1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
|
Return-Path: <vitteaymeric@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id AC900BD8
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 4 Jan 2019 00:02:39 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-ed1-f48.google.com (mail-ed1-f48.google.com
[209.85.208.48])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 87B62F4
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 4 Jan 2019 00:02:38 +0000 (UTC)
Received: by mail-ed1-f48.google.com with SMTP id d39so30407002edb.12
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 03 Jan 2019 16:02:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=subject:to:references:from:openpgp:autocrypt:message-id:date
:user-agent:mime-version:in-reply-to:content-language;
bh=10LnWbPspUIXFR0Pi8S2/DRZP4VfyFLn7GSVPAYFW+0=;
b=JCvnRf62dDDcHO+RkrbjCVAQ6XsE8THoo3naH9HvjW4hVmp32F6lRJW24jKLuXAnbK
2zatnjAWvnyHnVMyY6iNN8rdFzZResCUq8aNXEcrcjfGmU44WsQ7uINlsb3vi1+zyFZm
Y9VhWK4XHxX9reoy1FSuV7OvPu9/kEbxrjd+96L7Dq0NrBw3qxR4R7rNjcE+D8UJ0glv
GP6inbJBK9oa3kZvCPqldH0iyMSdK/uPjgP1IplYPFcJSlpodflO/3SfXNkkKHETZ2Eq
TacBtcgiQ/ocTQC/WODwFDgPlo13Jf3Q0QQ3A3aorDJCBOM+gP0sl2Aebehoiv0dz+BY
lXVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt
:message-id:date:user-agent:mime-version:in-reply-to
:content-language;
bh=10LnWbPspUIXFR0Pi8S2/DRZP4VfyFLn7GSVPAYFW+0=;
b=fP/slVPcXi01oyy/ja5LCehg3LU3HaTERCU9TlL/kh0+C3mVIIvTc5/8IVnb9mBmoo
2GBEm0hVfdysFEeIkgK36aZdoKpdBaDVwHxMeryMIE5JDEjyaO0tbDlgj5HJR6HRkJ/l
Rp3tRSiT0wra2Um8KE4p2sinTrkaHL7eY9A5YVQzIRqXumBhcNGSH/dMCESudzgH5hOP
w41uYoaCPPFjOrtXdU1Z5LrtA3iZi9q8vO6pAYlxeULmmyEkeVX/45A2Hj6B3anlVTsB
K6RBRLAYGqFwwq6b3YYTGrFTXm806apkOvNkzY/ARpFPnxFt0N6Yzj/HEGgQs2bL2Ceu
Crtw==
X-Gm-Message-State: AA+aEWZX7kq5PUlz8++SQbIeJCNUe2T5S/MtGJFoXcNT6IrEWcd03MGI
GgcHR1bBQddvhPd45Lx6pvnDVWjm
X-Google-Smtp-Source: AFSGD/V4cUBSIdkNiQaiijtbEV7aGsmh9EKoKZN6HZ70St0bVjuVEhkfh+jx1iCj85s+Ef+hsCIYPA==
X-Received: by 2002:a17:906:b243:: with SMTP id
ce3-v6mr36513287ejb.87.1546560157024;
Thu, 03 Jan 2019 16:02:37 -0800 (PST)
Received: from ?IPv6:2a01:cb1d:44:6500:c196:bfae:4e3f:d5fe?
