1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
|
Return-Path: <vitteaymeric@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id C67DC9DA
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 27 Dec 2018 11:04:19 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com
[209.85.221.49])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 0AE667DB
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 27 Dec 2018 11:04:18 +0000 (UTC)
Received: by mail-wr1-f49.google.com with SMTP id t6so17928990wrr.12
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 27 Dec 2018 03:04:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=subject:to:cc:references:from:openpgp:autocrypt:message-id:date
:user-agent:mime-version:in-reply-to:content-language;
bh=zQRdfvLHyeDRmOPvxpmcNtyGONL4XI/gcfWyM24mlUY=;
b=PWrG5DBBHDZt1EdpwpKkpxjM0yQTTEBsYoZxQ5NKmYM+BPf/9G3ZEw+VxC3T+F7nfh
NKq5MB1N4TF2Z/Anx5h2+RLhJNohZB6LPvlz3LORilFjki0v8V3/0fQk9TPJAGyQd7VS
F7B1DVMyOW1VRqKDHRG1PLhMKYSb3cT6336fJ2oVcz09uhJhvvvi6iPj/u1SbF8zDqoS
gFoGtbE2kKgD9NVdYYuCm2ui3dwL+gn+Bqkz05sLaxPzXqqA5K2Fwmx7iz94bEXHVo7Q
43zA2V+4S3crhZA1ZAIaZbM2MjtTHtd5Zr4DvSURS3mFeVB3em37WZoX9W08fEj/F/3C
X4+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:subject:to:cc:references:from:openpgp:autocrypt
:message-id:date:user-agent:mime-version:in-reply-to
:content-language;
bh=zQRdfvLHyeDRmOPvxpmcNtyGONL4XI/gcfWyM24mlUY=;
b=YDNg4DSzalqmGVih6bG4j5NVrwRFXEUaYX3IynZDDDoPEFrB7PZuCZdHrnKrFkr7Ea
2TR9W9BfxWnrDH+SjcwuyxTD09Dfa9ZVLQg1JVh5YduQOPAqc9TzKrIUD/UpWhRV6eOa
9mqqq89bFzwwxRU9JC53C+ql8WauaesLl2CQY8fND4x60thxUtJfl/Gk3NmSpUMGuQ9W
9gQ2bYeVuxREM5tX77KhPVxs/ohJ7EH16jEupmZ8dPHbtE++D3g4/qBTZdFWb/INsYXv
B71ojPTEaYozQT9hPkpXpjWS/Ml4GfG/nYNedyUNNB1wDLJJw3+nbwyCurvxKvpdvu8l
01BQ==
X-Gm-Message-State: AJcUukdso92b9uY3S7a/3Kx7hpakUiNdnSceDMMmTEEwlTN9TidEdm+8
hTOIR6IYRsuxdxVNhNwTp34cBnTf
X-Google-Smtp-Source: ALg8bN4izag9mim0mvGvHv/I0nGn2Gs3Axy8vMlz1XFDUlJXyO6JuAkusQYnoTte1Dr9RukoConGJw==
X-Received: by 2002:a5d:6b81:: with SMTP id n1mr23360429wrx.149.1545908657393;
Thu, 27 Dec 2018 03:04:17 -0800 (PST)
Received: from [192.168.1.10] (lfbn-nic-1-41-15.w2-15.abo.wanadoo.fr.
