Return-Path: <jon@thancodes.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 717B21132
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 18 Jan 2018 06:55:30 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-pf0-f175.google.com (mail-pf0-f175.google.com
	[209.85.192.175])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D5251E7
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 18 Jan 2018 06:55:29 +0000 (UTC)
Received: by mail-pf0-f175.google.com with SMTP id m26so13668619pfj.11
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 17 Jan 2018 22:55:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=thancodes.com; s=google;
	h=mime-version:in-reply-to:references:from:date:message-id:subject:to; 
	bh=hSfXhW8ufsKfG92O0L6wHvz5Jz/+T8XMHBilNzPPMkg=;
	b=X5hyjcZ4l3RQQ+0VlUp+G5x5INHWGSmoz7EBzTtrJoLojE8237tYkPU9rlj14jqp8X
	51FUV/r76cGI+BkB6XN/zROwRrQPQmHpfGMWx2ZKKwhYuem4Ybtq01DQTbYZkVrrj9qo
	dkkA6D0VIfH+gZdSuMhAV4yJoHX1JeIkd8EZw8FbBg6vl0DRf2Vot2nDrSuiz6NOLItA
	Kb/vvKRZZ59/AYSkuZHfdBc7S6zSMODRxW2aOA0kpNfbDNERIVXszNh70shnDSu4Ags4
	xEwVFqUkQSBobX4R7j3oJTOjnBTTGzXik1KQ66D26cR7yJ11Akjfcv7RUiKRYIHzlAWa
	9P+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:in-reply-to:references:from:date
	:message-id:subject:to;
	bh=hSfXhW8ufsKfG92O0L6wHvz5Jz/+T8XMHBilNzPPMkg=;
	b=pjzUUVP60g81fb/074pKtXYBDZumu7mQUvr3CeaaCWxdYDs1Dmoryu4/WRqy7RFhkG
	UJ75DSLMaSt2KPx5N+LKynexQgXDh3Wiupyv3OwTVDmySRMiADKzLFXwC4Bagxwr1ec9
	5h455t57XHbL5Oxs/ki3XyXhQecmWNpben85gbvX2RNHOZQgXnBYKes++R2CcnTIKWCx
	+MVi9hhxCVEG8dxDGfrkC4G+NDZrLuDzJN/iABpvVWkTb9BAwvRFidR+eMhB9u/y+wWK
	/PDd61Adk+992y8aoyiuPjYCQfkvNeGKj65ZGLJ2g7GlO3hnmLHC1PuofoKdPkP/NqxP
	GBXQ==
X-Gm-Message-State: AKGB3mI4jHpR1PMyhEQP7fgMlM4nuZLb6OaNN6rrRS5zCHyfs8Y+zKNY
	A9yGU+EQENcw/hivGqziP4BOwBm0QXQGyYEubivdMovkJJs=
X-Google-Smtp-Source: ACJfBotfwvPXTNQ1hkADJpdQGpyd7hCPKT4jNH1QLKdtLs/FIlAIRl3PuNC8HMFFrjKUhSKVJljdD+Q5l3kqba/D5I0=
X-Received: by 10.159.218.67 with SMTP id x3mr45579332plv.45.1516258529350;
	Wed, 17 Jan 2018 22:55:29 -0800 (PST)
MIME-Version: 1.0
Received: by 10.100.226.199 with HTTP; Wed, 17 Jan 2018 22:55:28 -0800 (PST)
In-Reply-To: <CAF5CFkgO4SEBxTH93-L_d=JBgAmDNFTJa-LrnyjcvY-Esop9EA@mail.gmail.com>
References: <31430A55-57AD-4648-8D6D-DE2A45CC013C@vandermeer.frl>
	<CAEvpD62pd_s17VoGw8B+=3_cmMq2cWneAR0MZ_CT_7DqooBnLQ@mail.gmail.com>
	<CAF5CFkgO4SEBxTH93-L_d=JBgAmDNFTJa-LrnyjcvY-Esop9EA@mail.gmail.com>
From: Jonathan Sterling <jon@thancodes.com>
Date: Thu, 18 Jan 2018 13:55:28 +0700
Message-ID: <CAH01uEu5gu_4z-6r3MbqsjboHuZ87yOxAZq6QxtA-3iUZvoXZw@mail.gmail.com>
To: CryptAxe <cryptaxe@gmail.com>, 
	Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="089e08256c3407a9ae0563077305"
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Thu, 18 Jan 2018 15:51:02 +0000
Subject: Re: [bitcoin-dev] Suggestion to remove word from BIP39 English
	wordlist
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jan 2018 06:55:30 -0000

--089e08256c3407a9ae0563077305
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

All the more reason to only use the most common words that meet the other
criteria:
https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#Wordlist

I agree - keeping "satoshi" in there is an unnecessary security risk.

