1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
|
Return-Path: <thealanevans@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id D96A1FCB
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 18 Jan 2018 19:50:26 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-oi0-f41.google.com (mail-oi0-f41.google.com
[209.85.218.41])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id EACE25AD
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 18 Jan 2018 19:50:25 +0000 (UTC)
Received: by mail-oi0-f41.google.com with SMTP id t8so16556648oie.6
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 18 Jan 2018 11:50:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc; bh=h+kp1/8TrCrZOjyexxVY+AnwhqzkZt1XsOHs9DatQSQ=;
b=EKr931dE1v4yy6vqW3fJLZZjSr9gZmpvcAMzzPJ3Zm8tdhkOPjXtiYQl++mHgElD61
juP9+JhcO8PE2EW5hB96rsJTUNHDefrMPm1LUB9q6ZXj8opeiGXrPNqyMwXjf7bTkP2k
Iy3Wt5h1/UvVQBXS3RrnK6xGnHdUp6iuXvqh51+7ig4PkFmLE3ibWfj5mPsSX9X3FrtN
KSawYkr1qNqsehY51NyrqJAqKXgo5IZPrg9LH46AqBQMtdsv6/iVx7d3kXOTfz2frC0U
7S3vM1Cv7PpLun2uOpPDUrlgFQWPzHMMrgaH5PTjPIBI4Xgi5/wqkTignEn27rHG04vb
Pnrg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc;
bh=h+kp1/8TrCrZOjyexxVY+AnwhqzkZt1XsOHs9DatQSQ=;
b=M38x977vNk42Ju3QZxiBPrJOLIYuGysEjvsGOUQ+2wcDl1sZHASId2uWldIA76xzFD
rvB2Snw+ypdWKdpc376Se4AZXi0nfFsivpIGcpfG0dQTPvBernNpFYVoAXdSFaL+jQWl
7FJxf8RRhDmZlhtZTH9ZS9g5TECWJ/Wk0u8muoLS5CxJECHDdXflLs/xc+NxRdn7heVk
0CI4gC+R9b5N7wW6+4FZVzqEu4VREzXguy2yToTXGZk715DBZOAuE8ruCvAQ8+y3se1M
QG4yrKgQAd9ylr5dK3fSIkJZZjKwD3p85kreRkqKzee4kUuCcUfT4dYivisuRzWrcJXI
NcWg==
X-Gm-Message-State: AKwxytfHoGzDft0YoGFq29uSuBwCto4W1yBPpl1qoQxX/BhwOC2f1XA9
61oR+yE9ieWZkKhEdEoAnPoAOUKh+DKRl1HoBSbWQw==
X-Google-Smtp-Source: ACJfBosk4s4CLCalbYbyspjaqAykCD0K0fZMLI0SuA5O2bD5YEDpefBJ1B++/uNHPa3gSZQ4X2CMd49y9ugotdyBBTI=
X-Received: by 10.202.6.4 with SMTP id 4mr3760396oig.316.1516305025186; Thu,
18 Jan 2018 11:50:25 -0800 (PST)
MIME-Version: 1.0
Received: by 10.74.152.10 with HTTP; Thu, 18 Jan 2018 11:50:24 -0800 (PST)
In-Reply-To: <CAH01uEu5gu_4z-6r3MbqsjboHuZ87yOxAZq6QxtA-3iUZvoXZw@mail.gmail.com>
References: <31430A55-57AD-4648-8D6D-DE2A45CC013C@vandermeer.frl>
<CAEvpD62pd_s17VoGw8B+=3_cmMq2cWneAR0MZ_CT_7DqooBnLQ@mail.gmail.com>
<CAF5CFkgO4SEBxTH93-L_d=JBgAmDNFTJa-LrnyjcvY-Esop9EA@mail.gmail.com>
<CAH01uEu5gu_4z-6r3MbqsjboHuZ87yOxAZq6QxtA-3iUZvoXZw@mail.gmail.com>
From: Alan Evans <thealanevans@gmail.com>
Date: Thu, 18 Jan 2018 15:50:24 -0400
Message-ID: <CALPhJaxVOyxjXQUj5oMrrsXH94H4Qkw7GL24TCoZ6HoE6fa=+Q@mail.gmail.com>
To: Jonathan Sterling <jon@thancodes.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="94eb2c18d95465c1e605631246e4"
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Thu, 18 Jan 2018 20:11:00 +0000
Subject: Re: [bitcoin-dev] Suggestion to remove word from BIP39 English
wordlist
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jan 2018 19:50:27 -0000
--94eb2c18d95465c1e605631246e4
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
> so it=E2=80=99s less obvious that it=E2=80=99s a bitcoin seed when found =
by a malicious
third party
1. The same words are used for wallets of all kinds of coins, so it's not
obvious it's for bitcoin.
2. Anyone recognising the word "satoshi" as related to cryptocurrency in
general, would also recognise any mnemonic.
