Clarify password role, random die, updated wording
All checks were successful
check / check (push) Successful in 14s
All checks were successful
check / check (push) Successful in 14s
- Password help text now explains it encrypts the recovery phrase on disk and is not used for address derivation - Die button generates cryptographically random phrases using crypto.getRandomValues(), different each click - "roll the die for a new one" wording - README documents full encryption scheme (PBKDF2 + AES-256-GCM) and explicitly notes password is not part of BIP-39 derivation
This commit is contained in:
20
README.md
20
README.md
@@ -201,12 +201,22 @@ want maximum privacy can point it at their own Ethereum node.
|
||||
|
||||
- **No framework**: The popup UI is vanilla JS and HTML. The extension is small
|
||||
enough that a framework adds unnecessary complexity and attack surface.
|
||||
- **Encrypted storage**: Seed phrases are encrypted with a user-provided
|
||||
password using AES-256-GCM before being stored in the extension's local
|
||||
storage. The encryption key is derived from the password using PBKDF2 with a
|
||||
high iteration count.
|
||||
- **Encrypted storage**: Recovery phrases and private keys are encrypted at rest
|
||||
in the extension's local storage. The encryption scheme:
|
||||
- The user's password is run through PBKDF2-SHA256 (600,000 iterations) with
|
||||
a random salt to derive a 256-bit encryption key.
|
||||
- The encryption key + a random IV encrypt the secret material using
|
||||
AES-256-GCM.
|
||||
- Stored blob: `{ salt, iv, ciphertext, authTag }`.
|
||||
- **The password is NOT used in address derivation.** It exists solely to
|
||||
protect the recovery phrase / private key on disk. Anyone with the
|
||||
recovery phrase can restore the wallet on any device without this
|
||||
password. This matches MetaMask's behavior.
|
||||
- **BIP-39 / BIP-44**: Standard mnemonic generation and HD key derivation
|
||||
(`m/44'/60'/0'/0/n`) for Ethereum address compatibility.
|
||||
(`m/44'/60'/0'/0/n`) for Ethereum address compatibility. The BIP-39 passphrase
|
||||
is always empty (matching MetaMask and most wallet software). The user's
|
||||
password is completely separate and has no effect on which addresses are
|
||||
generated.
|
||||
- **EIP-1193 provider**: The content script injects a `window.ethereum` object
|
||||
that implements the EIP-1193 provider interface, enabling web3 site
|
||||
connectivity.
|
||||
|
||||
Reference in New Issue
Block a user