Kind Regards,

Jonathan Sterling

On Thu, Jan 18, 2018 at 8:14 AM, CryptAxe via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> Why wouldn't they just test the frequency of words from the wordlist in
> entirety?
>
> On Jan 17, 2018 5:10 PM, "Weiwu Zhang via bitcoin-dev" <bitcoin-dev@lists=
.
> linuxfoundation.org> wrote:
>
>> 2018-01-09 19:20 GMT+08:00 Ronald van der Meer via bitcoin-dev
>> <bitcoin-dev@lists.linuxfoundation.org>:
>> > After reviewing some bitcoin improvement proposals, I noticed that one
>> of the words that can be found on the BIP39 English wordlist is =E2=80=
=9Csatoshi=E2=80=9D.
>> > I suggest removing this word from the list so it=E2=80=99s less obviou=
s that
>> it=E2=80=99s a bitcoin seed when found by a malicious third party.
>>
>> If a malicious third party discovers a word list that look like a
>> seed, they would try using it as Bitcoin seed first anyway, with or
>> without finding the word 'satoshi' in it. The security threat is that
>> a malicious third party may index what they found and test every
>> occurrence of 'satoshi' for a lead to a seed.
>>
>> For example, a hard-disk recycling service would add this word to
>> their salvage tools. Any successfully hacked gmail account will be
>> 'satoshi' tested too.
>>
>> So I see this as a reasonable improvement:)
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>


--=20
Kind Regards,

Jonathan Sterling
+44 (0)7415 512691

--089e08256c3407a9ae0563077305
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">All the more reason to only use the most common words that=
 meet the other criteria:=C2=A0=C2=A0<a href=3D"https://github.com/bitcoin/=
bips/blob/master/bip-0039.mediawiki#Wordlist">https://github.com/bitcoin/bi=
ps/blob/master/bip-0039.mediawiki#Wordlist</a>=C2=A0<div><br></div><div>I a=
gree - keeping &quot;satoshi&quot; in there is an unnecessary security risk=
.<br><div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">Kind R=
egards,</div><div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra=
">Jonathan Sterling</div><div class=3D"gmail_extra"><br><div class=3D"gmail=
_quote">On Thu, Jan 18, 2018 at 8:14 AM, CryptAxe via bitcoin-dev <span dir=
=3D"ltr">&lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" targe=
t=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a>&gt;</span> wrote:<br=
><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1=
px #ccc solid;padding-left:1ex"><div dir=3D"auto">Why wouldn&#39;t they jus=
t test the frequency of words from the wordlist in entirety?</div><div clas=
s=3D"HOEnZb"><div class=3D"h5"><div class=3D"gmail_extra"><br><div class=3D=
"gmail_quote">On Jan 17, 2018 5:10 PM, &quot;Weiwu Zhang via bitcoin-dev&qu=
ot; &lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"=
_blank">bitcoin-dev@lists.<wbr>linuxfoundation.org</a>&gt; wrote:<br type=
=3D"attribution"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8=
ex;border-left:1px #ccc solid;padding-left:1ex">2018-01-09 19:20 GMT+08:00 =
Ronald van der Meer via bitcoin-dev<br>
&lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_bla=
nk">bitcoin-dev@lists.linuxfounda<wbr>tion.org</a>&gt;:<br>
&gt; After reviewing some bitcoin improvement proposals, I noticed that one=
 of the words that can be found on the BIP39 English wordlist is =E2=80=9Cs=
atoshi=E2=80=9D.<br>
&gt; I suggest removing this word from the list so it=E2=80=99s less obviou=
s that it=E2=80=99s a bitcoin seed when found by a malicious third party.<b=
r>
<br>
If a malicious third party discovers a word list that look like a<br>
seed, they would try using it as Bitcoin seed first anyway, with or<br>
without finding the word &#39;satoshi&#39; in it. The security threat is th=
at<br>
a malicious third party may index what they found and test every<br>
occurrence of &#39;satoshi&#39; for a lead to a seed.<br>
<br>
For example, a hard-disk recycling service would add this word to<br>
their salvage tools. Any successfully hacked gmail account will be<br>
&#39;satoshi&#39; tested too.<br>
<br>
So I see this as a reasonable improvement:)<br>
______________________________<wbr>_________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundat<wbr>ion.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
/mailman/listinfo/bitcoin-d<wbr>ev</a><br>
</blockquote></div></div>
</div></div><br>______________________________<wbr>_________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
<wbr>linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
/mailman/listinfo/bitcoin-<wbr>dev</a><br>
<br></blockquote></div><br><br clear=3D"all"><div><br></div>-- <br><div cla=
ss=3D"gmail_signature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr">=
Kind Regards,<div><br></div><div>Jonathan Sterling</div><div>+44 (0)7415 51=
2691</div></div></div>
</div></div></div>

--089e08256c3407a9ae0563077305--