[2.15.134.15]) by smtp.googlemail.com with ESMTPSA id
y185sm19627786wmg.34.2018.12.27.03.04.16
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Thu, 27 Dec 2018 03:04:16 -0800 (PST)
To: James MacWhyte <macwhyte@gmail.com>
References: <68330522-7e7c-c3b4-99a9-1c68ddb56f23@gmail.com>
<f2d73a92-e1c5-9072-e255-fa012a9f9d1b@satoshilabs.com>
<db184306-7ec0-322e-5637-7889b51f50bf@gmail.com>
<CAH+Axy6dKDOkE6cQYZUusTUxxOSwWchOWxYh6ZkhnOgXuELaYg@mail.gmail.com>
<743fb106-977e-1f34-47af-9fb3b8621e72@gmail.com>
<CAH+Axy7v=26P8=CJPUqymKOcromGz+zYZ2cb2KaASgXNPpE2tQ@mail.gmail.com>
From: Aymeric Vitte <vitteaymeric@gmail.com>
Openpgp: preference=signencrypt
Autocrypt: addr=vitteaymeric@gmail.com; prefer-encrypt=mutual; keydata=
mQINBFdW8uABEAC7HJScbB2d/lmYoY5Cn9loEjJwfLs1LC3om030bWFGiH3Ceo5XeHUT94rw
Pi+HaHU8ea94425SXIFsnqp/ouoT/8Ffn6vED0OoRmK0jE4fqDApXSpoL2mHX9PAGdUItMtD
YrxBiBZNfMkctEsm4NrQ4TCvB3Yrm6Fc69inXJjUoYgPw5tHafEeI8Qwh0j99JZZDKcAqIra
JF3MPc59rATz0qOJtRP9EpsPVFwjJe13zN6CHILwiVgrL8EtT5WKCVO6ATxh60LHi8+MwPxV
V31zp/NNI5Hck+XocEMO98ZvUu9X8ZxmnOk/+9pBxXEwUqSGUNWdmPJLncpI23Usce3u/MOo
M2C4T4rD4J0XrXiyBvbeTvwq4qVNlyggeWzlBH+YpEYgDctPq4gNh4eoTtAkf8URtBeke5bQ
CGdaZt/jxv8nvmxs9V/iSyg5ldJLQktHStXOo0OZ7FEB2C6Ggtymm4hm2MHYg07Q1MGJrFLa
oJZkJ3JeXnVsZMam7ypQtld6rRa96CvH+llXwux6aQ5hKdzmBBMQ10LlkZhkExgTawbeqdiG
RMP2DjD5go6TPdAHS4NN34SBkrTWLqgWOjN/lnG77bbLnpMl0P+xBTuqw1oSXaDbcdHE2nGY
lRno/ZZIfr+1Bq56DZLBX/WpnAT4f5WtofL4CxQM9SbG6byyewARAQABtCJBeW1lcmljIFZp
dHRlIDxheW1lcmljQHBlZXJzbS5jb20+iQI/BBMBCAApBQJXVvLgAhsjBQkJZgGABwsJCAcD
AgEGFQgCCQoLBBYCAwECHgECF4AACgkQKh17NCYnrDm3WhAAlYmgtSmtfqjBvQMqkmtqiQJA
aZkzFZWt6+zroduHH5/Tp8jh73gFqCUyRrl/kcKvs2+XQhfrOwk1R6OScF25bpnrZSeuyJnZ
MZu4T0P2tGS8YdddQvWUHMtI9ZnQRuYmuZT23/hgj1JnukuGvGLeY0yDUa1xFffPN39shp5X
FPMcpIVOV3bs+xjAdsyfRyO3qJAD1FGiR7ggJeoaxUbKZ6NtcVUPPRMjVTKfopkuDwKY318m
BE0epfxSZ/iRhsJ0/sREUWgbgq4/QvCFwBKzgz7fTikGmf8OELWSdofmXs7gOtmMc3el8fJu
W8PVa/OsIQHDmwSzvxmE8ba5M8bdwOYEraTWFArIymAAtRXKxmuYpkqKfeSlbCwae3W+pgNT
8nKYRVAFlMtIxYkmPYyMTk9kCscmSqugGWbWdnqe/dhVaa31xa1qO1tDH24D2/tjCJRQt4Jk
AEWNSmjCmjfeArMEFTGlZwMTAjVXErLSPbLOsZiZhD9sjvSbfzrtJiMli2h9+Dvds+AJk1PM
O8LW7cCNyFoCk4OdAxzJHobZ25G+uy4NSQEHgxLC2iuh/tugz1tOHnQczPc/3AkVVI9A5DF1
