@@ -68,11 +68,11 @@ If the checksum of each share is correct and enough `M` secrets are provided, we
To allow an additional protection of the final seed using a passphrase we will use a key derivation function to compute the seed. If no passphrase is provided an empty string should be used as a passphrase.
Passphrase should contain only ASCII characters to achieve the best interoperability among various operating systems and wallet implementations.
Passphrase should contain only printable ASCII characters (codepoints 32-126) to achieve the best interoperability among various operating systems and wallet implementations.
![passphrase](slip-0039/passphrase.png)
We will use `PBKDF2(PRF = HMAC-SHA256, Password = master_secret, Salt = ("SLIP0039" || passphrase || n), iterations = 20000, dkLen = 256 bits)` as the key derivation function. Nonce value `n` is encoded as two words from the wordlist separated by exactly one space.
We will use `PBKDF2(PRF = HMAC-SHA256, Password = master_secret, Salt = ("SLIP0039" || passphrase || n), iterations = 20000, dkLen = 256 bits)` as the key derivation function. Nonce value `n` is encoded as two words from the wordlist separated by exactly one space (codepoint 32).
We suggest to use the obtained seed as a master seed `S` for Hierarchical Deterministic Wallets described in BIP-0032.