did I fucking tell you that you always leak some bits of information because the execution time will never be constant due to varying seedphrase lengths? fuck this shit
okay I have to say BIP39 is a horrible fucking standard
first of all implementing it in any way violates the principle of “don’t do secret based memory accesses”
second of all fuck you because you need to run PBKDF on the seedphrase itself and not the entropy bits
cc nostr:npub1fjqqy4a93z5zsjwsfxqhc2764kvykfdyttvldkkkdera8dr78vhsmmleku
Discussion
haha, yeah, pbkdf tho lol
it kinda kills the use case of a low power device
there is no reason why a 24 word key should need any hashing tho, and a 12 word key should only need one hash operation...
but adding a password on top then you start to talk about why pbkdf and argon 2 and whatnot
maybe we should devise a word key scheme for nostr because nobody is using nip-06 anyway, and maybe the different key type has some ways to benefit this
also, you gotta have secret in memory somewhere, it's just about isolating it from a leaky execution environment, i'm pretty sure there is very little risk of losing an nsec from a browser signer or amber or whatever
don't put the signer in the same app that can spend money or spam messages anyhow
was doing some research into having BIP-39 on environments like SEs and my conclusion is fuck this shit