Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Merits 2 from 1 user
Re: Masking seed phrases for an extra layer of security (experimental)
by
mcdouglasx
on 04/06/2025, 16:41:37 UTC
⭐ Merited by Forsyth Jones (2)
Quote from: BTCW on Today at 03:49:18 PM
Quote from: mcdouglasx on Today at 02:54:04 PM
Quote from: pooya87 on Today at 01:46:47 PM
Quote from: mcdouglasx on Today at 01:37:15 PM
It’s not about encryption itself; it’s about using the encrypted seed phrase as a decoy.
If that's the only objective then the solution already exists and there is no reason to re-invent the wheel. It is called the extra word or the passphrase. It is any phrase that you can add to your existing seed phrase to derive an entirely different set of keys. The seed is still the same and is the decoy itself. The only way to access the funds is to know that passphrase.
That passphrase can be the same password you used to encrypt in your algorithm (birthday, passport number, etc...).

Although both involve data-encryption-secret, they're technically not the same, their structure isn't identical.

BIP39 passwords use 2048 iterations when adding passphrases, but this method increases that to 60 million, making brute-forcing practically impossible.

If I post a BIP39 seed here, no one can determine with certainty whether it's standard, password-protected, or encrypted with this script.

That's what security through obscurity is all about. Hackers follow the usual standard, so if they don't know which path leads to the target, I doubt they'll be able to make progress.

This is how second layers of security should work, in my opinion. It's not just about encryption, but about adding an additional, unpredictable move to confuse potential attackers.

I don't think you have understood BIP39. It is not about 2048 "iterations". BIP39 is a human-readable dictionary for a (hopefully) truly random number from 0 to 115792089237316195423570985008687907853269984665640564039457584007913129639936 - that is the private key.

I've made enough posts here to prove that I know how bip39 works, you're just taking everything out of context, because yeah, BIP39 itself is a system for converting random numbers into human-readable phrases, but the master key is not extracted directly from the seed phrase.

It goes through PBKDF2 with 2048 iterations to derive the key used in HD wallets(minimizing BF attack).

So yes, BIP39 defines the structure of the phrases, but the number of iterations is still relevant to the security of the derivation process, and when you include a passphrase, it's used as an additional layer of security, which is what's being discussed here, we're not discussing how entropy is represented in words in a basic approach, we're discussing how a second layer of security with a proportionally higher number of iterations and a non-standard structure that hinders the ability to brute force attack.

It's not just about how entropy is represented, but how actual protection is implemented.