Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 6BF8ABA0 for ; Wed, 2 Jan 2019 18:06:37 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D3B42701 for ; Wed, 2 Jan 2019 18:06:36 +0000 (UTC) Received: by mail-wm1-f41.google.com with SMTP id p6so28295444wmc.1 for ; Wed, 02 Jan 2019 10:06:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=weKyElmg5YhFQSwmxBrW9HJwy3GFux4h7QHtTqLdgGo=; b=rtI6h2xk070W2V13yaMGQqMvR4Irge9mN4fmHIFkXEpTABzQqnz0MWLnzYO/w6GprK e97bhTfibwk5nDbDJF/Rgm9rPtUYe8UygvxxUWMGANkbXzC+muX+U/G5sd8QEARBkWTG BEj1JbfYfHwe7av/xta4Vt67emajW3NwSY5uyeEXBsFX3jweA7HKOKcsheib30M344ry 8Usm5y/liM5OFxeFMwA9r28U+facz/N3XsdxPZS7aCN7N+wAkjTpP4cVJdeZpHkeYshP y2E9bUpdtP/sk4Shg9xJDXHK8gzO56xfYRx8uu6IkcABpqWxe5WdaK6gOzp6dbBw0Crf SA2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=weKyElmg5YhFQSwmxBrW9HJwy3GFux4h7QHtTqLdgGo=; b=noDjsrPvslmpS3NirFsSB8a8KhJWLm2VjFJYbAkdQ0pfKHQogngaUkLCopYy3V+1ad ASsq9N6B1174Sm/oOJ68AW9gaDY9nX2CFD1LJD0TI2azm+NSAogyBWBYRFMpn7ctNQfO 9vl7YBzabxsH60xKKwC3lZ19rLlQTAhQHrNfHfBw6M1/zmr/biOrc681+b6eQGYKlk3Q V7Pd+SQ/E6ge1VOkLyWDgnVUlbbhx9NeTg+q8W9R5mj+Ktk34bJ7uTodCCNrgcGUSsOe y9OrznXmO1viiyOZpPB1GYuUedGhetQERI0D92K4hArl+wEq6u+Wok2aAHA40iyiECeZ //4g== X-Gm-Message-State: AJcUukdBewLLszuhjC3dGp4/wlkVYb/GnVm7EaM41YLPgaWb2V9qo4q+ CUEKRzJUHZlaUPF0NGtIAsZb+fa+7np513xamtU= X-Google-Smtp-Source: ALg8bN7/MG0VKOGvb0nfQGQx+tQ+k3ZF7xp6KffhfYbVb3tHGe1p8RPM5Xf0wK/d8HE+sRTnf6h4MI87rpxliC60qYs= X-Received: by 2002:a1c:578e:: with SMTP id l136mr23208298wmb.124.1546452395280; Wed, 02 Jan 2019 10:06:35 -0800 (PST) MIME-Version: 1.0 References: <68330522-7e7c-c3b4-99a9-1c68ddb56f23@gmail.com> <743fb106-977e-1f34-47af-9fb3b8621e72@gmail.com> In-Reply-To: From: James MacWhyte Date: Wed, 2 Jan 2019 18:06:08 +0000 Message-ID: To: thealanevans@gmail.com, Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="000000000000aecebe057e7d812e" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Thu, 03 Jan 2019 02:44:10 +0000 Subject: Re: [bitcoin-dev] BIP39 seeds X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jan 2019 18:06:37 -0000 --000000000000aecebe057e7d812e Content-Type: text/plain; charset="UTF-8" On Wed, Jan 2, 2019 at 3:40 AM Alan Evans via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > > I think any method that doesn't use real entropy, but some fake source of > randomness, such as a book is asking to be hacked and so is not a > reasonable idea. > > If an algorithm for book text to BIP39 sentence ever became well used, > common books will be systematically searched for accounts. People will also > choose their favourite passages, so I would expect to see collisions. > > I tend to have this conversation a lot ;) I'm not sure what Aymeric has in mind, but my suggestions are for use by the small few who properly understand how these things work. I am not suggesting blockchain.info require every user to choose a book passage to use as their backup phrase! There are so many small things that could be done to make a text input unique. Choose the X number of words from the start of the Nth sentence. Replace all punctuation with exclamation points. Combine two sentences from different pages. It would be nigh impossible to brute force any of these, and would require hints/instructions from the owner to recover. But I admit if this is not intended for standardization, discussing it on this mailing list is probably unwarranted. --000000000000aecebe057e7d812e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Wed, Jan 2,= 2019 at 3:40 AM Alan Evans via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>= wrote:

I think any = method that doesn't use real entropy, but some fake source of randomnes= s, such as a book is asking to be hacked and so is not a reasonable idea.

If an algorithm for book text to BIP39 sentence=C2= =A0ever became well used, common books will be systematically searched for = accounts. People will also choose their favourite passages, so I would expe= ct to see collisions.


I tend to have this conversation a lot ;) I'm not sur= e what Aymeric has in mind, but my suggestions are for use by the small few= who properly understand how these things work. I am not suggesting blockchain.info require every user to choos= e a book passage to use as their backup phrase!

Th= ere are so many small things that could be done to make a text input unique= . Choose the X number of words from the start of the Nth sentence. Replace = all punctuation with exclamation points. Combine two sentences from differe= nt pages. It would be nigh impossible to brute force any of these, and woul= d require hints/instructions from the owner to recover.

But I admit if this is not intended for standardization, discussing i= t on this mailing list is probably unwarranted.
--000000000000aecebe057e7d812e--