Added warnings for BIP39/SLIP39 interopability problem.

ksedgwic · ksedgwic · commit 089cf89354d3 · 2020-06-08T09:40:42.000-07:00
diff --git a/README.md b/README.md
@@ -22,6 +22,9 @@ The following files contain everything you need to set up your *LetheKit* hardwa
 
 *LetheKit* is currently under active development and in the late alpha testing phase. It should not be used for production tasks until it has had further testing and auditing.
 
+**There is a known problem with BIP39/SLIP39 interoperability.  The problem
+is being tracked as [Issue #38](https://github.com/BlockchainCommons/bc-lethekit/issues/38).**
+
 ## Origin, Authors, Copyright & Licenses
 
 Unless otherwise noted (either in this [/README.md](./README.md) or in the file's header comments) the contents of this repository are Copyright © 2020 by Blockchain Commons, LLC, and are [licensed](./LICENSE) under the [spdx:BSD-2-Clause Plus Patent License](https://spdx.org/licenses/BSD-2-Clause-Patent.html).
diff --git a/seedtool/README.md b/seedtool/README.md
@@ -1,3 +1,50 @@
+# Warning!  There is a problem with LetheKit/seedtool BIP39/SLIP39 interoperability.
+
+### The following is being tracked as [Issue #38](https://github.com/BlockchainCommons/bc-lethekit/issues/38):
+
+#### What is the problem?
+
+The LetheKit seedtool application generates new wallets using dice
+entropy to create BIP39 and SLIP39 recovery mnemonics. The BIP39 and
+SLIP39 mnemonics represent valid wallets, but they are not the same
+wallet.
+
+This is a serious problem.  If both BIP39 and SLIP39 backups are
+created at the same time and funds are placed in the BIP39 wallet the
+SLIP39 backup will fail to recover the same wallet and the funds would
+be lost.
+
+#### Why is this the case?
+
+Andrew Kozlik explains it well in this [GitHub comment]
+(https://github.com/iancoleman/slip39/issues/1#issuecomment-563213494)
+
+#### How can matching BIP39 and SLIP39 backups be made?
+
+Andrew Kozlik explains (above) that in principle, SLIP39 shares which
+are 59 words long could match a BIP39 mnemonic.  In practice SLIP39
+shares of this length are non-standard and unlikely to be supported by
+any devices or applications.  The extreme length is also significantly
+painful to record and enter.
+
+#### Impact on LetheKit/seedtool:
+
+The desired feature of (standard) matching BIP39 and SLIP39 backups is
+not possible.
+
+The conversion of a BIP39 backup into a SLIP39 backup is not possible.
+
+The conversion of a SLIP39 backup into a BIP39 backup is not possible.
+
+LetheKit/seedtool can generate valid BIP39 and SLIP39 wallets but
+should not allow generation of both at the same time or suggest it
+can convert between the two.
+
+LetheKit can restore SLIP39 backups, but a mechanism to export the
+master secret (likely via QR code) would need to be added.
+
+## The original (invalid) directions follow:
+
 # Seedtool Application Instructions
 
 The *seedtool* utility allows you to generate and recover
