summaryrefslogtreecommitdiff
path: root/9d/9539387b959ed88cbd952a10a3f2ec9f9761e1
blob: 9928fd7f8c3141e5d8a510fbe106f815094b9697 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
	helo=mx.sourceforge.net)
	by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <will.yager@gmail.com>) id 1WNnSk-0007Sy-Ma
	for bitcoin-development@lists.sourceforge.net;
	Wed, 12 Mar 2014 18:01:06 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.216.50 as permitted sender)
	client-ip=209.85.216.50; envelope-from=will.yager@gmail.com;
	helo=mail-qa0-f50.google.com; 
Received: from mail-qa0-f50.google.com ([209.85.216.50])
	by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1WNnSi-00088Q-CB
	for bitcoin-development@lists.sourceforge.net;
	Wed, 12 Mar 2014 18:01:06 +0000
Received: by mail-qa0-f50.google.com with SMTP id o15so10239568qap.37
	for <bitcoin-development@lists.sourceforge.net>;
	Wed, 12 Mar 2014 11:00:58 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.224.160.83 with SMTP id m19mr56674310qax.21.1394647258825;
	Wed, 12 Mar 2014 11:00:58 -0700 (PDT)
Received: by 10.140.31.135 with HTTP; Wed, 12 Mar 2014 11:00:58 -0700 (PDT)
In-Reply-To: <CAKm8k+3bbhN=Kf2thvtakA7EGcTHDn1ssQm-+Fwf3hAAQmndTQ@mail.gmail.com>
References: <CANEZrP37a=EH+1P47opH0E-1TG9ozgw_1NzecJpRRJsMaZRLOw@mail.gmail.com>
	<81f77484-3ca9-40a7-a999-884260b26be5@me.com>
	<CAAS2fgSyegH8y1dYcijCSPLsC54mxeSNsN+3FQVDo5R9tWwAwQ@mail.gmail.com>
	<BF62F0D0-1D13-4F19-A8F6-F588F3060A64@me.com>
	<682B9F30-7DDC-4A9D-886E-5454D5F45665@me.com>
	<A6F382CD-01F7-47DF-84F4-20F81BB64259@me.com>
	<53205D1E.1000100@gk2.sk>
	<E3C05DB6-D182-43B1-A6F6-128734D933F9@me.com>
	<53208356.7010209@gk2.sk>
	<CAKm8k+3bbhN=Kf2thvtakA7EGcTHDn1ssQm-+Fwf3hAAQmndTQ@mail.gmail.com>
Date: Wed, 12 Mar 2014 13:00:58 -0500
Message-ID: <CAG8oi1OURpch-FBAgDcO-W-JxOaTk7CE98VtM+kuheXZk5rfTw@mail.gmail.com>
From: William Yager <will.yager@gmail.com>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Content-Type: multipart/alternative; boundary=047d7bacb2aa73067904f46c9e50
X-Spam-Score: 0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(will.yager[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	1.2 MISSING_HEADERS        Missing To: header
	1.0 HTML_MESSAGE           BODY: HTML included in message
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WNnSi-00088Q-CB
Subject: Re: [Bitcoin-development] [RFC] Proposal: Base58 encoded HD Wallet
 root key with optional encryption
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 12 Mar 2014 18:01:06 -0000

--047d7bacb2aa73067904f46c9e50
Content-Type: text/plain; charset=ISO-8859-1

This spec offers a lot of benefits over BIP 0038:

* Multiple KDFs (I think the chosen list is reasonable and fits all
required use cases)
* Multiple seed lengths
* Explicit BIP 0032 support
* Creation date field
* Plausible deniability (via the multiple-password mechanism)

I don't think it makes any sense to compare this to BIP 0039. BIP 0039 is
for key import/export, but it doesn't deal with anything like encryption,
wallet creation date, etc. The use cases are completely different.

I don't think we should let BIP 0039 (which is perfectly good for its
intended use case) hold us back from improving on BIP 0038 (which is also
good, but could use some changes).

