Add option for "25th word"

[chrishobcroft]

The current implementation enables a user to create a 24 word backup of the entropy used to derive keypairs.

As a user, I want to be able to "flavour" the entropy with a 25th word, essentially requiring 24 words plus a password in order to regenerate the keys.

This would mean that an attacker who is able to obtain the 24 word backup would still be required to brute-force a password. Further, they would not know whether their brute-forcing would actually yield any benefit to them.

[wackerow]

@CarlBeek I feel like adding a passphrase used to be an option, was this changed?

[chrishobcroft]

@wackerow there is a passphrase to encrypt the keystore file that is generated, but I haven't ever seen an option to use a "25th word" to flavour the seed.

[wackerow]

Right, the keystores are encrypted with a password. The "25th" word would be known as a passphrase as part of the BIP-39 standard.

I may be wrong, but I seem to recall being prompted for this at one point in time way back possibly in the Medalla days, but don't get this prompt anymore. May have been removed to minimize confusion and decrease risk of users getting locked out of there mnemonic, @CarlBeek would know better.

[wackerow]

Yeah, just came across the remnants of the old strings that were used for this in Crowdin (the translation software/service):

This is almost certainly not the argument you are looking for: it is for mnemonic passwords, not keystore passwords. Providing a password here when you didn't use one initially, can result in lost keys (and therefore funds)! Also note that if you used this tool to generate your mnemonic initially, then you did not use a mnemonic password. However, if you are certain you used a password to "increase" the security of your mnemonic, this is where you enter it.

Are you absolutely certain that you used a mnemonic password? (This is different from a keystore password!) Using one when you are not supposed to can result in loss of funds!

These strings are no longer in the repo—not entirely sure when they were removed, but IIRC it was to prevent the average user who would not be using this from accidentally getting locked out of the HD branch that holds their keys.

@CarlBeek Do you know if there were any plans to reinstantiate this?

[PlanetaOTC]

Hello guys

One week ago, I used the current/official CLI tool to generate new keystores. I used a 24 words seed plus a mnemonic. CLI didn't give any error, all worked like a charm.

However, playing now with this CLI version:
#313

I've seen that if you introduce 25 words (seed + passphrase), it gives an error: "this is not a valid mnemonic, please check for typos"

Not sure why the current CLI lets create a seed with passphrase and this version doesn't let to create the bls using passphrase. Why this discrepancy? Please, we need support for it.

Thanks!

[pietjepuk2]

The option you're looking for is --mnemonic-password. So for example (on Windows) .\deposit.exe generate-bls-to-execution-change --mnemonic-password my_password_or_25th_word

[PlanetaOTC]

generate-bls-to-execution-change --mnemonic-password my_password_or_25th_word

You are 100% right. Thanks a lot!