1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
Return-Path: <cryptaxe@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id DFBA2DC3
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 18 Jan 2018 01:14:55 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wr0-f170.google.com (mail-wr0-f170.google.com
[209.85.128.170])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A6539171
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 18 Jan 2018 01:14:53 +0000 (UTC)
Received: by mail-wr0-f170.google.com with SMTP id t16so7228695wrc.10
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 17 Jan 2018 17:14:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc; bh=bNibALtTq+81Iaz1BJjddnVw9YRO8bz2URNVRcEBnhI=;
b=qpKXdu1ZrP9Ul1OPV3tHM1bDF5ZWPvyZyNqIlDew5TQJWLR7SmQARY9+j1311MKA/+
zHjv+8VTqdf8JtSor/jU1lEJ1KFaxV7Yx5+HspNE/RkkO/fGI2AHSEbMx7YGG6QjA64V
v4r5AA48NYB/V+JH2VfqyqCTGlWzyEdYM4hnBS21B7aBSb48f8JucVjiij5j6OtlKVxr
1ml7avfCIX4Jhw4gdPX/sni//yHmoF7P1DZDoP1PCqIMwFDYi92R1qMDpAZDGuqJULUF
aXwrQtlXiHcmaHgodxcBobs3c8Po851BJULbmhSqAAp0V/0i/SjeKEwD1JgpLHBc0VYn
lSWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc;
bh=bNibALtTq+81Iaz1BJjddnVw9YRO8bz2URNVRcEBnhI=;
b=AezHh6YjCeObIHwkZTrvdbZ/5WTkfuQ0Tayj2gQPb5NoVfVZjE5vat7UUHlyAw0L/c
g5oSkVgNDvrH0OgcsJqBbxYG2PXvZrN0WlKMWCXKW6GsWjhRzh/1qRz7RKzBqZi9ktf6
9VPqhorDqdW4coMUecKYWallZ8HtpERAFUgvrSJC3umBP7t+iU49DVHq656Vug/iykSU
D98k1HFqtr61FqmTz5OMEyY4oNgREpEPVwZv8QdU1whWuXcPndCVWC1w3JfSNF0+NPhH
E4LLr6wZHTVCtwhOL3UJwoqBN+6zbhIyzsgBO8eOyljg0ZtmNrBUNfZ82Qffy972pZnG
WSIA==
X-Gm-Message-State: AKwxytd2M0MGlYgS7v+lpqBkVb7fkLZgjUk/y4CKo5JU/E68Ee0++pat
a9HKce1DjBcNR/ymP7YcixSHxFEBLu3rj5g4S7LEiw==
X-Google-Smtp-Source: ACJfBosvjvBNliRlzmkMoICTqbewBDsLXY3zHJvefDC915t+pcgqawIkaSDpIPtXrYkDjwUjmyw1MlbmFz2JJe6h0E8=
X-Received: by 10.223.130.15 with SMTP id 15mr4538293wrb.94.1516238092506;
Wed, 17 Jan 2018 17:14:52 -0800 (PST)
MIME-Version: 1.0
Received: by 10.28.146.67 with HTTP; Wed, 17 Jan 2018 17:14:51 -0800 (PST)
Received: by 10.28.146.67 with HTTP; Wed, 17 Jan 2018 17:14:51 -0800 (PST)
In-Reply-To: <CAEvpD62pd_s17VoGw8B+=3_cmMq2cWneAR0MZ_CT_7DqooBnLQ@mail.gmail.com>
References: <31430A55-57AD-4648-8D6D-DE2A45CC013C@vandermeer.frl>
<CAEvpD62pd_s17VoGw8B+=3_cmMq2cWneAR0MZ_CT_7DqooBnLQ@mail.gmail.com>
From: CryptAxe <cryptaxe@gmail.com>
Date: Wed, 17 Jan 2018 17:14:51 -0800
Message-ID: <CAF5CFkgO4SEBxTH93-L_d=JBgAmDNFTJa-LrnyjcvY-Esop9EA@mail.gmail.com>
To: Weiwu Zhang <a@colourful.land>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="001a114b429ae61bc4056302b0ac"
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Thu, 18 Jan 2018 03:01:20 +0000
Subject: Re: [bitcoin-dev] Suggestion to remove word from BIP39 English
wordlist
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jan 2018 01:14:56 -0000
--001a114b429ae61bc4056302b0ac
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Why wouldn't they just test the frequency of words from the wordlist in
entirety?
On Jan 17, 2018 5:10 PM, "Weiwu Zhang via bitcoin-dev" <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> 2018-01-09 19:20 GMT+08:00 Ronald van der Meer via bitcoin-dev
> <bitcoin-dev@lists.linuxfoundation.org>:
> > After reviewing some bitcoin improvement proposals, I noticed that one
> of the words that can be found on the BIP39 English wordlist is =E2=80=9C=
satoshi=E2=80=9D.
> > I suggest removing this word from the list so it=E2=80=99s less obvious=
that
> it=E2=80=99s a bitcoin seed when found by a malicious third party.
>
> If a malicious third party discovers a word list that look like a
> seed, they would try using it as Bitcoin seed first anyway, with or
> without finding the word 'satoshi' in it. The security threat is that
> a malicious third party may index what they found and test every
> occurrence of 'satoshi' for a lead to a seed.
>
> For example, a hard-disk recycling service would add this word to
> their salvage tools. Any successfully hacked gmail account will be
> 'satoshi' tested too.
>
> So I see this as a reasonable improvement:)
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--001a114b429ae61bc4056302b0ac
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"auto">Why wouldn't they just test the frequency of words fr=
om the wordlist in entirety?</div><div class=3D"gmail_extra"><br><div class=
=3D"gmail_quote">On Jan 17, 2018 5:10 PM, "Weiwu Zhang via bitcoin-dev=
" <<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin=
-dev@lists.linuxfoundation.org</a>> wrote:<br type=3D"attribution"><bloc=
kquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #cc=
c solid;padding-left:1ex">2018-01-09 19:20 GMT+08:00 Ronald van der Meer vi=
a bitcoin-dev<br>
<<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@li=
sts.<wbr>linuxfoundation.org</a>>:<br>
> After reviewing some bitcoin improvement proposals, I noticed that one=
of the words that can be found on the BIP39 English wordlist is =E2=80=9Cs=
atoshi=E2=80=9D.<br>
> I suggest removing this word from the list so it=E2=80=99s less obviou=
s that it=E2=80=99s a bitcoin seed when found by a malicious third party.<b=
r>
<br>
If a malicious third party discovers a word list that look like a<br>
seed, they would try using it as Bitcoin seed first anyway, with or<br>
without finding the word 'satoshi' in it. The security threat is th=
at<br>
a malicious third party may index what they found and test every<br>
occurrence of 'satoshi' for a lead to a seed.<br>
<br>
For example, a hard-disk recycling service would add this word to<br>
their salvage tools. Any successfully hacked gmail account will be<br>
'satoshi' tested too.<br>
<br>
So I see this as a reasonable improvement:)<br>
______________________________<wbr>_________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
<wbr>linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
/mailman/listinfo/bitcoin-<wbr>dev</a><br>
</blockquote></div></div>
--001a114b429ae61bc4056302b0ac--
|
