Return-Path: <indolering@gmail.com> Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 4CDDBB93 for <bitcoin-dev@lists.linuxfoundation.org>; Wed, 17 May 2017 17:01:46 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-oi0-f54.google.com (mail-oi0-f54.google.com [209.85.218.54]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D16251F9 for <bitcoin-dev@lists.linuxfoundation.org>; Wed, 17 May 2017 17:01:45 +0000 (UTC) Received: by mail-oi0-f54.google.com with SMTP id h4so23176609oib.3 for <bitcoin-dev@lists.linuxfoundation.org>; Wed, 17 May 2017 10:01:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to; bh=mJDbXatVrdNQCqkwk5L668t6r0UoCkzUPoSe4z2wqo4=; b=GAHSqkKJsyqoENk1atuq5soDg7pzbGrF99Oavw6LvbhMVhtd9+WHISlnB0CAahdYC6 Mewk5KPFa+A3q2jLoJSGo9P9CPFD7BTOS3O70GlUjpLBZGlaluoOyUqv7bFAcP4P4jOE 2lrFcLGzMpQjENV8ak6B7kiNxoDBKq/6TZwndgzkEXxNAMea2pjBD7Gimm2HnBjtdKtT xj3TzhVybFjLY4De87EOAHfr+AvKi/VQN79IZi4FS+DcU1gUouEDfO+xb/3udQCWp6mJ 6XPoSHDwLlWn/kdOnh8cf6XQfLntL7Vvm/bIpco/C+2XYmtTO7QAlU24oGfZhsRI9XBk PJzQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=mJDbXatVrdNQCqkwk5L668t6r0UoCkzUPoSe4z2wqo4=; b=mof36gPNb9lHdviIOxKUgwBw3Ckq3xU0JJ88TmXHLGR+HTq4FDcNVGBKHBPfom2rwq WeD/dHx223bG8ORZ98UFaXNjJD0FCOupbwt2vo3PeSR5Zm/O2IDZWxHkvt0jxv4lOfGD t+cTgX7u9DyRBEnq4W+LzE4wrHRaX4mL7egRFO/bw3QONSFHI1oocu9bi3fRgBrB1WO1 abmh47b+ptO5+y32v4ok96wylclpayZDwNT5ENvH++EdJsvEilzxUOy2fFrjvY1QSO13 smZ1/Djl2EKgzENsxpsOMw7P9/B7DU027P/5RKVI+IPUi4j9jDeeCLCN3XdykmNKrBPT baEA== X-Gm-Message-State: AODbwcAj2Ij0yViCLUYR29OvuaPtdOAXIVdr8A95oP6ZJx7bWIGGxRdX a8swzTyLfARwgiZB9CH9XbXRnGt9E4Dm7IU= X-Received: by 10.202.199.69 with SMTP id x66mr2066027oif.215.1495040504846; Wed, 17 May 2017 10:01:44 -0700 (PDT) MIME-Version: 1.0 Sender: indolering@gmail.com Received: by 10.202.175.76 with HTTP; Wed, 17 May 2017 10:01:04 -0700 (PDT) From: Zach Lym <zachlym@indolering.com> Date: Wed, 17 May 2017 10:01:04 -0700 X-Google-Sender-Auth: leL8hFGTwCbunrBDWUagxgQviRc Message-ID: <CABWuLVf6zUhyTSDkXv26WqUE43q7PHqtOtfm5SNs_LkbmGt9dQ@mail.gmail.com> To: bitcoin-dev@lists.linuxfoundation.org Content-Type: multipart/alternative; boundary="001a11c1866637618f054fbb3e45" X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Wed, 17 May 2017 17:14:14 +0000 Subject: [bitcoin-dev] BIP39 (mnemonic seeds) Unicode normalization compatibility issue X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> X-List-Received-Date: Wed, 17 May 2017 17:01:46 -0000 --001a11c1866637618f054fbb3e45 Content-Type: text/plain; charset="UTF-8" I am working on a replacement for BIP39 and noticed that the password section mandates a Unicode normalization pass but does not prohibit unassigned character points. I believe that this is problematic as newer drafts of Unicode alter the output of normalization passes. So if a user assigned a password using a wallet that linked to Unicode 9 but input a code point reserved in Unicode 10, updating the wallet to Unicode 10 could incorrectly remap that code point [0]. Thank you, -Zach Lym P.S. The relevant RFC on this subject specifies a different normalization procedure [1] [BIP39]: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki [0]: http://unicode.org/reports/tr15/#Stabilized_Strings [1]: https://tools.ietf.org/html/rfc7564 --001a11c1866637618f054fbb3e45 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div style=3D"font-size:12.8px">I am working on a replacem= ent for BIP39 and noticed that the password section mandates a Unicode norm= alization pass but does not prohibit unassigned character points.</div><div= style=3D"font-size:12.8px"><br></div><div style=3D"font-size:12.8px">I bel= ieve that this is problematic as newer drafts of Unicode alter the output o= f normalization passes.=C2=A0 So if a user assigned a password using a wall= et that linked to Unicode 9 but input a code point reserved in Unicode 10, = updating the wallet to Unicode 10 could incorrectly remap that code point [= 0].</div><div style=3D"font-size:12.8px"><br></div><div style=3D"font-size:= 12.8px"><div class=3D"gmail-m_1049847864337342968gmail_signature">Thank you= ,<div>-Zach Lym</div><div><br></div><div>P.S.=C2=A0<span style=3D"font-size= :12.8px">The relevant RFC on this subject specifies a different normalizati= on procedure [1]</span></div><div><br></div><div>[BIP39]:=C2=A0<a href=3D"h= ttps://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki" target=3D"_b= lank">https://github.com/<wbr><span class=3D"gmail-il">bitcoin</span>/bips/= blob/master/bip-<wbr>0039.mediawiki</a><br></div><div>[0]:=C2=A0<a href=3D"= http://unicode.org/reports/tr15/#Stabilized_Strings" target=3D"_blank">http= ://unicode.org/<wbr>reports/tr15/#Stabilized_<wbr>Strings</a></div><div>[1]= :=C2=A0<a href=3D"https://tools.ietf.org/html/rfc7564" target=3D"_blank">ht= tps://tools.ietf.org/<wbr>html/rfc7564</a></div></div></div> </div> --001a11c1866637618f054fbb3e45--