1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
|
Return-Path: <zachgrw@gmail.com>
Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])
by lists.linuxfoundation.org (Postfix) with ESMTP id E2A08C002D
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 9 Jul 2022 20:31:35 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp4.osuosl.org (Postfix) with ESMTP id AEC7F41B79
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 9 Jul 2022 20:31:35 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org AEC7F41B79
Authentication-Results: smtp4.osuosl.org;
dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
header.a=rsa-sha256 header.s=20210112 header.b=ZSel6gYe
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from smtp4.osuosl.org ([127.0.0.1])
by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id WRS_oIxeYCxJ
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 9 Jul 2022 20:31:34 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 5F96C41B5C
Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com
[IPv6:2607:f8b0:4864:20::d2c])
by smtp4.osuosl.org (Postfix) with ESMTPS id 5F96C41B5C
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 9 Jul 2022 20:31:34 +0000 (UTC)
Received: by mail-io1-xd2c.google.com with SMTP id h200so1819836iof.9
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 09 Jul 2022 13:31:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
bh=gAFMxqfOl/wSvUZM1jaJbwREpkveD2lGfV2e8627BW4=;
b=ZSel6gYenBQOtKxtQckUdM6jF7FB66w+2l6gTM/wW58Xn3HdjIDDGyyaRz9Dh/4SUf
A8oDZmAqR1rVY3AkpTlF6bNSmGDt0LSrek0k72HihWqbQXqoNo7noy648mSgs51cGi9l
oshXGBemloSZVZY7DDKqRghbz7LpYflPzuFZx10J4U+f4QzUyWa/YIIgcz6w8Rfg6YOT
G8gAB0lYKe9kJLePL6dSJQcUIyII7G9swivBQE66Rkk3w8P3cLJ1yiuycQ48GPEivj44
sMzTrgjsMVR2ajunZpfKSGm+0xHTBfloaeRLng55bkagca549AnHiUPwlXTQpt9Ys93c
ohJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to;
bh=gAFMxqfOl/wSvUZM1jaJbwREpkveD2lGfV2e8627BW4=;
b=dJq5V4eyGgiLbcatncr6HDbd2v/toR1wSf544fOoPXm4u8u6Nb5cszC3n+e+CD6jkl
G0HtdwPYRxeUHjb9LcdKDuZCV1BQZ5LbkxLfLagOS4NKifxEtSWg1hbVpYYqI+PVo1Kj
QjQBdjfS/m60sjU5myWUZ+48r0eBRvddt6iEZs2IABPSMpjL8mUIU6UQTqEz45tfHP2p
vGkO++Dkt2THqoSpxK4Ekz5AIpbJ6L+wq9oyMIJ0vl3Tb92mSkkgNygXyvRyQdMa7GuZ
2uYv/4dzMt9gx8FuLjkCoEvhr/OOaeYl1tA8OFHk/t0iCZ5+EWVV6W5YfJSZ5h0JD2Wd
3xkw==
X-Gm-Message-State: AJIora98grmp8BgGl1Fny9AYSOMhSX9jQyf7txk1dx7R/tXH1Q8GCFRM
ZvbUbuuLla2JMsaOSaHIqn4K9yyGRPIbwIdvRNR1n2Gk
X-Google-Smtp-Source: AGRyM1vcrmT25iyj8D3LUfxS0z8I5qpXeApqS4C4pGhDL75gsTQiR2v3wSIn7iKl5ylES4jjGVzMyP46nMvVUWWP2pY=
X-Received: by 2002:a02:a890:0:b0:33f:22b8:cb0b with SMTP id
l16-20020a02a890000000b0033f22b8cb0bmr6285275jam.136.1657398693424; Sat, 09
Jul 2022 13:31:33 -0700 (PDT)
MIME-Version: 1.0
References: <3D3BFE9C-CFF3-49FF-840F-063B52C69A42@voskuil.org>
<164256450-0ee6752f92c0be297952fc72b59076df@pmq5v.m5r2.onet>
<CA+XQW1iKVRmEnyP-CGM2Fo4qHi3SQHUfjEmKftDdju-uxHViJg@mail.gmail.com>
<CAH+Axy4X+uQG5Vw0Efiz6AtNyK=++h-jDeZL1ZxpVJus8BVKeA@mail.gmail.com>
In-Reply-To: <CAH+Axy4X+uQG5Vw0Efiz6AtNyK=++h-jDeZL1ZxpVJus8BVKeA@mail.gmail.com>
From: Zac Greenwood <zachgrw@gmail.com>
Date: Sat, 9 Jul 2022 22:31:22 +0200
Message-ID: <CAJ4-pEA7WJpbExcsgdPWVNuZLrbDDhVYr37g6_6NSf7t41eB4w@mail.gmail.com>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>,
James MacWhyte <macwhyte@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000005f76c105e3653451"
X-Mailman-Approved-At: Sat, 09 Jul 2022 21:26:46 +0000
Subject: Re: [bitcoin-dev] No Order Mnemonic
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Jul 2022 20:31:36 -0000
--0000000000005f76c105e3653451
Content-Type: text/plain; charset="UTF-8"
Sorting a seed alphabetically reduces entropy by ~29 bits.
