Return-Path: <zachgrw@gmail.com> Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id E2A08C002D for <bitcoin-dev@lists.linuxfoundation.org>; Sat, 9 Jul 2022 20:31:35 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id AEC7F41B79 for <bitcoin-dev@lists.linuxfoundation.org>; Sat, 9 Jul 2022 20:31:35 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org AEC7F41B79 Authentication-Results: smtp4.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=ZSel6gYe X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.098 X-Spam-Level: X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WRS_oIxeYCxJ for <bitcoin-dev@lists.linuxfoundation.org>; Sat, 9 Jul 2022 20:31:34 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 5F96C41B5C Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) by smtp4.osuosl.org (Postfix) with ESMTPS id 5F96C41B5C for <bitcoin-dev@lists.linuxfoundation.org>; Sat, 9 Jul 2022 20:31:34 +0000 (UTC) Received: by mail-io1-xd2c.google.com with SMTP id h200so1819836iof.9 for <bitcoin-dev@lists.linuxfoundation.org>; Sat, 09 Jul 2022 13:31:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=gAFMxqfOl/wSvUZM1jaJbwREpkveD2lGfV2e8627BW4=; b=ZSel6gYenBQOtKxtQckUdM6jF7FB66w+2l6gTM/wW58Xn3HdjIDDGyyaRz9Dh/4SUf A8oDZmAqR1rVY3AkpTlF6bNSmGDt0LSrek0k72HihWqbQXqoNo7noy648mSgs51cGi9l oshXGBemloSZVZY7DDKqRghbz7LpYflPzuFZx10J4U+f4QzUyWa/YIIgcz6w8Rfg6YOT G8gAB0lYKe9kJLePL6dSJQcUIyII7G9swivBQE66Rkk3w8P3cLJ1yiuycQ48GPEivj44 sMzTrgjsMVR2ajunZpfKSGm+0xHTBfloaeRLng55bkagca549AnHiUPwlXTQpt9Ys93c ohJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=gAFMxqfOl/wSvUZM1jaJbwREpkveD2lGfV2e8627BW4=; b=dJq5V4eyGgiLbcatncr6HDbd2v/toR1wSf544fOoPXm4u8u6Nb5cszC3n+e+CD6jkl G0HtdwPYRxeUHjb9LcdKDuZCV1BQZ5LbkxLfLagOS4NKifxEtSWg1hbVpYYqI+PVo1Kj QjQBdjfS/m60sjU5myWUZ+48r0eBRvddt6iEZs2IABPSMpjL8mUIU6UQTqEz45tfHP2p vGkO++Dkt2THqoSpxK4Ekz5AIpbJ6L+wq9oyMIJ0vl3Tb92mSkkgNygXyvRyQdMa7GuZ 2uYv/4dzMt9gx8FuLjkCoEvhr/OOaeYl1tA8OFHk/t0iCZ5+EWVV6W5YfJSZ5h0JD2Wd 3xkw== X-Gm-Message-State: AJIora98grmp8BgGl1Fny9AYSOMhSX9jQyf7txk1dx7R/tXH1Q8GCFRM ZvbUbuuLla2JMsaOSaHIqn4K9yyGRPIbwIdvRNR1n2Gk X-Google-Smtp-Source: AGRyM1vcrmT25iyj8D3LUfxS0z8I5qpXeApqS4C4pGhDL75gsTQiR2v3wSIn7iKl5ylES4jjGVzMyP46nMvVUWWP2pY= X-Received: by 2002:a02:a890:0:b0:33f:22b8:cb0b with SMTP id l16-20020a02a890000000b0033f22b8cb0bmr6285275jam.136.1657398693424; Sat, 09 Jul 2022 13:31:33 -0700 (PDT) MIME-Version: 1.0 References: <3D3BFE9C-CFF3-49FF-840F-063B52C69A42@voskuil.org> <164256450-0ee6752f92c0be297952fc72b59076df@pmq5v.m5r2.onet> <CA+XQW1iKVRmEnyP-CGM2Fo4qHi3SQHUfjEmKftDdju-uxHViJg@mail.gmail.com> <CAH+Axy4X+uQG5Vw0Efiz6AtNyK=++h-jDeZL1ZxpVJus8BVKeA@mail.gmail.com> In-Reply-To: <CAH+Axy4X+uQG5Vw0Efiz6AtNyK=++h-jDeZL1ZxpVJus8BVKeA@mail.gmail.com> From: Zac Greenwood <zachgrw@gmail.com> Date: Sat, 9 Jul 2022 22:31:22 +0200 Message-ID: <CAJ4-pEA7WJpbExcsgdPWVNuZLrbDDhVYr37g6_6NSf7t41eB4w@mail.gmail.com> To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>, James MacWhyte <macwhyte@gmail.com> Content-Type: multipart/alternative; boundary="0000000000005f76c105e3653451" X-Mailman-Approved-At: Sat, 09 Jul 2022 21:26:46 +0000 Subject: Re: [bitcoin-dev] No Order Mnemonic X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> X-List-Received-Date: Sat, 09 Jul 2022 20:31:36 -0000 --0000000000005f76c105e3653451 Content-Type: text/plain; charset="UTF-8" Sorting a seed alphabetically reduces entropy by ~29 bits. A 12-word seed has (12, 12) permutations or 479 million, which is ln(469m) / ln(2) ~= 29 bits of entropy. Sorting