([2a01:cb1d:44:6500:c196:bfae:4e3f:d5fe])
by smtp.googlemail.com with ESMTPSA id
h51sm26516680edh.17.2019.01.03.16.02.36
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Thu, 03 Jan 2019 16:02:36 -0800 (PST)
To: James MacWhyte <macwhyte@gmail.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>,
thealanevans@gmail.com
References: <68330522-7e7c-c3b4-99a9-1c68ddb56f23@gmail.com>
<f2d73a92-e1c5-9072-e255-fa012a9f9d1b@satoshilabs.com>
<db184306-7ec0-322e-5637-7889b51f50bf@gmail.com>
<CAH+Axy6dKDOkE6cQYZUusTUxxOSwWchOWxYh6ZkhnOgXuELaYg@mail.gmail.com>
<743fb106-977e-1f34-47af-9fb3b8621e72@gmail.com>
<CAH+Axy7v=26P8=CJPUqymKOcromGz+zYZ2cb2KaASgXNPpE2tQ@mail.gmail.com>
<c91cd61b-3ec5-6c7a-c7e3-7ceb48539625@gmail.com>
<CALPhJawf98+uqZXQRGH3Tjo1CnZJfE+CMw9J2ZqiHHmwDSdugQ@mail.gmail.com>
<CAH+Axy72BTi8+yiUnbrr_Fd8XDf0g6eygOT-6OHRZ8En7W3qbA@mail.gmail.com>
From: Aymeric Vitte <vitteaymeric@gmail.com>
Openpgp: preference=signencrypt
Autocrypt: addr=vitteaymeric@gmail.com; prefer-encrypt=mutual; keydata=
mQINBFdW8uABEAC7HJScbB2d/lmYoY5Cn9loEjJwfLs1LC3om030bWFGiH3Ceo5XeHUT94rw
Pi+HaHU8ea94425SXIFsnqp/ouoT/8Ffn6vED0OoRmK0jE4fqDApXSpoL2mHX9PAGdUItMtD
YrxBiBZNfMkctEsm4NrQ4TCvB3Yrm6Fc69inXJjUoYgPw5tHafEeI8Qwh0j99JZZDKcAqIra
JF3MPc59rATz0qOJtRP9EpsPVFwjJe13zN6CHILwiVgrL8EtT5WKCVO6ATxh60LHi8+MwPxV
V31zp/NNI5Hck+XocEMO98ZvUu9X8ZxmnOk/+9pBxXEwUqSGUNWdmPJLncpI23Usce3u/MOo
M2C4T4rD4J0XrXiyBvbeTvwq4qVNlyggeWzlBH+YpEYgDctPq4gNh4eoTtAkf8URtBeke5bQ
CGdaZt/jxv8nvmxs9V/iSyg5ldJLQktHStXOo0OZ7FEB2C6Ggtymm4hm2MHYg07Q1MGJrFLa
oJZkJ3JeXnVsZMam7ypQtld6rRa96CvH+llXwux6aQ5hKdzmBBMQ10LlkZhkExgTawbeqdiG
RMP2DjD5go6TPdAHS4NN34SBkrTWLqgWOjN/lnG77bbLnpMl0P+xBTuqw1oSXaDbcdHE2nGY
lRno/ZZIfr+1Bq56DZLBX/WpnAT4f5WtofL4CxQM9SbG6byyewARAQABtCJBeW1lcmljIFZp
dHRlIDxheW1lcmljQHBlZXJzbS5jb20+iQI/BBMBCAApBQJXVvLgAhsjBQkJZgGABwsJCAcD
AgEGFQgCCQoLBBYCAwECHgECF4AACgkQKh17NCYnrDm3WhAAlYmgtSmtfqjBvQMqkmtqiQJA
aZkzFZWt6+zroduHH5/Tp8jh73gFqCUyRrl/kcKvs2+XQhfrOwk1R6OScF25bpnrZSeuyJnZ
MZu4T0P2tGS8YdddQvWUHMtI9ZnQRuYmuZT23/hgj1JnukuGvGLeY0yDUa1xFffPN39shp5X
FPMcpIVOV3bs+xjAdsyfRyO3qJAD1FGiR7ggJeoaxUbKZ6NtcVUPPRMjVTKfopkuDwKY318m
BE0epfxSZ/iRhsJ0/sREUWgbgq4/QvCFwBKzgz7fTikGmf8OELWSdofmXs7gOtmMc3el8fJu
W8PVa/OsIQHDmwSzvxmE8ba5M8bdwOYEraTWFArIymAAtRXKxmuYpkqKfeSlbCwae3W+pgNT
8nKYRVAFlMtIxYkmPYyMTk9kCscmSqugGWbWdnqe/dhVaa31xa1qO1tDH24D2/tjCJRQt4Jk
AEWNSmjCmjfeArMEFTGlZwMTAjVXErLSPbLOsZiZhD9sjvSbfzrtJiMli2h9+Dvds+AJk1PM
O8LW7cCNyFoCk4OdAxzJHobZ25G+uy4NSQEHgxLC2iuh/tugz1tOHnQczPc/3AkVVI9A5DF1
gbVRBJh6rI7sAcwuR76uoOs0Rpp7r6I66xqU/5eq8g1OsJp89tw0ppSIa0YmaxNqQZ0l3rVX
o/ZwpBjtNQS5Ag0EV1by4AEQANhlz3Ywff4dY1HTdn05v0wVUxZzW2PUih+96m6EhpUrD9BT
vxriKtbgxm/zl+5YAlThbrk9f0QyVTHJ95Z1/M5qjuksP9Zn3qZ/8ylANDkN2s3z8Bq/LJA+
u7+APhMqyFWK0FqNCOogClvijiKPEzkU6tmDGO6wZ5pR/u8Fdq7DGQgwgyGZZc7qstte0M7l
yx7bVRlPBqvd6kyX3YubQHzkctf46nFjiYZgKawdWFsA3PCdSBupbhixL5d/t1UK9ZTiQJcf
0uhHzT06qwolFrm/ugkLDHtE4Zo3BuKch47Sms8P2hJ08gABxeJHg0ZgkIUy/Xf4nHbDCBJw
T8tE8pWYWA2ECiPNo0TOCMVOueEzISUNKINfCuFHSbMQU39hgt3ofxODbAjOiO3e/iu1ptck
