Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Merits 4 from 3 users
Re: How to backup multiple seeds derived from one: BIP-85
by
Meuserna
on 19/02/2025, 03:09:04 UTC
⭐ Merited by Halab (2) ,vapourminer (1) ,Husna QA (1)
Quote from: Forsyth Jones on Today at 02:43:15 AM
Quote from: Meuserna on Today at 12:36:56 AM
And let's say you want to create an encrypted disk image, to secure some personal stuff, or some work documents.  Use a child seed from your parent seed as a decryption key:
Using a child seed as a passphrase can be a good strategy, but BIP-85 allows deriving passwords with Base64 encoding... e.g: AwMJYOqM+ibwWt/s4BCcH.

Yeah, I don't go anywhere near that.  No way.

I know it's deterministic, and that's great, but I prefer using the text from 12 word child seeds as passphrases instead.

Imagine trying to write this down, by hand:
AwMJYOqM+ibwWt/s4BCcH

Now, imagine writing this:
core private bacon derive phone soon baby gun main local bench you

I love the simplicity of 12 words as easily readable text.


Quote from: Forsyth Jones on Today at 02:43:15 AM
However, most wallets that have implemented BIP-85 support only allow deriving child seeds, but BIP-85 also allows deriving WIFs, HEX, xpriv, and BIP-85 Passwords...

Good to know!  I wasn't aware of that.  Still, I'm going to stick with words, with a space between each word. as text.  It's so easy and foolproof.  But it's great to know what other options exist.  Maybe I'll find a use for them someday.  Even if I don't, I love learning about all of this stuff.


Quote from: Forsyth Jones on Today at 02:43:15 AM
The only tool other than this that supports BIP-85 Passwords is Coldcard (MK4 or Q).

Krux supports BIP85 Base64 passwords too, but I don't use that feature.  I only use BIP85 Mnemonics.

To be honest, I'm not convinced BIP85 Base64 passwords are a good idea.  The point of BIP39 (the use of words to represent the numbers that generate xpub/xprv master keys) is to eliminate the errors that come with trying to write down meaningless strings of text.  I say "meaningless" in the sense that this "305564451dba399e84433f865068547f" isn't meaningful to the eye, compared to "core private bacon" etc.  One has characters that are easy to screw up.  The other is made up of text where each word is meaningful, thus greatly reducing user error, and also making me wish I had some bacon.  MMMmmm...

The use of words, instead of numbers or strings, reduces user error in many ways.  I feel like BIP85 Base64 passwords re-creates the problem BIP39 was created to solve.  That's my take, anyway.