1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
|
Return-Path: <vitteaymeric@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 1FC82E8A
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 26 Dec 2018 11:33:30 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com
[209.85.128.47])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B5DDB189
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 26 Dec 2018 11:33:28 +0000 (UTC)
Received: by mail-wm1-f47.google.com with SMTP id p6so15049039wmc.1
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 26 Dec 2018 03:33:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=subject:to:references:from:openpgp:autocrypt:message-id:date
:user-agent:mime-version:in-reply-to:content-language;
bh=y8yDjVTpIxtw2IjG3guoZkUAn0Gn18nqV+dkgjcTtdI=;
b=jNgalPJVHIOMvM5kMu8wWicgRbEp0/Ow60AAkojgIpTs87r5D6jgBkLIOLl0u2G9mP
KpUYeFmLUKNQqazq2A2u4m/3aTEDxNPg9UUI3u8fdcd6OsDofPps4XCb5yQ41pyWyQfT
atyvGyk5jxSD3PXRaPOO0zSW6DdovVQpy7I1oT+13Rkrplq3LUR+RkZVDnmdQJa7lbKD
dJh4f9hUxtS4QnKnQ1IopuOhSxMKDIHxnVWsu+mIMGVQvpxnc5L6teYgJeyRHsF3uc7G
7jXRjceKc9fbRhsr7Ul/Ji/gLORWD5jZvZlxE0tkzXRbTyZN+bYJPfs/9vWOos2GfWNp
AOZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt
:message-id:date:user-agent:mime-version:in-reply-to
:content-language;
bh=y8yDjVTpIxtw2IjG3guoZkUAn0Gn18nqV+dkgjcTtdI=;
b=s0Mnx5/P4KWak07A6+qDQXlDK8Fn7wylW4KnQegQ+8n/n+00GFfDyenuPSwlOvuJkm
VLycbkfiSxKy4tSDCfwdfpylNG/JX1k2yr3Njj1RRuk+wsvDWqfq0GW2LnU0kkjGdJ/r
wqwFKXbz9Qn6LPpi4haVwbChyFD5SpO6m4LDYQHX4ZPg1HxWzaejJ8Px+i1uMUrNFOSC
uY37NMkw3ClRC1AVj0f/vi7vlvoa985RY0664BcOie1NRjfkjdGPViagBIDO5Y3dT5mW
oP04+5Je9LJTK/ZpfuBrqsTMzMvgegPJ6qt5U5cnKgNuBHx7iDCO7JUDoUVZsxrJmEJw
ksnA==
X-Gm-Message-State: AA+aEWYEafQaOh3V4kmV2/T+IoCbWGhvzvB0ICuZEf3CZRVxwABE9JHD
Qi7sap1rzL1aC86PuBdgzYSUL6Qo
X-Google-Smtp-Source: ALg8bN55Py3CKO7ad7FWMKD9Mp5IAwK8FnL8EMIypX260aMvM8W3K3qBXyECnDv/sEcX5WuYv2VQkw==
X-Received: by 2002:a7b:cb96:: with SMTP id m22mr18330106wmi.39.1545824006945;
Wed, 26 Dec 2018 03:33:26 -0800 (PST)
Received: from [192.168.1.10] (lfbn-nic-1-41-15.w2-15.abo.wanadoo.fr.
