1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
Return-Path: <keatonatron@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 6BF8ABA0
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 2 Jan 2019 18:06:37 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com
[209.85.128.41])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D3B42701
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 2 Jan 2019 18:06:36 +0000 (UTC)
Received: by mail-wm1-f41.google.com with SMTP id p6so28295444wmc.1
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 02 Jan 2019 10:06:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
bh=weKyElmg5YhFQSwmxBrW9HJwy3GFux4h7QHtTqLdgGo=;
b=rtI6h2xk070W2V13yaMGQqMvR4Irge9mN4fmHIFkXEpTABzQqnz0MWLnzYO/w6GprK
e97bhTfibwk5nDbDJF/Rgm9rPtUYe8UygvxxUWMGANkbXzC+muX+U/G5sd8QEARBkWTG
BEj1JbfYfHwe7av/xta4Vt67emajW3NwSY5uyeEXBsFX3jweA7HKOKcsheib30M344ry
8Usm5y/liM5OFxeFMwA9r28U+facz/N3XsdxPZS7aCN7N+wAkjTpP4cVJdeZpHkeYshP
y2E9bUpdtP/sk4Shg9xJDXHK8gzO56xfYRx8uu6IkcABpqWxe5WdaK6gOzp6dbBw0Crf
SA2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to;
bh=weKyElmg5YhFQSwmxBrW9HJwy3GFux4h7QHtTqLdgGo=;
b=noDjsrPvslmpS3NirFsSB8a8KhJWLm2VjFJYbAkdQ0pfKHQogngaUkLCopYy3V+1ad
ASsq9N6B1174Sm/oOJ68AW9gaDY9nX2CFD1LJD0TI2azm+NSAogyBWBYRFMpn7ctNQfO
9vl7YBzabxsH60xKKwC3lZ19rLlQTAhQHrNfHfBw6M1/zmr/biOrc681+b6eQGYKlk3Q
V7Pd+SQ/E6ge1VOkLyWDgnVUlbbhx9NeTg+q8W9R5mj+Ktk34bJ7uTodCCNrgcGUSsOe
y9OrznXmO1viiyOZpPB1GYuUedGhetQERI0D92K4hArl+wEq6u+Wok2aAHA40iyiECeZ
//4g==
X-Gm-Message-State: AJcUukdBewLLszuhjC3dGp4/wlkVYb/GnVm7EaM41YLPgaWb2V9qo4q+
CUEKRzJUHZlaUPF0NGtIAsZb+fa+7np513xamtU=
X-Google-Smtp-Source: ALg8bN7/MG0VKOGvb0nfQGQx+tQ+k3ZF7xp6KffhfYbVb3tHGe1p8RPM5Xf0wK/d8HE+sRTnf6h4MI87rpxliC60qYs=
X-Received: by 2002:a1c:578e:: with SMTP id
l136mr23208298wmb.124.1546452395280;
Wed, 02 Jan 2019 10:06:35 -0800 (PST)
MIME-Version: 1.0
References: <68330522-7e7c-c3b4-99a9-1c68ddb56f23@gmail.com>
<f2d73a92-e1c5-9072-e255-fa012a9f9d1b@satoshilabs.com>
<db184306-7ec0-322e-5637-7889b51f50bf@gmail.com>
<CAH+Axy6dKDOkE6cQYZUusTUxxOSwWchOWxYh6ZkhnOgXuELaYg@mail.gmail.com>
<743fb106-977e-1f34-47af-9fb3b8621e72@gmail.com>
<CAH+Axy7v=26P8=CJPUqymKOcromGz+zYZ2cb2KaASgXNPpE2tQ@mail.gmail.com>
<c91cd61b-3ec5-6c7a-c7e3-7ceb48539625@gmail.com>
<CALPhJawf98+uqZXQRGH3Tjo1CnZJfE+CMw9J2ZqiHHmwDSdugQ@mail.gmail.com>
In-Reply-To: <CALPhJawf98+uqZXQRGH3Tjo1CnZJfE+CMw9J2ZqiHHmwDSdugQ@mail.gmail.com>
From: James MacWhyte <macwhyte@gmail.com>
Date: Wed, 2 Jan 2019 18:06:08 +0000
Message-ID: <CAH+Axy72BTi8+yiUnbrr_Fd8XDf0g6eygOT-6OHRZ8En7W3qbA@mail.gmail.com>
To: thealanevans@gmail.com,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="000000000000aecebe057e7d812e"
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Thu, 03 Jan 2019 02:44:10 +0000
Subject: Re: [bitcoin-dev] BIP39 seeds
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jan 2019 18:06:37 -0000
--000000000000aecebe057e7d812e
Content-Type: text/plain; charset="UTF-8"
On Wed, Jan 2, 2019 at 3:40 AM Alan Evans via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> I think any method that doesn't use real entropy, but some fake source of
> randomness, such as a book is asking to be hacked and so is not a
> reasonable idea.
>
> If an algorithm for book text to BIP39 sentence ever became well used,
> common books will be systematically searched for accounts. People will also
> choose their favourite passages, so I would expect to see collisions.
>
>
I tend to have this conversation a lot ;) I'm not sure what Aymeric has in
mind, but my suggestions are for use by the small few who properly
understand how these things work. I am not suggesting blockchain.info
require every user to choose a book passage to use as their backup phrase!
There are so many small things that could be done to make a text input
unique. Choose the X number of words from the start of the Nth sentence.
Replace all punctuation with exclamation points. Combine two sentences from
different pages. It would be nigh impossible to brute force any of these,
and would require hints/instructions from the owner to recover.
But I admit if this is not intended for standardization, discussing it on
this mailing list is probably unwarranted.
--000000000000aecebe057e7d812e
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_quote"><div dir=3D"ltr">On Wed, Jan 2,=
2019 at 3:40 AM Alan Evans via bitcoin-dev <<a href=3D"mailto:bitcoin-d=
ev@lists.linuxfoundation.org">bitcoin-dev@lists.linuxfoundation.org</a>>=
wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px =
0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=
=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div><br></div><div>I think any =
method that doesn't use real entropy, but some fake source of randomnes=
s, such as a book is asking to be hacked and so is not a reasonable idea.</=
div><div><br></div><div>If an algorithm for book text to BIP39 sentence=C2=
=A0ever became well used, common books will be systematically searched for =
accounts. People will also choose their favourite passages, so I would expe=
ct to see collisions.</div><div><br></div></div></div></div></blockquote><d=
iv><br></div><div>I tend to have this conversation a lot ;) I'm not sur=
e what Aymeric has in mind, but my suggestions are for use by the small few=
who properly understand how these things work. I am not suggesting <a href=
=3D"http://blockchain.info">blockchain.info</a> require every user to choos=
e a book passage to use as their backup phrase!</div><div><br></div><div>Th=
ere are so many small things that could be done to make a text input unique=
. Choose the X number of words from the start of the Nth sentence. Replace =
all punctuation with exclamation points. Combine two sentences from differe=
nt pages. It would be nigh impossible to brute force any of these, and woul=
d require hints/instructions from the owner to recover.</div><div><br></div=
><div>But I admit if this is not intended for standardization, discussing i=
t on this mailing list is probably unwarranted.</div></div></div>
--000000000000aecebe057e7d812e--
|
