How does the wallet recovery phrase work? What is the private key generation algorithm?


#1

When you backup your Brave Payments wallet, it gives you a recovery phrase (16 or so English words).

I am guessing that these words are used as a seed in some algorithm that generates a private key (the private key associated with the address that’s managed by the Brave wallet).

Is this algorithm standardized or known to the public?

Thanks.


#2

I would have to cc @mrose on that


#3

It derives an ed25519 keypair from that seed and a salt, please see https://github.com/brave/crypto/blob/master/index.js for details.


#4

Thanks. If we have the mnemonic for private key recovery, then wouldn’t that mean the Brave payments wallet (In early Mercury) isn’t really unidirectional? That is, although there may not be a way to withdraw your funds with a GUI, you could in principle just use the mnemonic to recover the private key (since we know the algorithm), and then use that private key with another non-Brave wallet software (like MyEtherWallet) to transfer BAT out.

Let me know if anything prevents me from doing that. (Perhaps the salt value is unknown to the user?)