[2.15.134.15]) by smtp.googlemail.com with ESMTPSA id
i13sm24812280wrw.32.2018.12.26.03.33.25
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Wed, 26 Dec 2018 03:33:26 -0800 (PST)
To: James MacWhyte <macwhyte@gmail.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
References: <68330522-7e7c-c3b4-99a9-1c68ddb56f23@gmail.com>
<f2d73a92-e1c5-9072-e255-fa012a9f9d1b@satoshilabs.com>
<db184306-7ec0-322e-5637-7889b51f50bf@gmail.com>
<CAH+Axy6dKDOkE6cQYZUusTUxxOSwWchOWxYh6ZkhnOgXuELaYg@mail.gmail.com>
From: Aymeric Vitte <vitteaymeric@gmail.com>
Openpgp: preference=signencrypt
Autocrypt: addr=vitteaymeric@gmail.com; prefer-encrypt=mutual; keydata=
mQINBFdW8uABEAC7HJScbB2d/lmYoY5Cn9loEjJwfLs1LC3om030bWFGiH3Ceo5XeHUT94rw
Pi+HaHU8ea94425SXIFsnqp/ouoT/8Ffn6vED0OoRmK0jE4fqDApXSpoL2mHX9PAGdUItMtD
YrxBiBZNfMkctEsm4NrQ4TCvB3Yrm6Fc69inXJjUoYgPw5tHafEeI8Qwh0j99JZZDKcAqIra
JF3MPc59rATz0qOJtRP9EpsPVFwjJe13zN6CHILwiVgrL8EtT5WKCVO6ATxh60LHi8+MwPxV
V31zp/NNI5Hck+XocEMO98ZvUu9X8ZxmnOk/+9pBxXEwUqSGUNWdmPJLncpI23Usce3u/MOo
M2C4T4rD4J0XrXiyBvbeTvwq4qVNlyggeWzlBH+YpEYgDctPq4gNh4eoTtAkf8URtBeke5bQ
CGdaZt/jxv8nvmxs9V/iSyg5ldJLQktHStXOo0OZ7FEB2C6Ggtymm4hm2MHYg07Q1MGJrFLa
oJZkJ3JeXnVsZMam7ypQtld6rRa96CvH+llXwux6aQ5hKdzmBBMQ10LlkZhkExgTawbeqdiG
RMP2DjD5go6TPdAHS4NN34SBkrTWLqgWOjN/lnG77bbLnpMl0P+xBTuqw1oSXaDbcdHE2nGY
lRno/ZZIfr+1Bq56DZLBX/WpnAT4f5WtofL4CxQM9SbG6byyewARAQABtCJBeW1lcmljIFZp
dHRlIDxheW1lcmljQHBlZXJzbS5jb20+iQI/BBMBCAApBQJXVvLgAhsjBQkJZgGABwsJCAcD
AgEGFQgCCQoLBBYCAwECHgECF4AACgkQKh17NCYnrDm3WhAAlYmgtSmtfqjBvQMqkmtqiQJA
aZkzFZWt6+zroduHH5/Tp8jh73gFqCUyRrl/kcKvs2+XQhfrOwk1R6OScF25bpnrZSeuyJnZ
MZu4T0P2tGS8YdddQvWUHMtI9ZnQRuYmuZT23/hgj1JnukuGvGLeY0yDUa1xFffPN39shp5X
FPMcpIVOV3bs+xjAdsyfRyO3qJAD1FGiR7ggJeoaxUbKZ6NtcVUPPRMjVTKfopkuDwKY318m
BE0epfxSZ/iRhsJ0/sREUWgbgq4/QvCFwBKzgz7fTikGmf8OELWSdofmXs7gOtmMc3el8fJu
W8PVa/OsIQHDmwSzvxmE8ba5M8bdwOYEraTWFArIymAAtRXKxmuYpkqKfeSlbCwae3W+pgNT
8nKYRVAFlMtIxYkmPYyMTk9kCscmSqugGWbWdnqe/dhVaa31xa1qO1tDH24D2/tjCJRQt4Jk
AEWNSmjCmjfeArMEFTGlZwMTAjVXErLSPbLOsZiZhD9sjvSbfzrtJiMli2h9+Dvds+AJk1PM
O8LW7cCNyFoCk4OdAxzJHobZ25G+uy4NSQEHgxLC2iuh/tugz1tOHnQczPc/3AkVVI9A5DF1
gbVRBJh6rI7sAcwuR76uoOs0Rpp7r6I66xqU/5eq8g1OsJp89tw0ppSIa0YmaxNqQZ0l3rVX
o/ZwpBjtNQS5Ag0EV1by4AEQANhlz3Ywff4dY1HTdn05v0wVUxZzW2PUih+96m6EhpUrD9BT
vxriKtbgxm/zl+5YAlThbrk9f0QyVTHJ95Z1/M5qjuksP9Zn3qZ/8ylANDkN2s3z8Bq/LJA+
u7+APhMqyFWK0FqNCOogClvijiKPEzkU6tmDGO6wZ5pR/u8Fdq7DGQgwgyGZZc7qstte0M7l
yx7bVRlPBqvd6kyX3YubQHzkctf46nFjiYZgKawdWFsA3PCdSBupbhixL5d/t1UK9ZTiQJcf
0uhHzT06qwolFrm/ugkLDHtE4Zo3BuKch47Sms8P2hJ08gABxeJHg0ZgkIUy/Xf4nHbDCBJw
T8tE8pWYWA2ECiPNo0TOCMVOueEzISUNKINfCuFHSbMQU39hgt3ofxODbAjOiO3e/iu1ptck
AkuVBdtjOBP4tHRGxVrbf5EuAV5U5xtiSxMwMgojg0GIXZjnT/8uvWqcLqtJILRMmmu+WNvD
oxuiJzcTJhDai9oujmxQwcpMvgrBB89KSTDyitO5XVjZqaR7Zxvvn3rM4bAms/lotv9+pTyh
spazTIxb80u0ifJ6y1RxAkxQCfWwps1i3VbsM6OKX78aUyOf5V4ihXF57M37tOqPRwFvz6a+
AIIhUNMTLo2H+o6Vw9qbX8SUxPHPs6YpJ8lWQJ9OMWHE+SbaDFAi/D5hYRubABEBAAGJAiUE
GAEIAA8FAldW8uACGwwFCQlmAYAACgkQKh17NCYnrDmk4Q/9Fuu0h5HvIiO3ieYA2StdE7hO
vv2THuesjJDsj6aQUTgknaxKptJogNe3dDyIT+FHxXmCw0Nrbm9Q3ryl80z/G9utfFNO3Gwc