3. You could elect to skip a mnemonic that includes the word if it was a
personal concern (but I would discourage selecting a mnemonic base on
personal preference, as could get dangerously close to being a brain wallet
in effect).
4. You could choose to record just the first 4 characters of each word,
"sato" is enough.
5. Where do we stop? the words "coin", "cash", "rich" are in there too.
6. About automated data-recovery, if you are storing mnemonics on HDDs or
other digial media, then you have larger security concerns than it just
being found during HDD recycling.
But most of all:
7. Removing a word or changing a list *is impossible* as verification of an
existing mnemonic requires the list. To change one word, you would need to
provide an alternative to BIP0039 to cope with alternative words, or change
all the words to a completely new set of 2048 English words so that it is
clear which wordlist is in use.
Regards,
Alan
On Thu, Jan 18, 2018 at 2:55 AM, Jonathan Sterling via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> All the more reason to only use the most common words that meet the other
> criteria: https://github.com/bitcoin/bips/blob/master/bip-
> 0039.mediawiki#Wordlist
>
> I agree - keeping "satoshi" in there is an unnecessary security risk.
>
> Kind Regards,
>
> Jonathan Sterling
>
> On Thu, Jan 18, 2018 at 8:14 AM, CryptAxe via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
>
>> Why wouldn't they just test the frequency of words from the wordlist in
>> entirety?
>>
>> On Jan 17, 2018 5:10 PM, "Weiwu Zhang via bitcoin-dev" <
>> bitcoin-dev@lists.linuxfoundation.org> wrote:
>>
>>> 2018-01-09 19:20 GMT+08:00 Ronald van der Meer via bitcoin-dev
>>> <bitcoin-dev@lists.linuxfoundation.org>:
>>> > After reviewing some bitcoin improvement proposals, I noticed that on=
e
>>> of the words that can be found on the BIP39 English wordlist is =E2=80=
=9Csatoshi=E2=80=9D.
>>> > I suggest removing this word from the list so it=E2=80=99s less obvio=
us that
>>> it=E2=80=99s a bitcoin seed when found by a malicious third party.
>>>
>>> If a malicious third party discovers a word list that look like a
>>> seed, they would try using it as Bitcoin seed first anyway, with or
>>> without finding the word 'satoshi' in it. The security threat is that
>>> a malicious third party may index what they found and test every
>>> occurrence of 'satoshi' for a lead to a seed.
>>>
>>> For example, a hard-disk recycling service would add this word to
>>> their salvage tools. Any successfully hacked gmail account will be
>>> 'satoshi' tested too.
>>>
>>> So I see this as a reasonable improvement:)
>>> _______________________________________________
>>> bitcoin-dev mailing list
>>> bitcoin-dev@lists.linuxfoundation.org
>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>>
>>
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>
>>
>
>
> --
> Kind Regards,
>
> Jonathan Sterling
> +44 (0)7415 512691 <+44%207415%20512691>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
--94eb2c18d95465c1e605631246e4
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div><span style=3D"color:rgb(80,0,80);font-size:12.8px">&=
gt;=C2=A0</span><span style=3D"color:rgb(80,0,80);font-size:12.8px">so it=
=E2=80=99s less obvious that it=E2=80=99s a bitcoin seed when found by a ma=
licious third party</span></div><span style=3D"font-size:12.8px">1. The sam=
e words are used for wallets of all kinds of coins, so it's not obvious=
it's for bitcoin.</span><div style=3D"font-size:12.8px"><br></div><div=
style=3D"font-size:12.8px">2. Anyone recognising the word "satoshi&qu=
ot; as related to cryptocurrency in general, would also recognise any mnemo=
nic.</div><div style=3D"font-size:12.8px"><br></div><div style=3D"font-size=
:12.8px">3. You could elect to skip a mnemonic that includes the word if it=
was a personal concern (but I would discourage=C2=A0selecting a mnemonic b=
ase on personal preference, as could get=C2=A0dangerously close to being a=
=C2=A0brain wallet in effect).</div><div style=3D"font-size:12.8px"><br></d=
iv><div style=3D"font-size:12.8px">4. You could choose to record just the f=
irst 4 characters of each word, "sato" is enough.</div><div style=
=3D"font-size:12.8px"><br></div><div style=3D"font-size:12.8px"><span style=
=3D"font-size:12.8px">5. Where do we stop?=C2=A0the words "coin",=
"cash", "rich" are in there too.</span><br></div><div =
style=3D"font-size:12.8px"><br></div><div style=3D"font-size:12.8px">6. Abo=
ut automated data-recovery, if you are storing=C2=A0mnemonics on HDDs or ot=
her digial=C2=A0media, then you have larger security concerns than it just =
being found during HDD recycling.</div><div style=3D"font-size:12.8px"><br>=
</div><div style=3D"font-size:12.8px">But most of all:</div><div style=3D"f=