A 12-word seed has (12, 12) permutations or 479 million, which is ln(469m)
/ ln(2) ~= 29 bits of entropy. Sorting removes this entropy entirely,
reducing the seed entropy from 128 to 99 bits.
Zac
On Fri, 8 Jul 2022 at 16:09, James MacWhyte via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> What do you do if the "first" word (of 12), happens to be the last word in
>> the list alphabetically?
>>
>
> That couldn't happen. If one word is the very last from the wordlist, it
> would end up at the end of your mnemonic once you rearrange your 12 words
> alphabetically.
>
> However!
>
> (@vjudeu) Choosing 11 random words and then sorting them alphabetically
> before assigning a checksum would reduce entropy considerably. If you think
> about it, to bruteforce the entire keyspace one would only need to come up
> with every possible combination of 11 words + 1 checksum. I'm not the best
> at napkin math, but I think that leaves you with around 10 trillion
> combinations, which would only take a couple months to exhaust with
> hardware that can do 1 million guesses per second.
>
>
> James
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--0000000000005f76c105e3653451
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"auto">Sorting a seed alphabetically reduces entropy by ~29 bits=
.</div><div dir=3D"auto"><br></div><div dir=3D"auto">A 12-word seed has (12=
, 12) permutations or 479 million, which is ln(469m) / ln(2) ~=3D 29 bits o=
f entropy. Sorting removes this entropy entirely, reducing the seed entropy=
from 128 to 99 bits.</div><div dir=3D"auto"><br></div><div dir=3D"auto">Za=
c</div><div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_=
attr"><br></div><div dir=3D"ltr" class=3D"gmail_attr">On Fri, 8 Jul 2022 at=
16:09, James MacWhyte via bitcoin-dev <<a href=3D"mailto:bitcoin-dev@li=
sts.linuxfoundation.org">bitcoin-dev@lists.linuxfoundation.org</a>> wrot=
e:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0=
.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-=
left-color:rgb(204,204,204)"><div dir=3D"ltr"><div dir=3D"ltr"><br></div><d=
iv class=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"margin:=
0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-lef=
t:1ex;border-left-color:rgb(204,204,204)"><div dir=3D"auto">What do you do =
if the "first" word (of 12), happens to be the last word in the l=
ist alphabetically?</div></blockquote><div><br></div><div>That couldn't=
happen. If one word is the very last from the wordlist, it would end up at=
the end of your mnemonic=C2=A0once you rearrange your 12 words alphabetica=
lly.<br><br>However!=C2=A0</div><div><br>(@vjudeu) Choosing 11 random words=
and then sorting them alphabetically before assigning=C2=A0a checksum woul=
d reduce entropy considerably. If you think about it, to bruteforce the ent=
ire keyspace one would only need to come up with every possible combination=
of 11 words=C2=A0+ 1 checksum. I'm not the best at napkin math, but I =
think that leaves you with around=C2=A010 trillion combinations, which woul=
d only take a couple months to exhaust with hardware that can do 1 million =
guesses per second.</div></div></div><div dir=3D"ltr"><div class=3D"gmail_q=
uote"><div><br></div><div><br></div><div>James</div></div></div>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div></div>
--0000000000005f76c105e3653451--
|
