Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
	helo=mx.sourceforge.net)
	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <adam@cypherspace.org>) id 1W5O3p-0003Mg-1v
	for bitcoin-development@lists.sourceforge.net;
	Mon, 20 Jan 2014 23:15:17 +0000
X-ACL-Warn: 
Received: from mout.perfora.net ([74.208.4.194])
	by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1W5O3n-0005Ql-0C
	for bitcoin-development@lists.sourceforge.net;
	Mon, 20 Jan 2014 23:15:17 +0000
Received: from netbook (c107-70.i07-27.onvol.net [92.251.107.70])
	by mrelay.perfora.net (node=mrus1) with ESMTP (Nemesis)
	id 0LcRmI-1VeGQc2Sog-00js8d; Mon, 20 Jan 2014 18:14:48 -0500
Received: by netbook (Postfix, from userid 1000)
	id 783D72E283E; Tue, 21 Jan 2014 00:14:44 +0100 (CET)
Received: by flare (hashcash-sendmail, from uid 1000);
	Tue, 21 Jan 2014 00:14:41 +0100
Date: Tue, 21 Jan 2014 00:14:41 +0100
From: Adam Back <adam@cypherspace.org>
To: Peter Todd <pete@petertodd.org>
Message-ID: <20140120231441.GA9332@netbook.cypherspace.org>
References: <CAJna-HjGHpru6Lpv_tXUkWR2mX-=fobzojtHYvSRJy6+CMesOA@mail.gmail.com>
	<CANg-TZCrpT-YJ0WV9VY6w-PtCiz2YRMBCMvmjneDz13j2namkw@mail.gmail.com>
	<20140120223502.GA1055@petertodd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
In-Reply-To: <20140120223502.GA1055@petertodd.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Hashcash: 1:20:140120:pete@petertodd.org::hzEXguAegFJPr5V/:0000000000000000000
	000000000000000000000000LKI7
X-Hashcash: 1:20:140120:boydb@midnightdesign.ws::amo9PGaiUq3BwfWn:00000000000000
	0000000000000000000000000N1u
X-Hashcash: 1:20:140120:bitcoin-development@lists.sourceforge.net::P6mkFBglkEj9R
	h5F:000000000000000000001hhh
X-Provags-ID: V02:K0:oWKv46fkUiYn/kCN9/MXS4trnXTmq5cP4l0zKEi8TY0
	C6OiuPKSueKqnsDJfSe+U3RbRQSpNdEmH4L8adynraFJvPdnIo
	nh1oMUmEojZ0v+od685SAG9iC0vxmyVwZwVRUNHgg5u/kkBeqp
	RrruiyY6c51IJ2KiFhLIT4OvmKlkjHYomqjyhs6L6g6rVgucrY
	9nzxYKeEHCbcxn3EX4iUl8edq80pi6rdKfd1tZqfvZ5HsO9G0u
	x6ROvCyhTlgg8OSqee9p9nAV18olKiBwwNWIBGv1E2s+PQmsO4
	vaqf96MUrICFcX35NXz0wXBkCJE6C+0OrIMl2KQGKrpOmDHHgI
	ThvJ+Ah2NI9KukFkgvANGmTkD2Tc/GCKfmypEXwZf
X-Spam-Score: -0.0 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
	no trust [74.208.4.194 listed in list.dnswl.org]
	-0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
X-Headers-End: 1W5O3n-0005Ql-0C
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] BIP0039: Final call
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 20 Jan 2014 23:15:17 -0000

Because the mnemonic is an encoding of a 128-bit random number using its
hash as a private key (or derived part of one) is not a problem, its just an
alternate alphabet encoding of the random private key.

Not being able to generically understand the checksum.  Seems tricky to
solve other than say brute force eg H(mnemonic||1) mod 2^k == 0 where k is
the amount of check digit redundancy.  But that might be expensive for a
trezor if k is very big at all.  And then key = H(mnemonic).

Adam

On Mon, Jan 20, 2014 at 05:35:02PM -0500, Peter Todd wrote:
>On Mon, Jan 20, 2014 at 04:05:14PM -0600, Brooks Boyd wrote:
>> On Mon, Jan 20, 2014 at 11:42 AM, slush <slush@centrum.cz> wrote:
>>
>> > Hi all,
>> >
>> > during recent months we've reconsidered all comments which we received
>> > from the community about our BIP39 proposal and we tried to meet all
>> > requirements for such standard. Specifically the proposal now doesn't
>> > require any specific wordlist, so every client can use its very own list of
>> > preferred words. Generated mnemonic can be then applied to any other
>> > BIP39-compatible client. Please follow current draft at
>> > https://github.com/trezor/bips/blob/master/bip-0039.mediawiki.
>>
>> So, because the [mnemonic]->[bip32 root] is just hashing, you've
>> effectively made your "mnemonic sentence" into a brainwallet? Since every
>> mnemonic sentence can now lead to a bip32 root, and only the client that
>> created the mnemonic can verify the mnemonic passes its checksum (assuming
>> all clients use different wordlists, the only client that can help you if
>> you fat-finger the sentence is the client that created it)?
>
>That issue is more than enough to get a NACK from me on making the
>current BIP39 draft a standard - I can easily see that leading to users
>losing a lot of money.
>
>Have any wallets implemented BIP39 this way already in released code?
>
>-- 
>'peter'[:-1]@petertodd.org
>00000000000000009c3092c0b245722363df8b29cfbb86368f4f7303e655983a



>------------------------------------------------------------------------------
>CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>Learn Why More Businesses Are Choosing CenturyLink Cloud For
>Critical Workloads, Development Environments & Everything In Between.
>Get a Quote or Start a Free Trial Today.
>http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk

>_______________________________________________
>Bitcoin-development mailing list
>Bitcoin-development@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/bitcoin-development