Since the Whisper key is being decoupled from the account key and since we are introducing the hardware wallet, we need to define a new path for the Whisper key. We also should define a path for the Database key, so that the database can be encrypted using a key stored on the hardwallet without having to define an additional password.
Since our account key path is m/44’/60’/0’/0/0, I propose assigning to these keys keypaths which are siblings of this path. The reason is that this way we minimize the amount key derivation operations needed.
To allows multiple accounts, I propose using a very high index which will not conflict with possible account paths. Since every component in the path is a 32-bit number, where the most significant bit is a flag to indicate hardened/non-hardened, my idea was to reserve the second most significant bit for keys we might need internally. This way we would have
Whisper Key: m/44’/60’/0’/0/1073741824’
Database Key: m/44’/60’/0’/0/1073741825’
The last component, if expressed in hex, is 0xC0000000 and 0xC0000001 respectively which is admitedly easier to remember that the decimal representation.
What do you think? Do you see any problems with this?