summaryrefslogtreecommitdiff
path: root/45/4a58be5d010990e1229d7b77b3229e84083280
blob: 0e0ec2c9779b692314061e2a6d980b446c88effa (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
Return-Path: <jon@thancodes.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 717B21132
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 18 Jan 2018 06:55:30 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-pf0-f175.google.com (mail-pf0-f175.google.com
	[209.85.192.175])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D5251E7
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 18 Jan 2018 06:55:29 +0000 (UTC)
Received: by mail-pf0-f175.google.com with SMTP id m26so13668619pfj.11
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 17 Jan 2018 22:55:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=thancodes.com; s=google;
	h=mime-version:in-reply-to:references:from:date:message-id:subject:to; 
	bh=hSfXhW8ufsKfG92O0L6wHvz5Jz/+T8XMHBilNzPPMkg=;
	b=X5hyjcZ4l3RQQ+0VlUp+G5x5INHWGSmoz7EBzTtrJoLojE8237tYkPU9rlj14jqp8X
	51FUV/r76cGI+BkB6XN/zROwRrQPQmHpfGMWx2ZKKwhYuem4Ybtq01DQTbYZkVrrj9qo
	dkkA6D0VIfH+gZdSuMhAV4yJoHX1JeIkd8EZw8FbBg6vl0DRf2Vot2nDrSuiz6NOLItA
	Kb/vvKRZZ59/AYSkuZHfdBc7S6zSMODRxW2aOA0kpNfbDNERIVXszNh70shnDSu4Ags4
	xEwVFqUkQSBobX4R7j3oJTOjnBTTGzXik1KQ66D26cR7yJ11Akjfcv7RUiKRYIHzlAWa
	9P+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:in-reply-to:references:from:date
	:message-id:subject:to;
	bh=hSfXhW8ufsKfG92O0L6wHvz5Jz/+T8XMHBilNzPPMkg=;
	b=pjzUUVP60g81fb/074pKtXYBDZumu7mQUvr3CeaaCWxdYDs1Dmoryu4/WRqy7RFhkG
	UJ75DSLMaSt2KPx5N+LKynexQgXDh3Wiupyv3OwTVDmySRMiADKzLFXwC4Bagxwr1ec9
	5h455t57XHbL5Oxs/ki3XyXhQecmWNpben85gbvX2RNHOZQgXnBYKes++R2CcnTIKWCx
	+MVi9hhxCVEG8dxDGfrkC4G+NDZrLuDzJN/iABpvVWkTb9BAwvRFidR+eMhB9u/y+wWK
	/PDd61Adk+992y8aoyiuPjYCQfkvNeGKj65ZGLJ2g7GlO3hnmLHC1PuofoKdPkP/NqxP
	GBXQ==
X-Gm-Message-State: AKGB3mI4jHpR1PMyhEQP7fgMlM4nuZLb6OaNN6rrRS5zCHyfs8Y+zKNY
	A9yGU+EQENcw/hivGqziP4BOwBm0QXQGyYEubivdMovkJJs=
X-Google-Smtp-Source: ACJfBotfwvPXTNQ1hkADJpdQGpyd7hCPKT4jNH1QLKdtLs/FIlAIRl3PuNC8HMFFrjKUhSKVJljdD+Q5l3kqba/D5I0=
X-Received: by 10.159.218.67 with SMTP id x3mr45579332plv.45.1516258529350;
	Wed, 17 Jan 2018 22:55:29 -0800 (PST)
MIME-Version: 1.0
Received: by 10.100.226.199 with HTTP; Wed, 17 Jan 2018 22:55:28 -0800 (PST)
In-Reply-To: <CAF5CFkgO4SEBxTH93-L_d=JBgAmDNFTJa-LrnyjcvY-Esop9EA@mail.gmail.com>
References: <31430A55-57AD-4648-8D6D-DE2A45CC013C@vandermeer.frl>
	<CAEvpD62pd_s17VoGw8B+=3_cmMq2cWneAR0MZ_CT_7DqooBnLQ@mail.gmail.com>
	<CAF5CFkgO4SEBxTH93-L_d=JBgAmDNFTJa-LrnyjcvY-Esop9EA@mail.gmail.com>
From: Jonathan Sterling <jon@thancodes.com>
Date: Thu, 18 Jan 2018 13:55:28 +0700
Message-ID: <CAH01uEu5gu_4z-6r3MbqsjboHuZ87yOxAZq6QxtA-3iUZvoXZw@mail.gmail.com>
To: CryptAxe <cryptaxe@gmail.com>, 
	Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="089e08256c3407a9ae0563077305"
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Thu, 18 Jan 2018 15:51:02 +0000
Subject: Re: [bitcoin-dev] Suggestion to remove word from BIP39 English
	wordlist
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jan 2018 06:55:30 -0000

--089e08256c3407a9ae0563077305
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

All the more reason to only use the most common words that meet the other
criteria:
https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#Wordlist

I agree - keeping "satoshi" in there is an unnecessary security risk.

