by dogeprotocol on 8/26/23, 7:56 PM with 0 comments
Wanting to get feedback on following proposal, that will provide some mitigation, while retaining the human friendliness of seed phrases (as opposed to raw key pairs). Appreciate any help on this.
Step 1) Create a list of human readable words (256 in total, each corresponding to a specific byte value). This is a constant.
var MNEMONICS [255]string = [255]string{"ability", "able", "bundle", "cactus", "circle",........,"zero", "zone", "zoo"}
Step 2) Generate implementation:
Generate a random 16 byte array. Each byte in this array correspondns to one of the words from step 1.
var part1 byte[16] = RandomBytes(16) //assume random generator is strong
Step 3) Ask the user to provide a 16 char password.
var part2 byte[16] = ReadUserProvidedPassphrase()
Step 4) Concatenate both
var seed byte[32] = contact(part1,part2)
Step 5) Use above seed as input to ChaCha20, with a constant nonce
var nonce byte[12] = {0,1,2,3,4,5,6,7,8,9,10,11}
randomGenerator = ChaCha20.initialize(seed, nonce)
Step 6) Generate KeyPair using above random
kp = KeyGen(randomGenerator)
When imports the seed phrase, they also need to provide the passphrase, to get the same KeyPair they used originally, just the seed phrases alone won't be enough.
Questions ==========
1) Any problems in general with this approach?
2) In step 4,5, is it necessary to pass the user provided input to a KDF?
3) In step 5, is it ok to have a constant nonce for the application?