Thanks for your feedback !
I am not sure whether the VF will be appended or prepended to the entropy. Because you said "prepending" but the quote below looks like the input to the hash function will be ENT + VF, not VF + ENT.
The VF is indeed prepended to the entropy, I agree that ENT + VF might be confusing. Read it as (ENT + 32)
I was referring to the number of bits of the checksum, basically it's the same way to compute the checksum as per BIP39.
The VF is split in 2 parts where:
part A = arbitrary bits (24 bits long)
part B = the version 00001101 (8 bits long).
So in part A, we can include any data we want? Because it looks like this adds 24 bits of "protection" against malicious activities. Isn't it? Supposing the 8 bits have a standard set of values, the total "protection" of the seed phrase will be:
128 bits of entropy + 24 arbitrary bits + 8 version bits (the latter will be somewhat standard)
Yes the 24-bit general purpose field can include any data which will be interpreted by the software depending on the version number.
The combined entropy of the seed phrase will look like:
24 general purpose bits + 8 version bits + entropy bits + checksum
Using a passphrase on top of that, will it work symmetrically to the existing BIP39 pattern?
Yes, it'll work exactly the same as long as the KDF is the same.