ont-size:12.8px"><br></div><div style=3D"font-size:12.8px"><span style=3D"f=
ont-size:12.8px">7. Removing a word or changing a list <b>is impossible</b>=
as verification of an existing mnemonic requires the list. To change one w=
ord, you would need to provide an=C2=A0alternative to BIP0039 to cope with =
alternative words, or change all the words to a completely new set of 2048 =
English words so that it is clear which wordlist is in use.</span></div><di=
v style=3D"font-size:12.8px"><br></div><div style=3D"font-size:12.8px">Rega=
rds,</div><div style=3D"font-size:12.8px"><br></div><div style=3D"font-size=
:12.8px">Alan</div></div><div class=3D"gmail_extra"><br><div class=3D"gmail=
_quote">On Thu, Jan 18, 2018 at 2:55 AM, Jonathan Sterling via bitcoin-dev =
<span dir=3D"ltr"><<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.o=
rg" target=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a>></span> =
wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bord=
er-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr">All the more reas=
on to only use the most common words that meet the other criteria:=C2=A0=C2=
=A0<a href=3D"https://github.com/bitcoin/bips/blob/master/bip-0039.mediawik=
i#Wordlist" target=3D"_blank">https://github.com/<wbr>bitcoin/bips/blob/mas=
ter/bip-<wbr>0039.mediawiki#Wordlist</a>=C2=A0<div><br></div><div>I agree -=
keeping "satoshi" in there is an unnecessary security risk.<br><=
div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">Kind Regards=
,</div><div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">Jona=
than Sterling</div><div class=3D"gmail_extra"><div><div class=3D"h5"><br><d=
iv class=3D"gmail_quote">On Thu, Jan 18, 2018 at 8:14 AM, CryptAxe via bitc=
oin-dev <span dir=3D"ltr"><<a href=3D"mailto:bitcoin-dev@lists.linuxfoun=
dation.org" target=3D"_blank">bitcoin-dev@lists.<wbr>linuxfoundation.org</a=
>></span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 =
0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"auto">Why=
wouldn't they just test the frequency of words from the wordlist in en=
tirety?</div><div class=3D"m_1540042766686543635HOEnZb"><div class=3D"m_154=
0042766686543635h5"><div class=3D"gmail_extra"><br><div class=3D"gmail_quot=
e">On Jan 17, 2018 5:10 PM, "Weiwu Zhang via bitcoin-dev" <<a =
href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">bit=
coin-dev@lists.linuxfounda<wbr>tion.org</a>> wrote:<br type=3D"attributi=
on"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-lef=
t:1px #ccc solid;padding-left:1ex">2018-01-09 19:20 GMT+08:00 Ronald van de=
r Meer via bitcoin-dev<br>
<<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_bla=
nk">bitcoin-dev@lists.linuxfounda<wbr>tion.org</a>>:<br>
> After reviewing some bitcoin improvement proposals, I noticed that one=
of the words that can be found on the BIP39 English wordlist is =E2=80=9Cs=
atoshi=E2=80=9D.<br>
> I suggest removing this word from the list so it=E2=80=99s less obviou=
s that it=E2=80=99s a bitcoin seed when found by a malicious third party.<b=
r>
<br>
If a malicious third party discovers a word list that look like a<br>
seed, they would try using it as Bitcoin seed first anyway, with or<br>
without finding the word 'satoshi' in it. The security threat is th=
at<br>
a malicious third party may index what they found and test every<br>
occurrence of 'satoshi' for a lead to a seed.<br>
<br>
For example, a hard-disk recycling service would add this word to<br>
their salvage tools. Any successfully hacked gmail account will be<br>
'satoshi' tested too.<br>
<br>
So I see this as a reasonable improvement:)<br>
______________________________<wbr>_________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundat<wbr>ion.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
/mailman/listinfo/bitcoin-d<wbr>ev</a><br>
</blockquote></div></div>
</div></div><br>______________________________<wbr>_________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundat<wbr>ion.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
/mailman/listinfo/bitcoin-d<wbr>ev</a><br>
<br></blockquote></div><br><br clear=3D"all"><div><br></div></div></div><sp=
an class=3D"HOEnZb"><font color=3D"#888888">-- <br><div class=3D"m_15400427=
66686543635gmail_signature" data-smartmail=3D"gmail_signature"><div dir=3D"=
ltr">Kind Regards,<div><br></div><div>Jonathan Sterling</div><div><a href=
=3D"tel:+44%207415%20512691" value=3D"+447415512691" target=3D"_blank">+44 =
(0)7415 512691</a></div></div></div>
</font></span></div></div></div>
<br>______________________________<wbr>_________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
<wbr>linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
/mailman/listinfo/bitcoin-<wbr>dev</a><br>
<br></blockquote></div><br></div>
--94eb2c18d95465c1e605631246e4--
|