Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1W5O3p-0003Mg-1v for bitcoin-development@lists.sourceforge.net; Mon, 20 Jan 2014 23:15:17 +0000 X-ACL-Warn: Received: from mout.perfora.net ([74.208.4.194]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1W5O3n-0005Ql-0C for bitcoin-development@lists.sourceforge.net; Mon, 20 Jan 2014 23:15:17 +0000 Received: from netbook (c107-70.i07-27.onvol.net [92.251.107.70]) by mrelay.perfora.net (node=mrus1) with ESMTP (Nemesis) id 0LcRmI-1VeGQc2Sog-00js8d; Mon, 20 Jan 2014 18:14:48 -0500 Received: by netbook (Postfix, from userid 1000) id 783D72E283E; Tue, 21 Jan 2014 00:14:44 +0100 (CET) Received: by flare (hashcash-sendmail, from uid 1000); Tue, 21 Jan 2014 00:14:41 +0100 Date: Tue, 21 Jan 2014 00:14:41 +0100 From: Adam Back To: Peter Todd Message-ID: <20140120231441.GA9332@netbook.cypherspace.org> References: <20140120223502.GA1055@petertodd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20140120223502.GA1055@petertodd.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-Hashcash: 1:20:140120:pete@petertodd.org::hzEXguAegFJPr5V/:0000000000000000000 000000000000000000000000LKI7 X-Hashcash: 1:20:140120:boydb@midnightdesign.ws::amo9PGaiUq3BwfWn:00000000000000 0000000000000000000000000N1u X-Hashcash: 1:20:140120:bitcoin-development@lists.sourceforge.net::P6mkFBglkEj9R h5F:000000000000000000001hhh X-Provags-ID: V02:K0:oWKv46fkUiYn/kCN9/MXS4trnXTmq5cP4l0zKEi8TY0 C6OiuPKSueKqnsDJfSe+U3RbRQSpNdEmH4L8adynraFJvPdnIo nh1oMUmEojZ0v+od685SAG9iC0vxmyVwZwVRUNHgg5u/kkBeqp RrruiyY6c51IJ2KiFhLIT4OvmKlkjHYomqjyhs6L6g6rVgucrY 9nzxYKeEHCbcxn3EX4iUl8edq80pi6rdKfd1tZqfvZ5HsO9G0u x6ROvCyhTlgg8OSqee9p9nAV18olKiBwwNWIBGv1E2s+PQmsO4 vaqf96MUrICFcX35NXz0wXBkCJE6C+0OrIMl2KQGKrpOmDHHgI ThvJ+Ah2NI9KukFkgvANGmTkD2Tc/GCKfmypEXwZf X-Spam-Score: -0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [74.208.4.194 listed in list.dnswl.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record X-Headers-End: 1W5O3n-0005Ql-0C Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] BIP0039: Final call X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jan 2014 23:15:17 -0000 Because the mnemonic is an encoding of a 128-bit random number using its hash as a private key (or derived part of one) is not a problem, its just an alternate alphabet encoding of the random private key. Not being able to generically understand the checksum. Seems tricky to solve other than say brute force eg H(mnemonic||1) mod 2^k == 0 where k is the amount of check digit redundancy. But that might be expensive for a trezor if k is very big at all. And then key = H(mnemonic). Adam On Mon, Jan 20, 2014 at 05:35:02PM -0500, Peter Todd wrote: >On Mon, Jan 20, 2014 at 04:05:14PM -0600, Brooks Boyd wrote: >> On Mon, Jan 20, 2014 at 11:42 AM, slush wrote: >> >> > Hi all, >> > >> > during recent months we've reconsidered all comments which we received >> > from the community about our BIP39 proposal and we tried to meet all >> > requirements for such standard. Specifically the proposal now doesn't >> > require any specific wordlist, so every client can use its very own list of >> > preferred words. Generated mnemonic can be then applied to any other >> > BIP39-compatible client. Please follow current draft at >> > https://github.com/trezor/bips/blob/master/bip-0039.mediawiki. >> >> So, because the [mnemonic]->[bip32 root] is just hashing, you've >> effectively made your "mnemonic sentence" into a brainwallet? Since every >> mnemonic sentence can now lead to a bip32 root, and only the client that >> created the mnemonic can verify the mnemonic passes its checksum (assuming >> all clients use different wordlists, the only client that can help you if >> you fat-finger the sentence is the client that created it)? > >That issue is more than enough to get a NACK from me on making the >current BIP39 draft a standard - I can easily see that leading to users >losing a lot of money. > >Have any wallets implemented BIP39 this way already in released code? > >-- >'peter'[:-1]@petertodd.org >00000000000000009c3092c0b245722363df8b29cfbb86368f4f7303e655983a >------------------------------------------------------------------------------ >CenturyLink Cloud: The Leader in Enterprise Cloud Services. >Learn Why More Businesses Are Choosing CenturyLink Cloud For >Critical Workloads, Development Environments & Everything In Between. >Get a Quote or Start a Free Trial Today. >http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk >_______________________________________________ >Bitcoin-development mailing list >Bitcoin-development@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/bitcoin-development