Allow to set custom derivation path in "Sign in"

[dakk]

Description

A quick fix for allowing hardware wallets users to access their funds is to give the ability to choose a custom derivation path during "Sign in with passphrase"; in this way, even if hardware wallets are not supported yet, users can access their funds using recovery passphrase.

Motivation

To give a quick and immediate solution for hardware wallet users.

[welcome]

Thanks for opening your first issue here! Be sure to follow the issue template for bug report or feature request!

[ManuGowda]

Note: We need to make sure we add a warning sign to let users know about the risk involved.

[hirishh]

In case, this is what you need to implement this: https://github.com/alepop/lisk-hd-key

[hirishh]

I just want to add some thoughts about this.

This could be the default way to access lisk desktop (and still keep the passphrase as it is for backward-compatibility, but as second option) and not only a tool to access ledger and trezor accounts.
Why I say this? Because, honestly, I feel very uncomfortable every time I need to manage my lisk passphrase in order to access the wallet. The passphrase is precious and should be managed as less as possible.

For me like electrum is ideal:

• you generate a seed
• you make the user to backup it
• you ask user for a password in order to encrypt/decrypt the seed
• with the password you save an encrypted version of the seed on the local pc
• when you open lisk-desktop again, you just load the encrypted seed and ask for the password in order to decrypt it
• use derivation path for generating new addresses (without the need to manage a new passphrase every time)

If user forget the password, they can always re-import the seed from the backup and set a new password.

In this way you avoid lisk users to manage constantly the passphrase (aka the private key) every time they need to access the wallet.

This could be a very nice improvement.

[ManuGowda]

@hirishh thank you for the suggestion, we discussed the exact same idea internally with our research yesterday. We have a roadmap objective for secure signing as part of that research we are doing this improvement.

In coming months you will hear about the approach once research team publishes on the forum, thank you once again for all the input, it will be valuable during our research 🙏🏼

[hirishh]

I have another hint for you on how it could be implemented and create less/no confusion for lisk users.

First of all I have a question: is the current lisk passphrase compatible with bip32 alghoritm/checksum?

If yes:

• you use bip32 as default "login" method with derivation path.
• in background you check if there is a legacy and initialized lisk account associated with this passphrase. If yes: you add this account within other addresses.

In this way everything is completely transparent to the user and they do not need to choose between hd-wallet (= Hierarchical Deterministic Wallets) or legacy lisk passphrase method.

[ManuGowda]

Hi @hirish with regards to Lisk Desktop supporting recovery phrase for 2.1.0 release (#3759) I wanted to give you an update. We have decided the following approach of implementation for 2.1.0.

• The users will be allowed to login with recovery phrase of their HW + custom derivation path (default will be m/44'/134'/0')
• Users can use their choice of derivation path from the provided input field

We will provide a warning message to ensure the users are aware of security threats and mention the purpose of this feature(to recover funds from a hardware wallet in case of emergency, not for everyday usage).

The recovery phrase approach will be removed with Lisk Desktop 2.2.0 release.

[ManuGowda]

The blocker should be resolved with LiskArchive/lisk-sdk#6816