Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BIP-39 12 word seed phrase causes problems #1642

Closed
danielschonfeld opened this issue Sep 21, 2020 · 5 comments
Closed

BIP-39 12 word seed phrase causes problems #1642

danielschonfeld opened this issue Sep 21, 2020 · 5 comments
Labels
UX-and-logs

Comments

@danielschonfeld
Copy link
Contributor

danielschonfeld commented Sep 21, 2020
edited
Loading

Description

This issue is two fold

  1. Not sure why 12 word seed was chosen when most crypto related HD wallets use 24 words these days?
  2. When trying to recover Prysm's 24 word seed, no errors are given and the wallet is created. However the accounts created are of different addresses.... I imagine that only the first 12 words are used and the rest is truncated unbeknown to the user. This can have catastrophic results. EDIT: See comment below

Version

Lighthouse v0.2.10-5d17eb89

Present Behaviour

See above

Expected Behaviour

I believe better security is achieved with 24 words, and at any rate, the user should somehow be alerted to what's happening.

Steps to resolve

Use 24 word (I think?)
@danielschonfeld
Copy link
Contributor Author

I've done some debugging and have found that Prysm and Lighthouse generate different derived Master Keys for a given seed phrase.

Could there possibly be some missing elements in the procedure described in EIP-2333?

I've been looking at hkdf_mod_r and I don't see any references to either OS2IP or I2OSP. Granted I don't really know much about crypto to understand what the implications of that are, but from my meager debugging I've also found that the resulting Okm is different between the two clients, for a given 24 word seed phrase.

Still trying to figure out how to debug the Prk

@realbigsean
Copy link
Member

Hey @danielschonfeld, yes, it's related to the EIP-2333 version that's implemented. We have an issue tracking this: #1624

As far as Lighthouse generating a 12-word mnemonic, you're right that 24 words is better security and it is something we will be updating. 24 words equates to 256 bits of entropy, and the latest EIP-2333 requires at least 256 bits of entropy.

@danielschonfeld
Copy link
Contributor Author

@realbigsean it seems like our code doesn't append the byte arrays needed in any of the steps of hkdf_mod_r

5.     PRK = HKDF-Extract(salt, IKM || I2OSP(0, 1))
6.     OKM = HKDF-Expand(PRK, key_info || I2OSP(L, 2), L)
7.     SK = OS2IP(OKM) mod r

we simply use IKM, key_info and OKM respectively. This needs to be updated

@realbigsean
Copy link
Member

Yep that's under development here: #1633

It will probably be released with v0.3.0 of lighthouse because it is non-backwards compatible.

@danielschonfeld
Copy link
Contributor Author

@realbigsean we an close this issue :) thank you for pointing me to #1624

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
UX-and-logs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danielschonfeld @realbigsean