessary to complete this feature. Setting a passphrase for a wallet only has the options to |
I suspect it will magically work as intended. While the qrcode will originate from a bip85 password, it will simply decode into text which is no different than if you'd created the password with tools/create-a-qrcode. You'll be able to use it like an encrypted-mnemonic key, or a bip39 passphrase, or anywhere else that is expecting to decode a qrcode into text. |
Indeed, it does work, for both manually typing a password as well as scanning a password. The labels are deceptive since they say |
Please elaborate on this. When I try to create a bip85 base64 password, I am proposed to save the file to sdcard as "BIP85_password.txt" which seems correct to me... it is a default hint of where the password came from. When viewing the qrcode, it's just "Base64 Password" below the qrcode image...which also seems correct. When using Tools / Create QR Code, I get a label of "Custom QR Code" under the qrcode image, and can save to sdcard as Custom_QR_.pbm If you're referring to setting a passphrase on top of your BIP39 mnemonic, then the labels "Scan BIP39 Passphrase" or "Type BIP39 Passphrase" are an important distinction... regardless of where the password/passphrase originated, it is going to be applied as a BIP39 passphrase which will end up changing the resulting BIP32 root master wallet and all derived xpubs/addresses beneath it. |
This makes total sense now. I was reading |
@odudex Did something change between beta5 and beta6? The passwords generated by Krux are no longer the same as the passwords generated by my Coldcard Q. I'm 99% sure that I verified they were the same when you first added the feature, right before I posted my "Brilliant!" comment. I can't imagine that I wouldn't have tested it. But I may not have double-checked again after installing the beta6 release. Steps to ReproduceI'm using this throwaway QR code as the starting BIP39 for my tests: On Krux:
On Coldcard:
|
I'm so sorry, I added a bug during a refactor, omitted the length from the derivation path. I was sloppy not using external references for the tests I later implemented. |
Latest build works like a charm! Thanks for the fix. |
I tested the first version by hand. The "external reference" testcases for bip85 were actually wrong at the time... for about a 1 week span (the password was correct but the entropy was wrong and according to the bip, both are supposed to pass). I should have caught your refactor, but I didn't. Not sure I would have caught it before release either (more to review is more to miss). I'm sure glad that @nervetrip caught this early!!! 🙏 |
It would be really nice if more BIP-85 applications were supported in Krux. I would especially appreciate the BIP-85 "PWD BASE64" application for password generation. Here's the relevant section of the BIP-85 spec:
https://github.com/bitcoin/bips/blob/master/bip-0085.mediawiki#pwd-base64
For reference, Coldcard can be used to generate 21 character passwords instead of seed words for each BIP-85 index: https://coldcard.com/docs/bip85-passwords/
Coldcard currently offers the following BIP-85 applications (Krux offers only the first two):
The text was updated successfully, but these errors were encountered: