BIP-85 Passwords

Application number 707764' was chosen as follows: b"pwd" --> [112, 119, 100] ---to hex--> 707764 + make it hardened --> 707764'

Rationale

Having ability to generate countless number of strong passwords from one seed (one seed to rule them all). Main intention is to generate very strong passwords for sensitive applications like encrypting of ssh keys, master password for password managers etc. Passwords are constrained by length. Min. 20 character and max. 86 character. Generated passwords have at least 120 and maximum of 516 bits of entropy. This is provably overkill for applications like Gmail or twitter but is not the intended use case anyway.

Passwords are generated by encoding whole 64 bytes of generated entropy and removing any spaces or new lines inserted by Base64 encoding process. Slice base64 result string on index 0 to pwd_len. This slice is the resulting password. As pwd_len is limited to 86, passwords will not contain padding.

Base64 is a great and well known candidate for password use case as it contains both lower/upper case characters, numbers and special characters + and /.

Constraints

• pwd_length min. 20 max. 86

Changes:

• fix typo in XPRV
• fix formatting in other implementations
• new application = passwords

Implementations:

• already implemented in btc-hd-wallet
• opened PR in reference implementation
• opened PR to Coldcard firmware (merged in https://github.com/Coldcard/firmware/commit/26986cfc852116922d36708cbc3ea63d6f883aa4)