Will




On Wed, Mar 12, 2014 at 11:49 AM, Gary Rowe <g.rowe@froot.co.uk> wrote:

> Jean-Paul, it may be worth noting that the BIP39 word list is integrated
> into Bitcoinj so will likely become the de facto standard for Android,
> Trezor web and several desktop wallets. Anyone deviating from that word
> list would likely find themselves in an isolated pocket.
>
> Regarding the timestamp, MultiBit HD uses a simple timestamp of "number of
> days since midnight of Bitcoin genesis block in UTC with modulo 97 checksum
> appended". Thus a new seed generated on 27 January 2014 would have
> "1850/01" as its checksum. When creating a new wallet the users are tested
> that they have written the timestamp down along with the associated
> 12/18/24 words.
>
> Modulo 97 was chosen since it catches about 99% of errors.
>
>
> On 12 March 2014 15:55, Pavol Rusnak <stick@gk2.sk> wrote:
>
>> On 03/12/2014 04:45 PM, Jean-Paul Kogelman wrote:
>> > Yes I am. There are some differences between BIP 39 and my proposal
>> though.
>> >
>> > - BIP 39 offers an easy list of words, no gnarly string of case
>> sensitive letters and numbers.
>>
>> Which is better IMO. I can't imagine anyone writing down a long Base58
>> encoded string.
>>
>> > - BIP 39 only offers one fixed length of entropy, always 12 words, no
>> option to increase or decrease the length.
>>
>> Not true, BIP39 supports 12/18/24 words (= 128/192/256 bits of entropy).
>>
>> > - BIP 39 doesn't have a genesis date field, so no optimization during
>> blockchain rescan.
>>
>> This is nice addition, indeed. But we needed to limit the data as
>> possible in order not to increase the number of words needed to be noted
>> down.
>>
>> > - BIP 39 doesn't have password typo detection. No easy way to recover a
>> password if you know most of it.
>>
>> It has a detection. Not correction though.
>>
>> > - BIP 39 does not have a user selectable KDF, only 2048 round
>> PBKDF2-HMAC-SHA512.
>> > - BIP 39 can't outsource the KDF computation to a 3rd party.
>>
>> True, but having one or two solid options are better than having
>> gazillions of possible options.
>>
>> > - BIP 39 wallet implementors can use their own word lists, breaking
>> cross wallet compatibility.
>>
>> True, but they are encouraged to use the list provided. Possibility to
>> outsource KDF outside of your "standard" breaks much more compatibility
>> than this.
>>
>> --
>> Best Regards / S pozdravom,
>>
>> Pavol Rusnak <stick@gk2.sk>
>>
>>
>> ------------------------------------------------------------------------------
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/13534_NeoTech
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/13534_NeoTech
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>

--047d7bacb2aa73067904f46c9e50
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">This spec offers a lot of benefits over BIP 0038:<div><br>=
</div><div>&bull; Multiple KDFs (I think the chosen list is reasonable and =
fits all required use cases)</div><div>&bull; Multiple seed lengths</div><d=
iv>&bull; Explicit BIP 0032 support</div>
<div>&bull; Creation date field</div><div>&bull; Plausible deniability (via=
 the multiple-password mechanism)</div><div><br></div><div>I don&#39;t thin=
k it makes any sense to compare this to BIP 0039. BIP 0039 is for key impor=
t/export, but it doesn&#39;t deal with anything like encryption, wallet cre=
ation date, etc. The use cases are completely different.&nbsp;</div>
<div><br></div><div>I don&#39;t think we should let BIP 0039 (which is perf=
ectly good for its intended use case) hold us back from improving on BIP 00=
38 (which is also good, but could use some changes).</div><div><br></div>
<div>Will</div><div><br></div><div>&nbsp;</div></div><div class=3D"gmail_ex=
tra"><br><br><div class=3D"gmail_quote">On Wed, Mar 12, 2014 at 11:49 AM, G=
ary Rowe <span dir=3D"ltr">&lt;<a href=3D"mailto:g.rowe@froot.co.uk" target=
=3D"_blank">g.rowe@froot.co.uk</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr">Jean-Paul, it may be worth =
noting that the BIP39 word list is integrated into Bitcoinj so will likely =
become the de facto standard for Android, Trezor web and several desktop wa=
llets. Anyone deviating from that word list would likely find themselves in=
 an isolated pocket.<div>

