1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <harro84@yahoo.com.au>) id 1YVw8S-0007EH-LS
for bitcoin-development@lists.sourceforge.net;
Thu, 12 Mar 2015 05:58:20 +0000
Received: from nm40-vm6.bullet.mail.bf1.yahoo.com ([72.30.239.214])
by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1YVw8Q-0003MB-LW
for bitcoin-development@lists.sourceforge.net;
Thu, 12 Mar 2015 05:58:20 +0000
Received: from [98.139.214.32] by nm40.bullet.mail.bf1.yahoo.com with NNFMP;
12 Mar 2015 05:58:13 -0000
Received: from [98.139.215.253] by tm15.bullet.mail.bf1.yahoo.com with NNFMP;
12 Mar 2015 05:58:13 -0000
Received: from [127.0.0.1] by omp1066.mail.bf1.yahoo.com with NNFMP;
12 Mar 2015 05:58:13 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 327541.92453.bm@omp1066.mail.bf1.yahoo.com
X-YMail-OSG: DdphZO0VM1kAYZE0FkPCZe7tmaJZthN.fthT0Q7srVEeYf6f0cLXSoGbuMyKClA
w2RkPwLA7NVaZiHje_E60QdHuYKCHQ07n85Aise_a5JtAgzd43nXBn2DcUT54qzIjlN.gDtYAygC
IZA0ed_KO1KH88.PEI27NoyHomNEZvKg4H20dJ7yzmB7ON4.j4UXZ40EdbNW04tN2jLtXr1izb1D
vSY7uTFBtY7C4JVe8IM_IkVQjxVU5tWLk2MKBFwl8mceMkmYNPK.Zo0Iq8NM5fcZ7PcgPA5e8JMc
l6FqzM_JEs5hQs3IJQ1delrDl_92kCBArHVC65glWvRd.pUB8qcN9npYE3jsj9YZ4GnCsIBKKLuX
x7OOVlI2bb8MtwN_KlIF3D.4f36vf_GqRuVwDGiEMwVI8lqj1ySS9GmCgpbmTIj9KfnBJOkUKG0r
qHYHxN3WVcxSVMJoRZQ.PnHwB6d63l_sGTxcvVd_3qNa9I_xKVoTrFs0glpT1cuFrIaPnT6LEDez
dLhVa546SRCsWAyYppwNIuNKN4fJKiwUDfYd6ALO4mOwwtxomqt3UbF6H_b4ALIOcDgOclLdxcw3
fXt3G9t8_sw--
Received: by 76.13.26.64; Thu, 12 Mar 2015 05:58:12 +0000
Date: Thu, 12 Mar 2015 05:58:12 +0000 (UTC)
From: Thy Shizzle <thashiznets@yahoo.com.au>
To: "voisine@gmail.com" <voisine@gmail.com>
Message-ID: <1511245342.4538047.1426139892373.JavaMail.yahoo@mail.yahoo.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_4538046_1837632964.1426139892370"
X-Spam-Score: 1.2 (+)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(harro84[at]yahoo.com.au)
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit (harro84[at]yahoo.com.au)
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
no trust [72.30.239.214 listed in list.dnswl.org]
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.0 AWL AWL: Adjusted score from AWL reputation of From: address
X-Headers-End: 1YVw8Q-0003MB-LW
Cc: "bitcoin-development@lists.sourceforge.net"
<bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Electrum 2.0 has been tagged
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Thy Shizzle <thashiznets@yahoo.com.au>
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Thu, 12 Mar 2015 05:58:20 -0000
------=_Part_4538046_1837632964.1426139892370
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
=C2=A0 Why on earth would you want to derive the mnemonic from the wallet s=
eed? Ever?