gbVRBJh6rI7sAcwuR76uoOs0Rpp7r6I66xqU/5eq8g1OsJp89tw0ppSIa0YmaxNqQZ0l3rVX
o/ZwpBjtNQS5Ag0EV1by4AEQANhlz3Ywff4dY1HTdn05v0wVUxZzW2PUih+96m6EhpUrD9BT
vxriKtbgxm/zl+5YAlThbrk9f0QyVTHJ95Z1/M5qjuksP9Zn3qZ/8ylANDkN2s3z8Bq/LJA+
u7+APhMqyFWK0FqNCOogClvijiKPEzkU6tmDGO6wZ5pR/u8Fdq7DGQgwgyGZZc7qstte0M7l
yx7bVRlPBqvd6kyX3YubQHzkctf46nFjiYZgKawdWFsA3PCdSBupbhixL5d/t1UK9ZTiQJcf
0uhHzT06qwolFrm/ugkLDHtE4Zo3BuKch47Sms8P2hJ08gABxeJHg0ZgkIUy/Xf4nHbDCBJw
T8tE8pWYWA2ECiPNo0TOCMVOueEzISUNKINfCuFHSbMQU39hgt3ofxODbAjOiO3e/iu1ptck
AkuVBdtjOBP4tHRGxVrbf5EuAV5U5xtiSxMwMgojg0GIXZjnT/8uvWqcLqtJILRMmmu+WNvD
oxuiJzcTJhDai9oujmxQwcpMvgrBB89KSTDyitO5XVjZqaR7Zxvvn3rM4bAms/lotv9+pTyh
spazTIxb80u0ifJ6y1RxAkxQCfWwps1i3VbsM6OKX78aUyOf5V4ihXF57M37tOqPRwFvz6a+
AIIhUNMTLo2H+o6Vw9qbX8SUxPHPs6YpJ8lWQJ9OMWHE+SbaDFAi/D5hYRubABEBAAGJAiUE
GAEIAA8FAldW8uACGwwFCQlmAYAACgkQKh17NCYnrDmk4Q/9Fuu0h5HvIiO3ieYA2StdE7hO
vv2THuesjJDsj6aQUTgknaxKptJogNe3dDyIT+FHxXmCw0Nrbm9Q3ryl80z/G9utfFNO3Gwc
q31QW3n3LJHnpqdrV3WsRzT5NwJMVtiIAGRrX8ZomtarWHT0PeEHC2xBdFzRrJtmkrwer0Wc
0nBzD7vk1XEXC9nODbmlgsesoHFgRwQBst3wClCbX1gv8aSfxQNpaf9UBC8DmyrQ621UXpBo
PvcFEtWxV44vJfP0WOLCCN0Pzv2F2I66iKo7VMqbr5jlNAXJN9I1hXb7qwYJmBC9j5oeEoqv
A9d44WWpxrdAr8qih4Nv89k9+9F6NoqORY3FGuVDKiW8CVhCmGT7bIvNeyicVBZFipXqPcKL
VFduO2c5Ubc2npMWLUF1k9JJc9tH75l3+F/0RbYVTzGAZ+zSaudwR6h8YiCN2DBZGZkJEZbh
3X/l6jtijMN/W9sPHyyKvm/TmeEC27S3TqZPZ8PUQLxZC70V6gMbenh01JdSQsn5t8Ru0RNh
Blt0g7IyZyIKCE9b+TyzbYpX6qgqEBUHia5b0vyPtQacWQlZ8uqnghAqNkLluEsy7Q/7xG6M
wXUYEDsFOmB9dKOzcAOIhpxlVjSKu5mzXJ11sEtE8nyF5NJ/riCA7FGcjlki3zIpzQUNo9v7
vXl2h6Tivlk=
Message-ID: <c91cd61b-3ec5-6c7a-c7e3-7ceb48539625@gmail.com>
Date: Thu, 27 Dec 2018 12:04:18 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:60.0) Gecko/20100101
Thunderbird/60.3.3
MIME-Version: 1.0
In-Reply-To: <CAH+Axy7v=26P8=CJPUqymKOcromGz+zYZ2cb2KaASgXNPpE2tQ@mail.gmail.com>
Content-Type: multipart/alternative;
boundary="------------80CE2C045D11BB10DE780A7D"
Content-Language: fr
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Thu, 27 Dec 2018 14:59:24 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] BIP39 seeds
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Dec 2018 11:04:19 -0000
This is a multi-part message in MIME format.
