One of the problems with seed phrases typically used for blockchain wallets is that there is no secondary protection if the seed phrases are stolen.<p>Wanting to get feedback on following proposal, that will provide some mitigation, while retaining the human friendliness of seed phrases (as opposed to raw key pairs). Appreciate any help on this.<p>Step 1) Create a list of human readable words (256 in total, each corresponding to a specific byte value). This is a constant.<p>var MNEMONICS [255]string = [255]string{"ability", "able", "bundle", "cactus", "circle",........,"zero", "zone", "zoo"}<p>Step 2) Generate implementation:<p>Generate a random 16 byte array. Each byte in this array correspondns to one of the words from step 1.<p>var part1 byte[16] = RandomBytes(16) //assume random generator is strong<p>Step 3) Ask the user to provide a 16 char password.<p>var part2 byte[16] = ReadUserProvidedPassphrase()<p>Step 4) Concatenate both<p>var seed byte[32] = contact(part1,part2)<p>Step 5) Use above seed as input to ChaCha20, with a constant nonce<p>var nonce byte[12] = {0,1,2,3,4,5,6,7,8,9,10,11}<p>randomGenerator = ChaCha20.initialize(seed, nonce)<p>Step 6) Generate KeyPair using above random<p>kp = KeyGen(randomGenerator)<p>When imports the seed phrase, they also need to provide the passphrase, to get the same KeyPair they used originally, just the seed phrases alone won't be enough.<p>Questions
==========<p>1) Any problems in general with this approach?<p>2) In step 4,5, is it necessary to pass the user provided input to a KDF?<p>3) In step 5, is it ok to have a constant nonce for the application?