q31QW3n3LJHnpqdrV3WsRzT5NwJMVtiIAGRrX8ZomtarWHT0PeEHC2xBdFzRrJtmkrwer0Wc
0nBzD7vk1XEXC9nODbmlgsesoHFgRwQBst3wClCbX1gv8aSfxQNpaf9UBC8DmyrQ621UXpBo
PvcFEtWxV44vJfP0WOLCCN0Pzv2F2I66iKo7VMqbr5jlNAXJN9I1hXb7qwYJmBC9j5oeEoqv
A9d44WWpxrdAr8qih4Nv89k9+9F6NoqORY3FGuVDKiW8CVhCmGT7bIvNeyicVBZFipXqPcKL
VFduO2c5Ubc2npMWLUF1k9JJc9tH75l3+F/0RbYVTzGAZ+zSaudwR6h8YiCN2DBZGZkJEZbh
3X/l6jtijMN/W9sPHyyKvm/TmeEC27S3TqZPZ8PUQLxZC70V6gMbenh01JdSQsn5t8Ru0RNh
Blt0g7IyZyIKCE9b+TyzbYpX6qgqEBUHia5b0vyPtQacWQlZ8uqnghAqNkLluEsy7Q/7xG6M
wXUYEDsFOmB9dKOzcAOIhpxlVjSKu5mzXJ11sEtE8nyF5NJ/riCA7FGcjlki3zIpzQUNo9v7
vXl2h6Tivlk=
Message-ID: <743fb106-977e-1f34-47af-9fb3b8621e72@gmail.com>
Date: Wed, 26 Dec 2018 12:33:27 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:60.0) Gecko/20100101
Thunderbird/60.3.3
MIME-Version: 1.0
In-Reply-To: <CAH+Axy6dKDOkE6cQYZUusTUxxOSwWchOWxYh6ZkhnOgXuELaYg@mail.gmail.com>
Content-Type: multipart/alternative;
boundary="------------B2D074D0D71ED954EAC38DC9"
Content-Language: fr
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Thu, 27 Dec 2018 14:59:24 +0000
Subject: Re: [bitcoin-dev] BIP39 seeds
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Dec 2018 11:33:30 -0000
This is a multi-part message in MIME format.
--------------B2D074D0D71ED954EAC38DC9
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Another drawback I think is that people are not using it as seeds, they
just go to a wallet sw which proposes a new seed, write it somewhere, do
something with the wallet and forget about it, go to another one, create
another wallet, etc
Apparently it is not very well known even here that the probabilities
are very high to get a valid BIP39 seed even with 24 words, so, even
with a tool like yours, they can be misleaded, for example trying a few
words to replace the missing/incorrect one, get a valid seed and stay
stuck with it forever trying to play with BIP44/49 to find their keys
Probably what I am suggesting is not new (and therefore maybe not a good
suggestion): given a secret seed (a book, a document, a link, etc) and a
derivation path (an algo with secret parameter(s) to derive/order the
words and select the valid bip39 sequences), you get your BIP39 seeds
and don't have to write them
Of course we don't have to use necessarilly BIP39 for this but this is
what we have everywhere and this is what is compatible with it, then you
could use the same or a fake written "not very well hidden" BIP39 seed
to plausibly deny your real wallet
Le 25/12/2018 à 01:30, James MacWhyte a écrit :
>
>
> On Mon, Dec 24, 2018 at 2:48 PM Aymeric Vitte via bitcoin-dev
> <bitcoin-dev@lists.linuxfoundation.org
> <mailto:bitcoin-dev@lists.linuxfoundation.org>> wrote:
>
>
> I don't see very well why it's easier to write n words that you
> cannot choose rather than a 32B BIP32 hex seed, and I have seen
> many people completely lost with their wallets because of this
>
>
> In practice it has quite a few qualities that make it a bit more
> resilient for physical (written) storage.