Remembering that as an attacker doesn't actually have to do any key stretch=
ing, they can just keep trying (what is it 64 bytes from memory?) at a time=
without any PBKDF2 to attack a seed, it seems that the PBKDF2 is just to s=
low down anyone attempting to attack through an interface such as a web ser=
vice or to a TREZOR or whatever, in a real world attack you would not even =
be performing PBKDF2 you would just brute force the raw bytes and=C2=A0forc=
e them into the BIP32 wallet=C2=A0as there is no Authentication scheme that=
hashes and compares against the result. It purely limits abuse through an =
online wallet provider or something like that by slowing down seed generati=
on attempts THROUGH that API, it doesn't really add any security to the see=
d in a real world brute force attack! So yea I think the 2048 iteration cou=
nt is sufficient for it's purpose because even if it only forces an extra 1=
ms per seed generation through the API, it is still slower than just brute =
forcing the 64 bytes straight up, and so they would have no reason to abuse=
your API that is all :)
"meh... the fact that you can't derive the seed phrase from the wallet seed=
, and that the password key stretching is so weak as to be ineffectual secu=
rity theater bugs me. Feels like a pretty big compromise to work on current=
generation low power embedded devices when the next generation will be mor=
e than capable. But I understand the motivation for the compromise.
Aaron Voisine
co-founder and CEO
breadwallet.com"
------=_Part_4538046_1837632964.1426139892370
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<html><body><div style=3D"color:#000; background-color:#fff; font-family:He=
lvetica Neue-Light, Helvetica Neue Light, Helvetica Neue, Helvetica, Arial,=
Lucida Grande, Sans-Serif;font-size:16px"><div id=3D"yiv7197762186"><div i=
d=3D"yui_3_16_0_1_1426122660566_43474" style=3D"color: rgb(0, 0, 0); font-f=
amily: Helvetica Neue-Light, Helvetica Neue Light, Helvetica Neue, Helvetic=
a, Arial, Lucida Grande, Sans-Serif; font-size: 16px; background-color: rgb=
(255, 255, 255);"> <div id=3D"yiv7197762186yui_3_16_0_1_1426122660566=
_40948" style=3D"color: rgb(0, 0, 0); font-family: Helvetica Neue-Light, He=
lvetica Neue Light, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-S=
erif; font-size: 16px; background-color: rgb(255, 255, 255);"><div id=3D"yi=
v7197762186yui_3_16_0_1_1426122660566_38088" dir=3D"ltr">Why on earth would=
you want to derive the mnemonic from the wallet seed? Ever?</div><div id=
=3D"yiv7197762186yui_3_16_0_1_1426122660566_38110" dir=3D"ltr"><br></div><d=
iv id=3D"yiv7197762186yui_3_16_0_1_1426122660566_38109" dir=3D"ltr">Remembe=
ring that as an attacker doesn't actually have to do any key stretching, th=
ey can just keep trying (what is it 64 bytes from memory?) at a time withou=
t any PBKDF2 to attack a seed, it seems that the PBKDF2 is just to slow dow=
n anyone attempting to attack through an interface such as a web service or=
to a TREZOR or whatever, in a real world attack you would not even be perf=
orming PBKDF2 you would just brute force the raw bytes and force them =
into the BIP32 wallet as there is no Authentication scheme that hashes=
and compares against the result. It purely limits abuse through an online =
wallet provider or something like that by slowing down seed generation atte=
mpts THROUGH that API, it doesn't really add any security to the seed in a =
real world brute force attack! So yea I think the 2048 iteration count is s=
ufficient for it's purpose because even if it only forces an extra 1ms per =
seed generation through the API, it is still slower than just brute forcing=
the 64 bytes straight up, and so they would have no reason to abuse your A=
PI that is all :)</div><div id=3D"yiv7197762186yui_3_16_0_1_1426122660566_3=
8087" dir=3D"ltr"><br>"meh... the fact that you can't derive the seed phras=
e from the wallet seed, and that the password key stretching is so weak as =
to be ineffectual security theater bugs me. Feels like a pretty big comprom=
ise to work on current generation low power embedded devices when the next =
generation will be more than capable. But I understand the motivation for t=
he compromise.<br><br>Aaron Voisine<br>co-founder and CEO<br><a tabindex=3D=
"-1" id=3D"yiv7197762186yui_3_16_0_1_1426122660566_38019" href=3D"http://br=
eadwallet.com/" target=3D"_blank" rel=3D"nofollow"><font id=3D"yiv719776218=
6yui_3_16_0_1_1426122660566_38018" color=3D"#0066cc">breadwallet.com</font>=
</a>"</div></div></div></div></div></body></html>
------=_Part_4538046_1837632964.1426139892370--
|