removes this entropy entirely, reducing the seed entropy from 128 to 99 bits. Zac On Fri, 8 Jul 2022 at 16:09, James MacWhyte via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > > What do you do if the "first" word (of 12), happens to be the last word in >> the list alphabetically? >> > > That couldn't happen. If one word is the very last from the wordlist, it > would end up at the end of your mnemonic once you rearrange your 12 words > alphabetically. > > However! > > (@vjudeu) Choosing 11 random words and then sorting them alphabetically > before assigning a checksum would reduce entropy considerably. If you think > about it, to bruteforce the entire keyspace one would only need to come up > with every possible combination of 11 words + 1 checksum. I'm not the best > at napkin math, but I think that leaves you with around 10 trillion > combinations, which would only take a couple months to exhaust with > hardware that can do 1 million guesses per second. > > > James > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --0000000000005f76c105e3653451 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"auto">Sorting a seed alphabetically reduces entropy by ~29 bits= .</div><div dir=3D"auto"><br></div><div dir=3D"auto">A 12-word seed has (12= , 12) permutations or 479 million, which is ln(469m) / ln(2) ~=3D 29 bits o= f entropy. Sorting removes this entropy entirely, reducing the seed entropy= from 128 to 99 bits.</div><div dir=3D"auto"><br></div><div dir=3D"auto">Za= c</div><div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_= attr"><br></div><div dir=3D"ltr" class=3D"gmail_attr">On Fri, 8 Jul 2022 at= 16:09, James MacWhyte via bitcoin-dev <<a href=3D"mailto:bitcoin-dev@li= sts.linuxfoundation.org">bitcoin-dev@lists.linuxfoundation.org</a>> wrot= e:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0= .8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-= left-color:rgb(204,204,204)"><div dir=3D"ltr"><div dir=3D"ltr"><br></div><d= iv class=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"margin:= 0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-lef= t:1ex;border-left-color:rgb(204,204,204)"><div dir=3D"auto">What do you do = if the "first" word (of 12), happens to be the last word in the l= ist alphabetically?</div></blockquote><div><br></div><div>That couldn't= happen. If one word is the very last from the wordlist, it would end up at= the end of your mnemonic=C2=A0once you rearrange your 12 words alphabetica= lly.<br><br>However!=C2=A0</div><div><br>(@vjudeu) Choosing 11 random words= and then sorting them alphabetically before assigning=C2=A0a checksum woul= d reduce entropy considerably. If you think about it, to bruteforce the ent= ire keyspace one would only need to come up with every possible combination= of 11 words=C2=A0+ 1 checksum. I'm not the best at napkin math, but I = think that leaves you with around=C2=A010 trillion combinations, which woul= d only take a couple months to exhaust with hardware that can do 1 million = guesses per second.</div></div></div><div dir=3D"ltr"><div class=3D"gmail_q= uote"><div><br></div><div><br></div><div>James</div></div></div> _______________________________________________<br> bitcoin-dev mailing list<br> <a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">= bitcoin-dev@lists.linuxfoundation.org</a><br> <a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" = rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev</a><br> </blockquote></div></div> --0000000000005f76c105e3653451--