>
> If a few letters of a word get rubbed off or otherwise become
> illegible, it is pretty easy for a native speaker to figure out what
> the word is supposed to be. Even a non-native speaker could look
> through the word list and figure out which word fits. Missing
> characters in a hex string require more advanced brute force
> searching, which the average user isn't capable of.
>
> Additionally, having the bits grouped into words makes a more serious
> recovery easier. If you lose one entire word, it can be brute forced
> in about 5 minutes on a normal pc, even if you don't know which
> position the missing word is in (I have published a tool that does
> just this: https://jmacwhyte.github.io/recovery-phrase-recovery). If
> you are missing two words, you can brute force it in about a week
> (napkin math).
>
> If you were missing a random chunk of a hex string, I don't know how
> you'd go about brute forcing that in a timely manner.
>
> As an aside, from a UX standpoint we've seen that the 12 words don't
> *look* important so people don't take them seriously (and they get
> lost). A hex string or equivalent would look more password-y, and
> therefore would most likely be better protected by users.
>
> James
--------------B2D074D0D71ED954EAC38DC9
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Another drawback I think is that people are not using it as
seeds, they just go to a wallet sw which proposes a new seed,
write it somewhere, do something with the wallet and forget about
it, go to another one, create another wallet, etc</p>
<p>Apparently it is not very well known even here that the
probabilities are very high to get a valid BIP39 seed even with 24
words, so, even with a tool like yours, they can be misleaded, for
example trying a few words to replace the missing/incorrect one,
get a valid seed and stay stuck with it forever trying to play
with BIP44/49 to find their keys</p>
<p>Probably what I am suggesting is not new (and therefore maybe not
a good suggestion): given a secret seed (a book, a document, a
link, etc) and a derivation path (an algo with secret parameter(s)
to derive/order the words and select the valid bip39 sequences),
you get your BIP39 seeds and don't have to write them</p>
<p>Of course we don't have to use necessarilly BIP39 for this but
this is what we have everywhere and this is what is compatible
with it, then you could use the same or a fake written "not very
well hidden" BIP39 seed to plausibly deny your real wallet<br>
</p>
<div class="moz-cite-prefix">Le 25/12/2018 à 01:30, James MacWhyte a
écrit :<br>
</div>
<blockquote type="cite"
cite="mid:CAH+Axy6dKDOkE6cQYZUusTUxxOSwWchOWxYh6ZkhnOgXuELaYg@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">
<div><br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Mon, Dec 24, 2018 at 2:48 PM Aymeric Vitte
via bitcoin-dev <<a
href="mailto:bitcoin-dev@lists.linuxfoundation.org"
moz-do-not-send="true">bitcoin-dev@lists.linuxfoundation.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex"><br>
I don't see very well why it's easier to write n words
that you cannot choose rather than a 32B BIP32 hex seed,
and I have seen many people completely lost with their
wallets because of this<br>
</blockquote>
<div><br>
</div>
<div>In practice it has quite a few qualities that make it a
bit more resilient for physical (written) storage.</div>
<div><br>
</div>
<div>If a few letters of a word get rubbed off or otherwise
become illegible, it is pretty easy for a native speaker
to figure out what the word is supposed to be. Even a
non-native speaker could look through the word list and
figure out which word fits. Missing characters in a hex
string require more advanced brute force searching, which
the average user isn't capable of.</div>
<div><br>
</div>
<div>Additionally, having the bits grouped into words makes
a more serious recovery easier. If you lose one entire
word, it can be brute forced in about 5 minutes on a
normal pc, even if you don't know which position the
missing word is in (I have published a tool that does just
this: <a
href="https://jmacwhyte.github.io/recovery-phrase-recovery"
moz-do-not-send="true">https://jmacwhyte.github.io/recovery-phrase-recovery</a>).
If you are missing two words, you can brute force it in
about a week (napkin math).<br>
<br>
If you were missing a random chunk of a hex string, I
don't know how you'd go about brute forcing that in a
timely manner.</div>
<div><br>
</div>
<div>As an aside, from a UX standpoint we've seen that the
12 words don't *look* important so people don't take them
seriously (and they get lost). A hex string or equivalent
would look more password-y, and therefore would most
likely be better protected by users.</div>
<div><br>
</div>
<div>James</div>
</div>
</div>
</div>
</blockquote>
<pre class="moz-signature" cols="72">
</pre>
</body>
</html>
--------------B2D074D0D71ED954EAC38DC9--
|