Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 717B21132 for ; Thu, 18 Jan 2018 06:55:30 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf0-f175.google.com (mail-pf0-f175.google.com [209.85.192.175]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D5251E7 for ; Thu, 18 Jan 2018 06:55:29 +0000 (UTC) Received: by mail-pf0-f175.google.com with SMTP id m26so13668619pfj.11 for ; Wed, 17 Jan 2018 22:55:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thancodes.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=hSfXhW8ufsKfG92O0L6wHvz5Jz/+T8XMHBilNzPPMkg=; b=X5hyjcZ4l3RQQ+0VlUp+G5x5INHWGSmoz7EBzTtrJoLojE8237tYkPU9rlj14jqp8X 51FUV/r76cGI+BkB6XN/zROwRrQPQmHpfGMWx2ZKKwhYuem4Ybtq01DQTbYZkVrrj9qo dkkA6D0VIfH+gZdSuMhAV4yJoHX1JeIkd8EZw8FbBg6vl0DRf2Vot2nDrSuiz6NOLItA Kb/vvKRZZ59/AYSkuZHfdBc7S6zSMODRxW2aOA0kpNfbDNERIVXszNh70shnDSu4Ags4 xEwVFqUkQSBobX4R7j3oJTOjnBTTGzXik1KQ66D26cR7yJ11Akjfcv7RUiKRYIHzlAWa 9P+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=hSfXhW8ufsKfG92O0L6wHvz5Jz/+T8XMHBilNzPPMkg=; b=pjzUUVP60g81fb/074pKtXYBDZumu7mQUvr3CeaaCWxdYDs1Dmoryu4/WRqy7RFhkG UJ75DSLMaSt2KPx5N+LKynexQgXDh3Wiupyv3OwTVDmySRMiADKzLFXwC4Bagxwr1ec9 5h455t57XHbL5Oxs/ki3XyXhQecmWNpben85gbvX2RNHOZQgXnBYKes++R2CcnTIKWCx +MVi9hhxCVEG8dxDGfrkC4G+NDZrLuDzJN/iABpvVWkTb9BAwvRFidR+eMhB9u/y+wWK /PDd61Adk+992y8aoyiuPjYCQfkvNeGKj65ZGLJ2g7GlO3hnmLHC1PuofoKdPkP/NqxP GBXQ== X-Gm-Message-State: AKGB3mI4jHpR1PMyhEQP7fgMlM4nuZLb6OaNN6rrRS5zCHyfs8Y+zKNY A9yGU+EQENcw/hivGqziP4BOwBm0QXQGyYEubivdMovkJJs= X-Google-Smtp-Source: ACJfBotfwvPXTNQ1hkADJpdQGpyd7hCPKT4jNH1QLKdtLs/FIlAIRl3PuNC8HMFFrjKUhSKVJljdD+Q5l3kqba/D5I0= X-Received: by 10.159.218.67 with SMTP id x3mr45579332plv.45.1516258529350; Wed, 17 Jan 2018 22:55:29 -0800 (PST) MIME-Version: 1.0 Received: by 10.100.226.199 with HTTP; Wed, 17 Jan 2018 22:55:28 -0800 (PST) In-Reply-To: References: <31430A55-57AD-4648-8D6D-DE2A45CC013C@vandermeer.frl> From: Jonathan Sterling Date: Thu, 18 Jan 2018 13:55:28 +0700 Message-ID: To: CryptAxe , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="089e08256c3407a9ae0563077305" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Thu, 18 Jan 2018 15:51:02 +0000 Subject: Re: [bitcoin-dev] Suggestion to remove word from BIP39 English wordlist X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jan 2018 06:55:30 -0000 --089e08256c3407a9ae0563077305 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable All the more reason to only use the most common words that meet the other criteria: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#Wordlist I agree - keeping "satoshi" in there is an unnecessary security risk. Kind Regards, Jonathan Sterling On Thu, Jan 18, 2018 at 8:14 AM, CryptAxe via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > Why wouldn't they just test the frequency of words from the wordlist in > entirety? > > On Jan 17, 2018 5:10 PM, "Weiwu Zhang via bitcoin-dev" linuxfoundation.org> wrote: > >> 2018-01-09 19:20 GMT+08:00 Ronald van der Meer via bitcoin-dev >> : >> > After reviewing some bitcoin improvement proposals, I noticed that one >> of the words that can be found on the BIP39 English wordlist is =E2=80= =9Csatoshi=E2=80=9D. >> > I suggest removing this word from the list so it=E2=80=99s less obviou= s that >> it=E2=80=99s a bitcoin seed when found by a malicious third party. >> >> If a malicious third party discovers a word list that look like a >> seed, they would try using it as Bitcoin seed first anyway, with or >> without finding the word 'satoshi' in it. The security threat is that >> a malicious third party may index what they found and test every >> occurrence of 'satoshi' for a lead to a seed. >> >> For example, a hard-disk recycling service would add this word to >> their salvage tools. Any successfully hacked gmail account will be >> 'satoshi' tested too. >> >> So I see this as a reasonable improvement:) >> _______________________________________________ >> bitcoin-dev mailing list >> bitcoin-dev@lists.linuxfoundation.org >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >> > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > --=20 Kind Regards, Jonathan Sterling +44 (0)7415 512691 --089e08256c3407a9ae0563077305 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
All the more reason to only use the most common words that= meet the other criteria:=C2=A0=C2=A0https://github.com/bitcoin/bi= ps/blob/master/bip-0039.mediawiki#Wordlist=C2=A0

I a= gree - keeping "satoshi" in there is an unnecessary security risk= .

Kind R= egards,

Jonathan Sterling

On Thu, Jan 18, 2018 at 8:14 AM, CryptAxe via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
Why wouldn't they jus= t test the frequency of words from the wordlist in entirety?

On Jan 17, 2018 5:10 PM, "Weiwu Zhang via bitcoin-dev&qu= ot; <bitcoin-dev@lists.linuxfoundation.org> wrote:
2018-01-09 19:20 GMT+08:00 = Ronald van der Meer via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org>:
> After reviewing some bitcoin improvement proposals, I noticed that one= of the words that can be found on the BIP39 English wordlist is =E2=80=9Cs= atoshi=E2=80=9D.
> I suggest removing this word from the list so it=E2=80=99s less obviou= s that it=E2=80=99s a bitcoin seed when found by a malicious third party.
If a malicious third party discovers a word list that look like a
seed, they would try using it as Bitcoin seed first anyway, with or
without finding the word 'satoshi' in it. The security threat is th= at
a malicious third party may index what they found and test every
occurrence of 'satoshi' for a lead to a seed.

For example, a hard-disk recycling service would add this word to
their salvage tools. Any successfully hacked gmail account will be
'satoshi' tested too.

So I see this as a reasonable improvement:)
_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org= /mailman/listinfo/bitcoin-dev

_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.= linuxfoundation.org
https://lists.linuxfoundation.org= /mailman/listinfo/bitcoin-dev




--
= Kind Regards,

Jonathan Sterling
+44 (0)7415 51= 2691
--089e08256c3407a9ae0563077305--