Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id BA1E8A7A for ; Tue, 25 Dec 2018 00:30:59 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com [209.85.221.51]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3F3F234F for ; Tue, 25 Dec 2018 00:30:55 +0000 (UTC) Received: by mail-wr1-f51.google.com with SMTP id c14so12738123wrr.0 for ; Mon, 24 Dec 2018 16:30:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=ktsIx73RvoWyqshTIIrVgPg9ZTgKcjYfUC4E+l4f7wo=; b=vU4ppj8MiNRv3lv6TZ1YRVa8i567OmPZ/8fPN3a7nxTil55JnB+uY07RiMouXJ6idj qmFVBHm73F5KVX+HkVr6pQEuOrj1D151Jz1SX3jlK1bB+hSRT+i+dBeylvBqVcXyMmPv twV9Exk3CJOcw/GEpe/NwegEDjFoNy3xaTBkXKCnqd7/KaM2B/eimtpOiY2Wz8oWC2y5 qkJDhwUmUemPkwFBYECD4rienyNpXhPEhImAPYQfV4EEalJVKw/iLHTRQ7CtDnFQ/o/d lOMXL+T/cO6k0KbfEJCMb7dw2kwB7MljN+n9kMvwv05/TcqH8lZtJkuQmQwtHGrC4CTM 6GZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=ktsIx73RvoWyqshTIIrVgPg9ZTgKcjYfUC4E+l4f7wo=; b=FITVmv/s9TIIoyaursfyUGra/IPncrDetoaFJ9MthTkQHdmakN1yoNeraxWxIP8l0u aMs+Jt+c7Lsb5JdJVEH4Xo7I6JinMWn8d4Ncxx6YtffaMXDkkU+y+TKcNY5YP//kDEse rZfwwKK90AEQP3DX7EffGtAXrQqIufIusVWU+g1y7Xqt9l6ZExeun5HaseyOLue+GflA 2ZmmJ4sDU2KkZXD+L0A/pDHqxcy6Lt7bEuiUGiO5o14D58Jm9L2RawU55IjyAEhe5G26 G+qzn2pf7Ij22xdbDA0AlJsrMO/IqOPLmH3cBuGd2Ow881zL9BaIwlOzhTuZyZRpjIWM mv5A== X-Gm-Message-State: AJcUukfQu551Z3GEv0D/lF45OlkLlB3r81qyoZq0cWYPzaGmPWxUru4g URDgQWRKC0XRam9A3qshBmsNzTa8D0Z9WW7EtsY= X-Google-Smtp-Source: ALg8bN79W1bcjkjSUBY0xI4pXaHyhW4vbHuoigMAN6JiSd8hjCq6ioNe24gOfYcgxywEFcCwIHjSIIoOuYTfcxOGJdc= X-Received: by 2002:a5d:5089:: with SMTP id a9mr13610980wrt.327.1545697853552; Mon, 24 Dec 2018 16:30:53 -0800 (PST) MIME-Version: 1.0 References: <68330522-7e7c-c3b4-99a9-1c68ddb56f23@gmail.com> In-Reply-To: From: James MacWhyte Date: Tue, 25 Dec 2018 00:30:26 +0000 Message-ID: To: vitteaymeric@gmail.com, Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="0000000000007dbdb1057dcdd32e" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Tue, 25 Dec 2018 04:23:07 +0000 Subject: Re: [bitcoin-dev] BIP39 seeds X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Dec 2018 00:30:59 -0000 --0000000000007dbdb1057dcdd32e Content-Type: text/plain; charset="UTF-8" On Mon, Dec 24, 2018 at 2:48 PM Aymeric Vitte via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > > I don't see very well why it's easier to write n words that you cannot > choose rather than a 32B BIP32 hex seed, and I have seen many people > completely lost with their wallets because of this > In practice it has quite a few qualities that make it a bit more resilient for physical (written) storage. If a few letters of a word get rubbed off or otherwise become illegible, it is pretty easy for a native speaker to figure out what the word is supposed to be. Even a non-native speaker could look through the word list and figure out which word fits. Missing characters in a hex string require more advanced brute force searching, which the average user isn't capable of. Additionally, having the bits grouped into words makes a more serious recovery easier. If you lose one entire word, it can be brute forced in about 5 minutes on a normal pc, even if you don't know which position the missing word is in (I have published a tool that does just this: https://jmacwhyte.github.io/recovery-phrase-recovery). If you are missing two words, you can brute force it in about a week (napkin math). If you were missing a random chunk of a hex string, I don't know how you'd go about brute forcing that in a timely manner. As an aside, from a UX standpoint we've seen that the 12 words don't *look* important so people don't take them seriously (and they get lost). A hex string or equivalent would look more password-y, and therefore would most likely be better protected by users. James --0000000000007dbdb1057dcdd32e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Mon, Dec 24, 2018 at 2:48 PM Aymeric Vitte via bit= coin-dev <bitco= in-dev@lists.linuxfoundation.org> wrote:

I don't see very well why it's= easier to write n words that you cannot choose rather than a 32B BIP32 hex= seed, and I have seen many people completely lost with their wallets becau= se of this

In practice it has quite a f= ew qualities that make it a bit more resilient for physical (written) stora= ge.

If a few letters of a word get rubbed off or o= therwise become illegible, it is pretty easy for a native speaker to figure= out what the word is supposed to be. Even a non-native speaker could look = through the word list and figure out which word fits. Missing characters in= a hex string require more advanced brute force searching, which the averag= e user isn't capable of.

Additionally, having = the bits grouped into words makes a more serious recovery easier. If you lo= se one entire word, it can be brute forced in about 5 minutes on a normal p= c, even if you don't know which position the missing word is in (I have= published a tool that does just this:=C2=A0https://jmacwhyte.github.io/recovery-phra= se-recovery). If you are missing two words, you can brute force it in a= bout a week (napkin math).

If you were missing a random chunk of a h= ex string, I don't know how you'd go about brute forcing that in a = timely manner.

As an aside, from a UX standpoint w= e've seen that the 12 words don't *look* important so people don= 9;t take them seriously (and they get lost). A hex string or equivalent wou= ld look more password-y, and therefore would most likely be better protecte= d by users.

James
--0000000000007dbdb1057dcdd32e--