-
Notifications
You must be signed in to change notification settings - Fork 303
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SEP-0005 Key Derivation Methods for Stellar Accounts #63
Conversation
Parity recommends users to not use a mnemonic as a password and I think the reasoning can be applied here too. Lets apply murphy's law. If mnemonic was used as a passphrase and a user may think they could just think of a new mnemonic password and use it. We need a way to prevent this from happening. Off the top of my head, a error detection word (checksum) would prevent users from creating new passwords, and a error correction word would help mitigate issues with mistyping. Of course, this issue has been thought of a lot and I'm sure many cryptography UX experts have thought about this. The key here is to use this only as a RECOVERY method. One other thing is that it's encouraged as a recovery method because of the possibility of keyloggers, and the secret key scheme is slightly worse where most just copy and paste (vulnerable to clipboard sniffing). One purported benefit of a mnemonic over a secret key string is that you can skip around when typing it. Naive attackers won't be able to figure it out. However, with a 12 word passphrase and given the attacker knows the words and not permutations, there are at most 12 factorial combinations leaving you with only 28 bits of security (log(12!)/log(2)) (assuming the user skips around 12 times; otherwise the bound is fac(skips)). In summary:
|
Yes, the mnemonic code is certainly not a password. The only context I used this word ("Test Cases" section) was a BIP-0039 passphrase. I will change it to BIP39 passphrase. As you noticed, mnemonic codes should be used mainly for recovery and to move keys between wallets (also kind of recovery 😉). When it comes to checksums, it's implemented in BIP-0039 Generating the mnemonic section and we use it without any modifications. |
Okay, yeah i only just commented on the mnemonic stuff. I'm sure the mnemonics themselves are secure, but I think we need to put more emphasis recommending wallet creators to use mnemonics in a responsible way. I don't really have much comment on the deterministic key derivation since I'm not a cryptography expert, but ed25519 deterministic keys are possible (but complicated). |
@bartekn |
bartek I changed the process for these SEPs a bit. The idea is that first they go into /drafts and are moved over to /ecosystem once they are approved. I think this will be less confusing |
@lenondupe that's a great news! Added additional test with 12 words. @jedmccaleb yes, I've seen a new process, but I decided to make it "Accepted" directly because 1) it doesn't invent anything new, it's more like defining which standard to use in Stellar, 2) we don't have much room for changes/improvement here (maybe except derivation path: |
This is great! Thanks a lot for the work on this and to both you and @lenondupe for getting this standard figured out so quickly. I'll use this same implementation in my PHP library and on the Trezor. |
12 word mnemonic works fine |
post-merge: Spec looks good to me, didn't look at the implementation. |
This is great! Is this already available on the js-stellar-sdk? |
@darocha not sure if it will be ever added to js-stellar-sdk. There's already Node JS package for this: https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0005.md#other-implementations |
Hi Bartek, thanks for answering my question and for the link to the Node JS
package.
2018-03-02 13:59 GMT-05:00 Bartek Nowotarski <[email protected]>:
… @darocha <https://github.com/darocha> not sure if it will be ever added
to js-stellar-sdk. There's already Node JS package for this:
https://github.com/stellar/stellar-protocol/blob/master/
ecosystem/sep-0005.md#other-implementations
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#63 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AGf-kSQIHnYk94j2THDWnyINqynUtlvzks5taZaKgaJpZM4QYCzy>
.
|
Links in "Implementation" section are currently in PRs:
@lenondupe would you mind checking if your Ledger app gives the same results as in "Test Cases" section? I'll try to get a test Ledger device by the end of next week.
@lenondupe @zulucrypto let me know if you want me to change your usernames to real names.