AkuVBdtjOBP4tHRGxVrbf5EuAV5U5xtiSxMwMgojg0GIXZjnT/8uvWqcLqtJILRMmmu+WNvD
oxuiJzcTJhDai9oujmxQwcpMvgrBB89KSTDyitO5XVjZqaR7Zxvvn3rM4bAms/lotv9+pTyh
spazTIxb80u0ifJ6y1RxAkxQCfWwps1i3VbsM6OKX78aUyOf5V4ihXF57M37tOqPRwFvz6a+
AIIhUNMTLo2H+o6Vw9qbX8SUxPHPs6YpJ8lWQJ9OMWHE+SbaDFAi/D5hYRubABEBAAGJAiUE
GAEIAA8FAldW8uACGwwFCQlmAYAACgkQKh17NCYnrDmk4Q/9Fuu0h5HvIiO3ieYA2StdE7hO
vv2THuesjJDsj6aQUTgknaxKptJogNe3dDyIT+FHxXmCw0Nrbm9Q3ryl80z/G9utfFNO3Gwc
q31QW3n3LJHnpqdrV3WsRzT5NwJMVtiIAGRrX8ZomtarWHT0PeEHC2xBdFzRrJtmkrwer0Wc
0nBzD7vk1XEXC9nODbmlgsesoHFgRwQBst3wClCbX1gv8aSfxQNpaf9UBC8DmyrQ621UXpBo
PvcFEtWxV44vJfP0WOLCCN0Pzv2F2I66iKo7VMqbr5jlNAXJN9I1hXb7qwYJmBC9j5oeEoqv
A9d44WWpxrdAr8qih4Nv89k9+9F6NoqORY3FGuVDKiW8CVhCmGT7bIvNeyicVBZFipXqPcKL
VFduO2c5Ubc2npMWLUF1k9JJc9tH75l3+F/0RbYVTzGAZ+zSaudwR6h8YiCN2DBZGZkJEZbh
3X/l6jtijMN/W9sPHyyKvm/TmeEC27S3TqZPZ8PUQLxZC70V6gMbenh01JdSQsn5t8Ru0RNh
Blt0g7IyZyIKCE9b+TyzbYpX6qgqEBUHia5b0vyPtQacWQlZ8uqnghAqNkLluEsy7Q/7xG6M
wXUYEDsFOmB9dKOzcAOIhpxlVjSKu5mzXJ11sEtE8nyF5NJ/riCA7FGcjlki3zIpzQUNo9v7
vXl2h6Tivlk=
Message-ID: <2df60f7f-58a4-b5b6-757f-7d50a339ff97@gmail.com>
Date: Fri, 4 Jan 2019 01:02:35 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:60.0) Gecko/20100101
Thunderbird/60.4.0
MIME-Version: 1.0
In-Reply-To: <CAH+Axy72BTi8+yiUnbrr_Fd8XDf0g6eygOT-6OHRZ8En7W3qbA@mail.gmail.com>
Content-Type: multipart/alternative;
boundary="------------F9D36DED4870A2C4F80FE238"
Content-Language: fr
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Fri, 04 Jan 2019 03:18:25 +0000
Subject: Re: [bitcoin-dev] BIP39 seeds
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jan 2019 00:02:39 -0000
This is a multi-part message in MIME format.
--------------F9D36DED4870A2C4F80FE238
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
What I have in mind is in my latest reply (difficult to have some kind
of fluent discussions on this list given the moderation and delayed posts)
I would just add that the derivation method (indeed something like what
you are sketching below) should estimate that there is enough entropy
from the secret, if not just throw
Le 02/01/2019 à 19:06, James MacWhyte via bitcoin-dev a écrit :
> On Wed, Jan 2, 2019 at 3:40 AM Alan Evans via bitcoin-dev
> <bitcoin-dev@lists.linuxfoundation.org
> <mailto:bitcoin-dev@lists.linuxfoundation.org>> wrote:
>
>
> I think any method that doesn't use real entropy, but some fake
> source of randomness, such as a book is asking to be hacked and so
> is not a reasonable idea.
>
> If an algorithm for book text to BIP39 sentence ever became well
> used, common books will be systematically searched for accounts.
> People will also choose their favourite passages, so I would
> expect to see collisions.
>
>
> I tend to have this conversation a lot ;) I'm not sure what Aymeric
> has in mind, but my suggestions are for use by the small few who
> properly understand how these things work. I am not suggesting
> blockchain.info <http://blockchain.info> require every user to choose
> a book passage to use as their backup phrase!
