Hi Tobias. The most recent release of Coldcard now offers "Seed XOR" to solve similar problems. It allows any numbers of standard BIP-39 compatible seed phrases to be bitwise XOR'ed together to make a new seed. Coldcard can split an existing seed into 2, 3 or 4 new phrases, or you can take your existing seed phrase, and XOR-in a new seed phrase to arrive at a new random seed phrase (and wallet). More details about this feature at: Best part is XOR is simple enough that the split or combine operation can be worked out by hand on paper. (We even made a worksheet for this.) The checksums on each of the XOR parts protects the final result, and each "part" is a fully functional decoy wallet. Hope that helps! On Wed, May 05, 2021 at 07:32:05PM +0200, Tobias Kaupat wrote: > Hi all, > I want to start a discussion about a use case I have and a possible > solution. I have not found any satisfying solution to this use case yet. > > *Use case:* > An existing mnemonic (e.g. for a hardware wallet) should be saved on a > paper backup in a password encrypted form. The encrypted form should be a > mnemonic itself to keep all backup properties like error correction. > > *Suggested solution:* > 1) Take the existing mnemonic and extract the related entropy > 2) Create a SHA526 hash (key) from a user defined password > 3) Use the key as input for an AES CTR (empty IV) to encrypt the entropy > 4) Derive a new mnemonic from the encrypted entropy to be stored on a paper > backup ... > *Existing solutions* > One solution I found is "Seedshift" which can be found here: > https://github.com/mifunetoshiro/Seedshift > > But I consider it less secure and I would like to suggest a solution based > on provably secure algorithms rather than a "rot23 derivation". Also using > a date as password seems not very clever to me. > > Kind regards > Tobias --- @DocHEX || Coinkite || PGP: A3A31BAD 5A2A5B10