--------------80CE2C045D11BB10DE780A7D
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Le 26/12/2018 à 19:54, James MacWhyte a écrit :
>
> On Wed, Dec 26, 2018 at 11:33 AM Aymeric Vitte <vitteaymeric@gmail.com
> <mailto:vitteaymeric@gmail.com>> wrote:
>
> so, even with a tool like yours, they can be misleaded, for
> example trying a few words to replace the missing/incorrect one,
> get a valid seed and stay stuck with it forever trying to play
> with BIP44/49 to find their keys
>
>
> Just a small detail, but my tool actually looks up all the possible
> combinations and then finds which one has been used before by looking
> for past transactions on the blockchain. Therefore, it won't tell you
> your phrase is correct unless it is a phrase that has actually been
> used before (preventing what you described).
I saw that your tool was querying blockchain.info, but it cannot guess
what derivation path was used and if it is a standard one what addresses
were used, and even if successful it works only for bitcoin (so maybe it
should just output the ~1500 possible phrases and/or xprv, and be
completely offline, this is still doable for people)
>
> Using some algorithm to take some input and generate a bip39 phrase
> that you can use with any bip39 wallet sounds perfectly reasonable.
I forgot to mention that this can help also solving the "what if
something happens to me" case giving to the family the seed and the
parameter(s) for the derivation path, or an easy way to find it (better
than something like: remind this passphrase, take the sha256 of it, then
use some other stuff to find the encryption algo, take n bytes of the
hash, use it to decode my wallet or my seed... and then everybody
looking at you like crazy)
--------------80CE2C045D11BB10DE780A7D
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><br>
</p>
<div class="moz-cite-prefix">Le 26/12/2018 à 19:54, James MacWhyte a
écrit :<br>
</div>
<blockquote type="cite"
cite="mid:CAH+Axy7v=26P8=CJPUqymKOcromGz+zYZ2cb2KaASgXNPpE2tQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div>
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr"><br>
</div>
</div>
</div>
<div class="gmail_quote">
<div dir="ltr">On Wed, Dec 26, 2018 at 11:33 AM Aymeric Vitte
<<a href="mailto:vitteaymeric@gmail.com"
moz-do-not-send="true">vitteaymeric@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>so, even with a tool like yours, they can be misleaded,
for example trying a few words to replace the
missing/incorrect one, get a valid seed and stay stuck
with it forever trying to play with BIP44/49 to find
their keys<br>
</p>
</div>
</blockquote>
<div><br>
</div>
<div>Just a small detail, but my tool actually looks up all
the possible combinations and then finds which one has been
used before by looking for past transactions on the
blockchain. Therefore, it won't tell you your phrase is
correct unless it is a phrase that has actually been used
before (preventing what you described).</div>
</div>
</div>
</blockquote>
<p>I saw that your tool was querying blockchain.info, but it cannot
guess what derivation path was used and if it is a standard one
what addresses were used, and even if successful it works only for
bitcoin (so maybe it should just output the ~1500 possible phrases
and/or xprv, and be completely offline, this is still doable for
people)</p>
<blockquote type="cite"
cite="mid:CAH+Axy7v=26P8=CJPUqymKOcromGz+zYZ2cb2KaASgXNPpE2tQ@mail.gmail.com">
<div dir="ltr">
<div class="gmail_quote">
<div><br>
</div>
<div>Using some algorithm to take some input and generate a
bip39 phrase that you can use with any bip39 wallet sounds
perfectly reasonable.</div>
</div>
</div>
</blockquote>
<p>I forgot to mention that this can help also solving the "what if
something happens to me" case giving to the family the seed and
the parameter(s) for the derivation path, or an easy way to find
it (better than something like: remind this passphrase, take the
sha256 of it, then use some other stuff to find the encryption
algo, take n bytes of the hash, use it to decode my wallet or my
seed... and then everybody looking at you like crazy)<br>
</p>
</body>
</html>
--------------80CE2C045D11BB10DE780A7D--
|