>
> There are so many small things that could be done to make a text input
> unique. Choose the X number of words from the start of the Nth
> sentence. Replace all punctuation with exclamation points. Combine two
> sentences from different pages. It would be nigh impossible to brute
> force any of these, and would require hints/instructions from the
> owner to recover.
>
> But I admit if this is not intended for standardization, discussing it
> on this mailing list is probably unwarranted.
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
--
Move your coins by yourself (browser version): https://peersm.com/wallet
Bitcoin transactions made simple: https://github.com/Ayms/bitcoin-transactions
Zcash wallets made simple: https://github.com/Ayms/zcash-wallets
Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets
Get the torrent dynamic blocklist: http://peersm.com/getblocklist
Check the 10 M passwords list: http://peersm.com/findmyass
Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
--------------F9D36DED4870A2C4F80FE238
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>What I have in mind is in my latest reply (difficult to have some
kind of fluent discussions on this list given the moderation and
delayed posts)</p>
<p>I would just add that the derivation method (indeed something
like what you are sketching below) should estimate that there is
enough entropy from the secret, if not just throw<br>
</p>
<div class="moz-cite-prefix">Le 02/01/2019 à 19:06, James MacWhyte
via bitcoin-dev a écrit :<br>
</div>
<blockquote type="cite"
cite="mid:CAH+Axy72BTi8+yiUnbrr_Fd8XDf0g6eygOT-6OHRZ8En7W3qbA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div class="gmail_quote">
<div dir="ltr">On Wed, Jan 2, 2019 at 3:40 AM Alan Evans via
bitcoin-dev <<a
href="mailto:bitcoin-dev@lists.linuxfoundation.org"
moz-do-not-send="true">bitcoin-dev@lists.linuxfoundation.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div><br>
</div>
<div>I think any method that doesn't use real entropy,
but some fake source of randomness, such as a book
is asking to be hacked and so is not a reasonable
idea.</div>
<div><br>
</div>
<div>If an algorithm for book text to BIP39
sentence ever became well used, common books will be
systematically searched for accounts. People will
also choose their favourite passages, so I would
expect to see collisions.</div>
<div><br>
</div>
</div>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>I tend to have this conversation a lot ;) I'm not sure
what Aymeric has in mind, but my suggestions are for use by
the small few who properly understand how these things work.
I am not suggesting <a href="http://blockchain.info"
moz-do-not-send="true">blockchain.info</a> require every
user to choose a book passage to use as their backup phrase!</div>
<div><br>
</div>
<div>There are so many small things that could be done to make
a text input unique. Choose the X number of words from the
start of the Nth sentence. Replace all punctuation with
exclamation points. Combine two sentences from different
pages. It would be nigh impossible to brute force any of
these, and would require hints/instructions from the owner
to recover.</div>
<div><br>
</div>
<div>But I admit if this is not intended for standardization,
discussing it on this mailing list is probably unwarranted.</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
bitcoin-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.linuxfoundation.org</a>
<a class="moz-txt-link-freetext" href="https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev">https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Move your coins by yourself (browser version): <a class="moz-txt-link-freetext" href="https://peersm.com/wallet">https://peersm.com/wallet</a>
Bitcoin transactions made simple: <a class="moz-txt-link-freetext" href="https://github.com/Ayms/bitcoin-transactions">https://github.com/Ayms/bitcoin-transactions</a>
Zcash wallets made simple: <a class="moz-txt-link-freetext" href="https://github.com/Ayms/zcash-wallets">https://github.com/Ayms/zcash-wallets</a>
Bitcoin wallets made simple: <a class="moz-txt-link-freetext" href="https://github.com/Ayms/bitcoin-wallets">https://github.com/Ayms/bitcoin-wallets</a>
Get the torrent dynamic blocklist: <a class="moz-txt-link-freetext" href="http://peersm.com/getblocklist">http://peersm.com/getblocklist</a>
Check the 10 M passwords list: <a class="moz-txt-link-freetext" href="http://peersm.com/findmyass">http://peersm.com/findmyass</a>
Anti-spies and private torrents, dynamic blocklist: <a class="moz-txt-link-freetext" href="http://torrent-live.org">http://torrent-live.org</a>
Peersm : <a class="moz-txt-link-freetext" href="http://www.peersm.com">http://www.peersm.com</a>
torrent-live: <a class="moz-txt-link-freetext" href="https://github.com/Ayms/torrent-live">https://github.com/Ayms/torrent-live</a>
node-Tor : <a class="moz-txt-link-freetext" href="https://www.github.com/Ayms/node-Tor">https://www.github.com/Ayms/node-Tor</a>
GitHub : <a class="moz-txt-link-freetext" href="https://www.github.com/Ayms">https://www.github.com/Ayms</a></pre>
</body>
</html>
--------------F9D36DED4870A2C4F80FE238--
|