<br></div><div>Regarding the timestamp, MultiBit HD uses a simple timestamp=
 of &quot;number of days since midnight of Bitcoin genesis block in UTC wit=
h modulo 97 checksum appended&quot;. Thus a new seed generated on 27 Januar=
y 2014 would have &quot;1850/01&quot; as its checksum. When creating a new =
wallet the users are tested that they have written the timestamp down along=
 with the associated 12/18/24 words.</div>

<div><br></div><div>Modulo 97 was chosen since it catches about 99% of erro=
rs.</div></div><div class=3D"HOEnZb"><div class=3D"h5"><div class=3D"gmail_=
extra"><br><br><div class=3D"gmail_quote">On 12 March 2014 15:55, Pavol Rus=
nak <span dir=3D"ltr">&lt;<a href=3D"mailto:stick@gk2.sk" target=3D"_blank"=
>stick@gk2.sk</a>&gt;</span> wrote:<br>

<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div>On 03/12/2014 04:45 PM, Jean-Paul Kogel=
man wrote:<br>
&gt; Yes I am. There are some differences between BIP 39 and my proposal th=
ough.<br>
&gt;<br>
&gt; - BIP 39 offers an easy list of words, no gnarly string of case sensit=
ive letters and numbers.<br>
<br>
</div>Which is better IMO. I can&#39;t imagine anyone writing down a long B=
ase58<br>
encoded string.<br>
<div><br>
&gt; - BIP 39 only offers one fixed length of entropy, always 12 words, no =
option to increase or decrease the length.<br>
<br>
</div>Not true, BIP39 supports 12/18/24 words (=3D 128/192/256 bits of entr=
opy).<br>
<div><br>
&gt; - BIP 39 doesn&#39;t have a genesis date field, so no optimization dur=
ing blockchain rescan.<br>
<br>
</div>This is nice addition, indeed. But we needed to limit the data as<br>
possible in order not to increase the number of words needed to be noted<br=
>
down.<br>
<div><br>
&gt; - BIP 39 doesn&#39;t have password typo detection. No easy way to reco=
ver a password if you know most of it.<br>
<br>
</div>It has a detection. Not correction though.<br>
<div><br>
&gt; - BIP 39 does not have a user selectable KDF, only 2048 round PBKDF2-H=
MAC-SHA512.<br>
&gt; - BIP 39 can&#39;t outsource the KDF computation to a 3rd party.<br>
<br>
</div>True, but having one or two solid options are better than having<br>
gazillions of possible options.<br>
<div><br>
&gt; - BIP 39 wallet implementors can use their own word lists, breaking cr=
oss wallet compatibility.<br>
<br>
</div>True, but they are encouraged to use the list provided. Possibility t=
o<br>
outsource KDF outside of your &quot;standard&quot; breaks much more compati=
bility<br>
than this.<br>
<br>
--<br>
Best Regards / S pozdravom,<br>
<br>
Pavol Rusnak &lt;<a href=3D"mailto:stick@gk2.sk" target=3D"_blank">stick@gk=
2.sk</a>&gt;<br>
<br>
---------------------------------------------------------------------------=
---<br>
Learn Graph Databases - Download FREE O&#39;Reilly Book<br>
&quot;Graph Databases&quot; is the definitive new guide to graph databases =
and their<br>
applications. Written by three acclaimed leaders in the field,<br>
this first edition is now available. Download your free book today!<br>
<a href=3D"http://p.sf.net/sfu/13534_NeoTech" target=3D"_blank">http://p.sf=
.net/sfu/13534_NeoTech</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" target=3D"_bla=
nk">Bitcoin-development@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</blockquote></div><br></div>
</div></div><br>-----------------------------------------------------------=
-------------------<br>
Learn Graph Databases - Download FREE O&#39;Reilly Book<br>
&quot;Graph Databases&quot; is the definitive new guide to graph databases =
and their<br>
applications. Written by three acclaimed leaders in the field,<br>
this first edition is now available. Download your free book today!<br>
<a href=3D"http://p.sf.net/sfu/13534_NeoTech" target=3D"_blank">http://p.sf=
.net/sfu/13534_NeoTech</a><br>_____________________________________________=
__<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
<br></blockquote></div><br></div>

--047d7bacb2aa73067904f46c9e50--