docs: explain MnemonicSwift pitfall AFE-172 #16
Conversation
HashMapsData2Value
changed the title
| NOTE: In the example below we are using the library MnemonicSwift for BIP-39 support. Essentially it can be used to turn a mnemonic of 24 words (corresponding to an _entropy_) into a seed, by running it through a PBKDF2 in accordance with [BIP-39](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#from-mnemonic-to-seed). You are free to pick another library or use another method to produce the seed, but BIP-39 is an industry standard. | ||
| In the example below we are using the library MnemonicSwift for BIP-39 support. Essentially it can be used to turn a mnemonic of 24 words (corresponding to an _entropy_) into a derived seed, by running it through a PBKDF2 in accordance with [BIP-39](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#from-mnemonic-to-seed). You are free to pick another library or use another method to produce the seed, but BIP-39 is an industry standard. | ||
|
|
||
| Note: MnemonicSwift can be used to randomly generate words and transform them into the derived seed. A derived seed can not be reversed into the mnemonic. Unfortunately, MnemonicSwift can currently not be used to to transform the 24 words into the entropy bytes (from which the bytes could then). |
There was a problem hiding this comment.
Unfortunately, MnemonicSwift can currently not be used to to transform the 24 words into the entropy bytes
We may want to clarify here, since the seedBytes are deterministic. I may be misunderstanding but it seems to be a 1-1 for the Seed/Entropy to Mnemonic conversions.
It looks like the interface only supports hex encoding though, luckily it's attached to the response of deterministicSeedBytes. You can see the hex property being used in deterministicSeedString, that could be the input to mnemonicString
(from which the bytes could then).
Looks like this is missing some statements?
There was a problem hiding this comment.
It's a one way function:
Mnemonic --> "seedBytes"
seedBytes --//--> Mnemonics
Because of this line right here: https://github.com/Electric-Coin-Company/MnemonicSwift/blob/716a2c32ac2bbd8a1499ac834077df42b75edc85/MnemonicSwift/Mnemonic.swift#L135
The PBKDF2 involves hashing.
To contextualize what I wrote (which could probably be reworded and made clearer), look at this BIP39 NPM package: https://github.com/bitcoinjs/bip39/blob/a7ecbfe2e60d0214ce17163d610cad9f7b23140c/src/index.js#L38
They have:
- Mnemonic to Seed
- Mnemonic to Entropy
- Entropy to Mnemonic
But there is no Seed to Mnemonic or Seed to Entropy.
Meanwhile the MnemonicSwift library doesn't even have Entropy <-> Mnemonic. It's all Mnemonic --> Determinstic SeedBytes.
There was a problem hiding this comment.
MnemonicSwift does have Entropy <-> Mnemonic via the string utilities. Looks like they return Data that has a toBitArray method
The initial guide on the project may be the culprit for this particular issue, maybe we go with something like the following:
- Create Mnemonic and explain how to store it and use it in HDWallets
- Convert deriving a seed from the Mnemonic using the library as optional step (may not be necessary?)
That way they can still handle the entropy bytes in a sane way then decide if they want to derive keys using MnemonicSwift. Deriving a seed as the first step leads to this footgun where they expect to recover the inputs of the seed.
Also fixes broken CI; setup -> setup-swift.