<mikjosjon> Greetings, Monero devs. I'm attempting to write an article explaining seed offsets since there doesn't seem to be a lot of information out there on the topic (actually there seems to be essentially none). I understand the basic idea of what the offset does on a technical level (ie uses an algorithm to apply an input string to a pneumonic and generates a new pneumonic from the result).

<mikjosjon> However I want to make sure I understand the _purpose_ of the offest. My understanding is that it is meant to allow the creation of a wallet pair - a "decoy" wallet and a "real" or "secret" wallet. The decoy would be restored from a pneumonic phrase without a seed offset while the secret wallet would be restored from the same pneumonic _but with an offset_. The benefit of this is that you could not only "password protect" a

wallet (with the offset acting as the "password), but, again, have a "decoy" wallet with a much smaller balance to mislead would-be XMR thieves

<mikjosjon> so for instance if you have a paper wallet and somebody finds it, they will only have the pneumonic and therefore can only steal from the decoy wallet. Furthermore, they will have no way of even knowing that there is another "real" wallet with a much larger balance that can be accessed with the same pneumonic phrase. So they won't go snooping around trying to figure out the "password" for the decoy wallet, because they won't know

that it exists in the first place.

sounds right

<mikjosjon> My questions: 1. Is the intent that the seed offset would be memorized, thus only existing in the brain of the wallet's owner and being being physically impossible to steal or even discover? Obviously you could similarly create a decoy by just generating two separate wallets, writing down the pneumonic for one and memorizing the other - but a pneumonic phrase is long and difficult to memorize. Is this the reason the seed offset was

implemented?

pneumonic?

<mikjosjon> bahahaha

<mikjosjon> *mnemonic

<mikjosjon> I'm a fool

ok right

I guess you can simply store the seed offset in a different physical location.

<mikjosjon> Ah, that gets at the second part of my question

Only memorizing something is risky.

<mikjosjon> yes. You might think you'll remember something forever, but 30 years later when the value of your secret wallet has multiplied many times over and you can't remember the offset...

<mikjosjon> on the other hand, even if you store the seed in a separate location, it could still be discovered. Though I suppose that still adds a thick layer of extra security.

Seed offset is simply a tool you can use similar to Trezor / Ledger passphrase. There is no specific intention on how to use it.

If someone finds you seed, they don’t know that you have a seed offset. If they find the offset it simply looks like a password.

your*

<mikjosjon> A password that they don't know is connected to that monero seed, you mean? Or connected to anything at all I suppose, it will just be a password scribbled on a scrap of paper without an explanation of its purpose

The offset is meant to turn a wallet into another, so that the "encrypted" seed looks (and is) a real seed. So someone getting hold of the seed has no reason to believe this is not in fact the seed.

So yes, the offset is meant to conceal the fact that the wallet a thief got is in fact not the "real" wallet.

i haven't tried this yet.... but can you deposit monero into the offset account?

Yes. It's a normal, valid seed.

nice

That's the whole point. It is a valid seed.

You can have any number of wallets too. Use different offsets.

mindblown.gif

You can even have a duress offset, which is the offset you give a thief who knows about the offset system, presumably with a balance between the first wallet and the real one :)