BIP39 (seed phrases) #814
Replies: 2 comments 1 reply
-
Thanks for explaining, finally a proper critique, so far I only heard weak arguments. I don't want to argue about adding it, I prefer smaller crates anyway but want to express my general concern about not adding things just because we disagree with them. The problem is BIP39 is super-widely used and the vast majority of non-BIP39 schemes are much worse. By not helping people to use it we create incentive for people to either roll their own (possibly buggy), choose some other terrible scheme, or less safety-oriented language (to get a BIP39 library). A little analogy: I think that non-Taproot addresses are crap but still not supporting them would be a terrible idea. Anyway, I understand our time is scarce and we can't implement/review everything and I'm OK if people choose not to. If anyone reads this and needs BIP39 Rust library I will try to find a bit of time to review the code if it's published under permissive Open Source license. Few notes on points above:
I still believe that encoding derivation scheme in seed is not great but probably you meant no versioning of encoding itself which is a good point.
This seems like a minor issue, right? Finally, one issue with conversions is support of extra passphrase with plausible deniability. I do think that something like `HMAC(binary_encoded_seed, passphrase) would be better, just pointing out the limitation. |
Beta Was this translation helpful? Give feedback.
-
I think one of the major drawback that is not listed in @apoelstra's list is that they give the **false**impression that the users can use the funds if they have the words. You also need the derivation information and derivation paths that are provided by descriptors. As we anyways need to backup the descriptor, backup the secret key along with it is not a big ask. |
Beta Was this translation helpful? Give feedback.
-
To be clear: we are not going to support BIP 39 in this library. But I realize that there isn't anywhere on Github that we've listed reasons. (In a quick search was able to find "see IRC discussion".)
Off the top of my head, reasons to avoid BIP39 are:
Alternatives: SLIP39; others(?)
Beta Was this translation helpful? Give feedback.
All reactions