bitcoinqna / seedtool Goto Github PK

SeedSigner (and hopefully other wallet hardware/software) trains users to refer to their various keys by the fingerprint, especially when backing up their mnemonic and/or SeedQR.

So a user may have a backup that lists the target fingerprint but can no longer locate the passphrase that yielded that fingerprint.

But rather than doing the computation-heavy calculations that the current Passphrase Tester tool does, we'd just need the tool to display the resulting fingerprint after applying the passphrase. They can then quickly iterate through possible passphrases until they (hopefully) yield the target fingerprint they were looking for.

The fingerprint display will be generally useful (with or without a passphrase) as an addition to the info that's presented.

Also serves as yet another external validator to compare different BIP-39 implementations/HWWs to see if you get the same results.

Running v2.0.1 with an offline version of Tails, the Network Connection Detected icon is present. Is this expected behavior?

Add the BIP855 password to the "BIP85 Application dropdown".
The coldcard mk4 is able to produce a 21 character password based on the BIP-85 spec. To my understanding it derived from PWD BASE64 as explained in the BIP.

Beside the offline password manager possibilities, this is a great way of deriving multiple passphrases based on one master seed.

As a user, I want a TapRoot type of address to be show (alongside "legacy", "wrapped segwit" and "native segwit') so that I can learn all the of them in one place. (I suggest showing the raw TapRoot address generated from an "internal" a.k.a. "untweaked" public key: bc1pgrulsvazt3e9gqhzg2t9gy94hwvjm3875yegdq0s5azhrscsfcmqgk5wqt in the case shown in the image below).

I was able to split a seed with the xor tool, but unable to recover it. There is only a field to enter one of the derived xor seeds and I am unable to retrieve the original seed.

Is this a bug or did I do something wrong?

bitcoin:bc1qcuwsav796wfxtrht4arnjvmzy6g5q7t26cy6lp?amount=10

SeedXOR and OTP are ways of turning a single seed into two new seeds in a way that provides perfect security if conditions are met. These methods have the advantage that they are easy to also compute by hand. SeedXOR enables the generation of valid seed words. A use can make a passphrase that fails to have enough entropy, whereas these methods do not allow entropy reduction. Additionally, on many devices, passphrase entry can be time consuming and less convenient.

SeedXOR overview here:
https://seedxor.com/

SeedXOR variant with 2 of 3 setup thread here:
https://twitter.com/nk1tz/status/1447328171334963201

Python implementation of OTP for bitcoin seeds here.
https://github.com/brndnmtthws/seed-otp

Despite its presence in Ian Coleman's "Mnemonic Code Converter" the Menu item "Use Raw Entropy (3 words per 32 bits)" is not part of the fantastic seedtool yet.
By choosing this option the user could determine the seed manually by generating binary entropy (11 bits per word) and calculate the words based on this as described in e.g. Do you trust your seed, don't generate it yourself.

The seedtool could be used then for checking the own work and support the last word calculation.
Maybe this menu item needs some additional caption to avoid noob confusion.

From Raw Avocado on Twitter.

https://roadtolarissa.com/oracle/

When you enter in Entropy Section and then find "Word Indexes" you will get an incorrect correspondence.

Abandon = Word index "0" - the correct is "1"
Ability = Word index "1" - the correct is "2"
Able = Word index "2" - the correct is "3"

https://wallet.1inch.io/send/0x4592DaA9DCec77a72D850971D16a87B5d845C0DD@1?value=1E19

Consider adding the Seed Tool version number to the top of the page (as below). This would be particularly helpful when working with the tool offline.

Expected result:
Accept WIF and calculate:
public key: 0255355ca83c973f1d97ce0e3843c85d78905af16b4dc531bc488e57212d230116
address: tb1p8wpt9v4frpf3tkn0srd97pksgsxc5hs52lafxwru9kgeephvs7rqlqt9zj

Actual result:

Steps to reproduce:
Input "cV628xvqToz45dwdPmTcJ9RgEVnWMwP8dpZBGzb9LfTk3sBHFNwc" into the field "Input a private key as WIF or Hex".

On the releases page, there is a PGP signature block and a signature.txt file included, but no instructions on how to verify this. It's best practice to include these instructions in the project's main README file, or in each release, or both.

bitcoin:3F6K3Fo91oh1W8yyFyG7d1wbAaEr88ktqG

https://github.com/pointbiz/bitaddress.org

One thing I like is having the mouse movement and keyboard change the entropy. I don't know how seedtool currently does when it's "Calculating" but I would trust it more if it included some user inputs.

Also some version of a Brain wallet that accept any string of character as entropy (at your own risk!) and generate an xpriv instead of a single address would be amazing.

This page offers a space for bitcoiners to experiment and learn how bitcoin wallets are generated using different sources of entrpopy (randomness).

Withness should be Witness

At Seed Tool v2.0.0 it is only possible to derive a Reusable Payment Code for a mainnet wallet.

Consider adding a toggle to the "BIP47: Reusable Payment Codes" section to switch between mainnet and testnet, as Reusable Payment Codes are derived differently for mainnet and testnet wallets.

Consider setting the toggle to mainnet by default.

The number of the words are not correct.

0xDcd053a7C8Cdd3A38aF86A3f6Ec86c418f02fFF9

As a user, I want to input ECDSA private key in hex format and get the resulting bitcoin addresses so that they are independent from the implemented software libraries and sources of entropy.

Why is it important?
To minimize users' dependence on tools, libraries etc. Users should be able to choose not to trust them and manually generate keys on their own (or import ones generated elsewhere). There is the risk that an auto-generated keys may follow a pattern that may be exploited (keys could be recreated easily and used to transfer bitcoins from an address). A pattern/vulnerability (bug in random key generation implementation) may be discovered in the future and affect keys/addresses generated in the past.

There is only "Enter your own entropy" input field in the tool in the 1.07 (current) version. Let's add a similar input field for ECDSA private key (in hex format), please.

Generate the 2nd seed which XOR'd with the 1st one results in the one which is complete (with correct checksum/last 4 bits) so that there isn't the need calculate SHA256 checksum: "If you intend to recover your original seed by hand in future using SeedXOR, you should make a note of the original seed's final word because the chances are that you will not be able to calculate the last word by hand using XOR & SHA256."

There is 1/4^2=6.25% chance to generate such a seed so brute-force could be implemented to achieve it.

On pasting a mnemonic phrase into SeedTool, only the first slot is being filled, and with all of the words.
A better behavior would be that each word will be placed into the right slot, based on space or known given word.

This feature request is to display a SeedQR where ever a mnemonic is presented in Seed Tool.

Once a user has generated or manually loaded a seed into Seed Tool, they should have the ability to view the SeedQR representation of the BIP39 mnemonic. This would also be extremely useful to display the SeedQR for mnemonics within the "Seed XOR" and "BIP85: Deterministic Entropy" sections.

This is very useful for workflows when an airgapped computer is used where a master seed is stored (or accessible) and a signing device (like a SeedSigner) needs to scan a SeedQR to sign a transaction created on an internet-connected computer. SeedQRs are much easier to work with on a signing device than manually typing in each mnemonic.