Kind Regards,

Jonathan Sterling

On Thu, Jan 18, 2018 at 8:14 AM, CryptAxe via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> Why wouldn't they just test the frequency of words from the wordlist in
> entirety?
>
> On Jan 17, 2018 5:10 PM, "Weiwu Zhang via bitcoin-dev" <bitcoin-dev@lists=
.
> linuxfoundation.org> wrote:
>
>> 2018-01-09 19:20 GMT+08:00 Ronald van der Meer via bitcoin-dev
>> <bitcoin-dev@lists.linuxfoundation.org>:
>> > After reviewing some bitcoin improvement proposals, I noticed that one
>> of the words that can be found on the BIP39 English wordlist is =E2=80=
=9Csatoshi=E2=80=9D.
>> > I suggest removing this word from the list so it=E2=80=99s less obviou=
s that
>> it=E2=80=99s a bitcoin seed when found by a malicious third party.
>>
>> If a malicious third party discovers a word list that look like a
>> seed, they would try using it as Bitcoin seed first anyway, with or
>> without finding the word 'satoshi' in it. The security threat is that
>> a malicious third party may index what they found and test every
>> occurrence of 'satoshi' for a lead to a seed.
>>
>> For example, a hard-disk recycling service would add this word to
>> their salvage tools. Any successfully hacked gmail account will be
>> 'satoshi' tested too.
>>
>> So I see this as a reasonable improvement:)
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>


--=20
Kind Regards,

Jonathan Sterling
+44 (0)7415 512691

--089e08256c3407a9ae0563077305
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">All the more reason to only use the most common words that=
 meet the other criteria:=C2=A0=C2=A0<a href=3D"https://github.com/bitcoin/=
bips/blob/master/bip-0039.mediawiki#Wordlist">https://github.com/bitcoin/bi=
ps/blob/master/bip-0039.mediawiki#Wordlist</a>=C2=A0<div><br></div><div>I a=
gree - keeping &quot;satoshi&quot; in there is an unnecessary security risk=
.<br><div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">Kind R=
egards,</div><div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra=
">Jonathan Sterling</div><div class=3D"gmail_extra"><br><div class=3D"gmail=
_quote">On Thu, Jan 18, 2018 at 8:14 AM, CryptAxe via bitcoin-dev <span dir=
=3D"ltr">&lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" targe=
t=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a>&gt;</span> wrote:<br=
><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1=
px #ccc solid;padding-left:1ex"><div dir=3D"auto">Why wouldn&#39;t they jus=
t test the frequency of words from the wordlist in entirety?</div><div clas=
s=3D"HOEnZb"><div class=3D"h5"><div class=3D"gmail_extra"><br><div class=3D=
"gmail_quote">On Jan 17, 2018 5:10 PM, &quot;Weiwu Zhang via bitcoin-dev&qu=
ot; &lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"=
_blank">bitcoin-dev@lists.<wbr>linuxfoundation.org</a>&gt; wrote:<br type=
=3D"attribution"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8=
ex;border-left:1px #ccc solid;padding-left:1ex">2018-01-09 19:20 GMT+08:00 =
Ronald van der Meer via bitcoin-dev<br>
&lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_bla=
nk">bitcoin-dev@lists.linuxfounda<wbr>tion.org</a>&gt;:<br>
&gt; After reviewing some bitcoin improvement proposals, I noticed that one=
 of the words that can be found on the BIP39 English wordlist is =E2=80=9Cs=
atoshi=E2=80=9D.<br>
&gt; I suggest removing this word from the list so it=E2=80=99s less obviou=
s that it=E2=80=99s a bitcoin seed when found by a malicious third party.<b=
r>
<br>
If a malicious third party discovers a word list that look like a<br>
seed, they would try using it as Bitcoin seed first anyway, with or<br>
without finding the word &#39;satoshi&#39; in it. The security threat is th=
at<br>
a malicious third party may index what they found and test every<br>
occurrence of &#39;satoshi&#39; for a lead to a seed.<br>
<br>
For example, a hard-disk recycling service would add this word to<br>
their salvage tools. Any successfully hacked gmail account will be<br>
&#39;satoshi&#39; tested too.<br>
<br>
So I see this as a reasonable improvement:)<br>
______________________________<wbr>_________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundat<wbr>ion.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
/mailman/listinfo/bitcoin-d<wbr>ev</a><br>
</blockquote></div></div>
</div></div><br>______________________________<wbr>_________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
<wbr>linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
/mailman/listinfo/bitcoin-<wbr>dev</a><br>
<br></blockquote></div><br><br clear=3D"all"><div><br></div>-- <br><div cla=
ss=3D"gmail_signature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr">=
Kind Regards,<div><br></div><div>Jonathan Sterling</div><div>+44 (0)7415 51=
2691</div></div></div>
</div></div></div>

--089e08256c3407a9ae0563077305--