slip-0039: small changes

parent 381f3ba4
......@@ -65,20 +65,21 @@ This structure is then converted into a mnemonic passphrase by splitting it up b
|---------------|-----------|------------------------|
| 128 bits | 144 bits | 170 bits = 17 words |
| 256 bits | 272 bits | 298 bits = 30 words |
| 512 bits | 528 bits | 544 bits = 55 words |
## Checksum
For checksum we use lower 16-bits of CRC32 algorithm. We don't use CRC16, because there are lots of different standards and CRC32 has much higher chance to be implemented in the standard library of your choice. Also we won't need 32-bit resolution and this would lead to more words in the shares.
For checksum we use 16-bits of SHA-256 hash function.
## Passphrase
When enough M secrets are provided the master secret is reconstructed. To allow an additional protection of the final seed using a passphrase we suggest a following scenario. The passphrase is hashed using PBKDF2, which servers as a key to an AES encryption. The result of this encryption is the final seed to be used. If no passphrase is provided the passphrase is set to an empty string.
When enough M secrets are provided the master secret is reconstructed. To allow an additional protection of the final seed using a passphrase we suggest a following scenario. The passphrase is stretched using PBKDF2, which servers as a key to an AES encryption. The result of this encryption is the final seed to be used. If no passphrase is provided the passphrase is set to an empty string.
![passphrase](slip-0039/passphrase.png)
This mechanism is intentionally symmetric to allow reconstructing the master secret from the seed in case the passphrase is known.
TODO: We propose to use (X) rounds of PBKDF2 and (Y) rounds of AES (which mode?).
We propose to use 2048 rounds of PBKDF2 and 1 round of AES (TODO: which mode?).
## Versioning
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment