summaryrefslogtreecommitdiff
path: root/80/becea51e35f61d583e3c4cd2adf370351109fc
blob: 738a74798556ec201d82d46c3c8eb295b37ae591 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
Delivery-date: Wed, 04 Jun 2025 11:40:30 -0700
Received: from mail-yb1-f192.google.com ([209.85.219.192])
	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <bitcoindev+bncBC4PBDNG2YCRBFNGQLBAMGQEQQ2OI6I@googlegroups.com>)
	id 1uMt2M-00008P-0A
	for bitcoindev@gnusha.org; Wed, 04 Jun 2025 11:40:30 -0700
Received: by mail-yb1-f192.google.com with SMTP id 3f1490d57ef6-e7dccce14a9sf265755276.1
        for <bitcoindev@gnusha.org>; Wed, 04 Jun 2025 11:40:30 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1749062424; cv=pass;
        d=google.com; s=arc-20240605;
        b=HLh82Q1swFXQmDyr5fVyFUdK98H9llY595LvKgzx4ho+29gouiqB21OfXnhDcsZNQC
         sS8GsdAP+1cwCjvT1aKPgAVHfqOapI+ri5HAys4eUXl4zQb9l0REYVmu4E3h+sPjmt5I
         FAh25QxHSiC7TNfMj64cLqspzQJ4ZLppC8cTkDh4tnyNcKOiauQD0r2+ofv6PoEKAXOR
         TqLC79tIp9PKfG0VxEpX7nEmPteXyFFXmfQ+X5I8Znvz9Wnueexynq3oRyyb2+c6SPcG
         BDthn2pqTVOYUybUzyxiVZUZW5EDcRD4799Kzg/+9NBPqVOHdWWb6HAgR4hu3B3bcWwA
         bdkA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to:to:subject:message-id:date
         :from:in-reply-to:references:mime-version:dkim-signature;
        bh=S8/id07kdNyMx22EEuUxbQRr+vhA/LcuwrxnGGKWnXI=;
        fh=aNSXUyqE/CWz4m/Dq1KHmN0Gg0uTPPQBKo85iWwGQeQ=;
        b=FO9rEcS8USYswuFPRsWL0kqUCdjttIQGQSMbzrBwVoL9odwfPszoW2g77Mck2GStqB
         9MEiqsGwkE+g1x+X9ml2g9LU9oYxdGti7IazuDUH81i98MTaniaOzcitUqeamZabGigs
         xyaK8GC8QlMKW3yWhj/l7XJC8eGEUT2JN4Htyus0eVO3JuTc8tPrNLt6CW7AoQ3Q+y+B
         4MRN3KTauLYDemYHvieVXgUpPPjz1dE4CHz5xBTe47ny6Lt6gljAolOxkZUUijtUJbF8
         3zgYyUd9MIUONP25HZ9e3wLIEFjvYevAwqUq3I2X7pDGVcR2VYuqUtw4tvrRHa4gWeqk
         6kPA==;
        darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@blockstream.com header.s=google header.b=SL7wP31b;
       spf=pass (google.com: domain of roconnor@blockstream.com designates 2607:f8b0:4864:20::52e as permitted sender) smtp.mailfrom=roconnor@blockstream.com;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=blockstream.com;
       dara=pass header.i=@googlegroups.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1749062424; x=1749667224; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:to:subject
         :message-id:date:from:in-reply-to:references:mime-version:from:to:cc
         :subject:date:message-id:reply-to;
        bh=S8/id07kdNyMx22EEuUxbQRr+vhA/LcuwrxnGGKWnXI=;
        b=YjccWDhVFbHyjv12v3xVDDQYyqt/T18EwZrs/j5kuogi4il7PF6VwZ4OenFLN84W1l
         KnuQYLRcOOOpnUIuP8CAmaqNCo0lysytIQw5qOUxLbMTqaUPIvPrYwu7U3mT6cIdvgz5
         gH3NUGgl4eCDpEXlBztrplfV1fLa0KIDNcYidaH4/DK4CsHj5m37r0PtdtStInq0RiTs
         obToHTVGum+VXEbZRGwUqsWXu0oPAIJ2+bUaYePI2JtcY6is67PfYG15Y3BPLqocfCNP
         aBVA7jvfyXyOwPatA+70O3t3lMBw3jw1LOw75kzM9Q75uWqbBQgpBuB0egMkiTgMT1T/
         HkmA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749062424; x=1749667224;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=S8/id07kdNyMx22EEuUxbQRr+vhA/LcuwrxnGGKWnXI=;
        b=UreqCCRqcNz0+BwQ4MtJDZg7v8mBFan/cLCoffkzGhyykuOK/4SETU07K4FJ8c6P+A
         PdLlCpxQNP7uZCj/dyiHC18NuVqq8Hpz/NzOfkeM3X5Lu0JR9OscLOTSmwRzXvIq11V5
         xLGCT6BvbCYaN+weXTqAfdK8RCbfkTYoveoe6aP0brWbLOMmAgXjfSERqbFoft/MFbeI
         Aq+A5/xc9yR8kTm6sA0IJO+zd9LtZAEsR2vgAmCLEcYI4hjBbLPo8QHcO1QZcICs/9mF
         KAkLoV/fKCGx6bq4UMTA4JpVVn4rBdYy9phykvv0X1+mdUdANSIAKMzWVPjqxTyI+tXF
         Tyxg==
X-Forwarded-Encrypted: i=2; AJvYcCUuqP61OYa7LFI2qZJMqaQEU6znQRdiFZT+5TxSmNnDcacfJUt5w257dvFAsLmFDxrj4he4Ev//YqbP@gnusha.org
X-Gm-Message-State: AOJu0YwgzEKz5M8fMZ/vHf02ADcCaMMh4EDbffMSs2rG1Mr1mLhUdik2
	dxb+EkPtaKbzVhX/abLeoOHp+pyAaVzDQwOZl4dD5vj0nZv60o3m5f/9
X-Google-Smtp-Source: AGHT+IFg33LBaj3K9q/F/o+Lt3yyuS9U2SfOnDJAruzmk1w5SiSJec7BxZRyICepYLg9BCKQu1shPw==
X-Received: by 2002:a05:6902:15c1:b0:e81:4689:686b with SMTP id 3f1490d57ef6-e8179c1e6a1mr5335932276.6.1749062424237;
        Wed, 04 Jun 2025 11:40:24 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZc3M3+6yLHQtgifn+ZZ4QXp4wwQ5aWYv5eLAwog/6fl7A==
Received: by 2002:a25:6983:0:b0:e7d:cee1:1ba9 with SMTP id 3f1490d57ef6-e8188a59432ls101618276.2.-pod-prod-08-us;
 Wed, 04 Jun 2025 11:40:20 -0700 (PDT)
X-Received: by 2002:a05:690c:600a:b0:70e:2b60:1562 with SMTP id 00721157ae682-710d9a43848mr55317747b3.16.1749062420785;
        Wed, 04 Jun 2025 11:40:20 -0700 (PDT)
Received: by 2002:a05:690c:360a:b0:70e:3f3a:2c12 with SMTP id 00721157ae682-710d7084f23ms7b3;
        Wed, 4 Jun 2025 10:45:18 -0700 (PDT)
X-Received: by 2002:a05:6902:2609:b0:e7d:9f57:e2a3 with SMTP id 3f1490d57ef6-e8179c5350amr4809418276.22.1749059117709;
        Wed, 04 Jun 2025 10:45:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1749059117; cv=none;
        d=google.com; s=arc-20240605;
        b=LLnf75rTxDNIvwl/NbR0mHHdepnXZyaCRacYQnrH8JiQdq83NRsbR8WfEdRVsqJfiA
         J1diAfXyItB++W6PXNOnElfmmryb2ifY5ypDKuWSbtUbhm69B4PaNr9BI94USLWA35/P
         PiAt40jsTIZSe8oGAWyQE2cDwnJ8qXdV41F0NzmsR05FgPellnhDCDr4ZaqfXUY1qHYs
         AhY6rLLdhDSFn9Bv3nd4jbRXNDle0Rqlejwvl/cUS7SisA3cXBB7zY8IZs3YbjKP8vPQ
         iafkybe8kMSgmSj3vBt2DpVTCvK4QlfjF/aFV+v9ySAI3pLewKqvaRuB5wfaKWwePiJ9
         JfPw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=td3/6q0fVAwF6rdDyjfjEZ9jTAFGfEI21GMyRTTSb2U=;
        fh=VcGcg+Zjs9gw1uDcHbxsAILhBAcecnbJzZRdxgKVDIc=;
        b=Wg+pm02kHrWk7S26eTYQqBTb71SAEVatGQByCL5qOL4gc3oESd+cnFvOEDYtLp5dYZ
         LfNotDaqmwx633Ze8SnWWeq3t409ZqTqVHXPWXqsVSNDcEQTvfb3VZXxEpCyZNuMe5xW
         ntyVvDVZvlYNCfPOpbaioKcjRF0PKwn5mT+tE66hRlSuVigFbGIFhVE1zR2ftQtJFMo4
         uRG4yU1VhcTPvKAPe9iKlVI3/0L/51Xyc9AgFYvmXSXXZa3sdYruLzjtNCYKH0TGHA5D
         2ZnC9PGvSlQ1VEF5ZMws+6NVsJRNKnBZMOPOzUsS/6FOy+x8dbV+XZrbU/+5d2TKDeld
         zcdQ==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@blockstream.com header.s=google header.b=SL7wP31b;
       spf=pass (google.com: domain of roconnor@blockstream.com designates 2607:f8b0:4864:20::52e as permitted sender) smtp.mailfrom=roconnor@blockstream.com;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=blockstream.com;
       dara=pass header.i=@googlegroups.com
Received: from mail-pg1-x52e.google.com (mail-pg1-x52e.google.com. [2607:f8b0:4864:20::52e])
        by gmr-mx.google.com with ESMTPS id 3f1490d57ef6-e7f734a296bsi711497276.3.2025.06.04.10.45.17
        for <bitcoindev@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 04 Jun 2025 10:45:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of roconnor@blockstream.com designates 2607:f8b0:4864:20::52e as permitted sender) client-ip=2607:f8b0:4864:20::52e;
Received: by mail-pg1-x52e.google.com with SMTP id 41be03b00d2f7-b2d46760950so74226a12.3
        for <bitcoindev@googlegroups.com>; Wed, 04 Jun 2025 10:45:17 -0700 (PDT)
X-Gm-Gg: ASbGncvxVDh865vgVdMtXRu7Tdy65L9PesSnwp7+NXlSjWQWYiJru89B+4b25Uuvx63
	2yrIzHUACCW5iLUW4KAZHbssSw9Rsp9opUkxZoA790JTKE7MNzgmsfKjNLfWAoU2NOBAsnsYgiL
	sAJsFMC/jozwAEjE82n0zWbh9QsHjFmlwCNFYLK/nYvy8=
X-Received: by 2002:a17:90b:5107:b0:312:eaea:afa1 with SMTP id
 98e67ed59e1d1-3130cdb31a5mr5364021a91.29.1749059116678; Wed, 04 Jun 2025
 10:45:16 -0700 (PDT)
MIME-Version: 1.0
References: <20250523131541.1521C7C0DB0@smtp.postman.i2p> <20250524205608.D723F7C1191@smtp.postman.i2p>
 <20250525154052.28C0E7C1013@smtp.postman.i2p> <20250525214153.163D47C0BC6@smtp.postman.i2p>
In-Reply-To: <20250525214153.163D47C0BC6@smtp.postman.i2p>
From: "'Russell O'Connor' via Bitcoin Development Mailing List" <bitcoindev@googlegroups.com>
Date: Wed, 4 Jun 2025 13:45:04 -0400
X-Gm-Features: AX0GCFtSPnn2pYdwdrEFrFZf254av3FQdOxSAS_ZdYkHUJ8o2f0clOuP3tXbZW8
Message-ID: <CAMZUoKnzDf0hMC-i4Xis3GXW96fWRwJgKSzzcj5aqGg3zGM8Kg@mail.gmail.com>
Subject: Re: [bitcoindev] BIP39 Extension for Manual Seed Phrase Creation
To: bitcoindev@googlegroups.com
Content-Type: multipart/alternative; boundary="0000000000005756b10636c28f1a"
X-Original-Sender: roconnor@blockstream.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@blockstream.com header.s=google header.b=SL7wP31b;       spf=pass
 (google.com: domain of roconnor@blockstream.com designates
 2607:f8b0:4864:20::52e as permitted sender) smtp.mailfrom=roconnor@blockstream.com;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=blockstream.com;
       dara=pass header.i=@googlegroups.com
X-Original-From: "Russell O'Connor" <roconnor@blockstream.com>
Reply-To: "Russell O'Connor" <roconnor@blockstream.com>
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -1.0 (-)

--0000000000005756b10636c28f1a
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Wed, Jun 4, 2025 at 3:57=E2=80=AFAM pithosian <pithosian@i2pmail.org> wr=
ote:

> I'm not totally against thinking about different ways to (effectively)
> represent the data you'd use a descriptor for for simple use-cases,
> just not personally convinced on the utility of a purely
> hand-calculated mnemonic given the requirement of running (off the top
> of my head) SHA512 PBKDF2 for the BIP 32 seed, and a SHA512 HMAC for
> going from that to the root priv.
>

IMHO, the difference is that it is at least possible to cross-check the
derivation of pubkeys and addresses from the master seed using hardware
from different vendors.  However it isn't really possible to cross-check
the quality of the initial random generation.  Some people are going to
prefer to generate that randomness by hand in a fully transparent process
and not hidden within some computer chip using a noisy transistor or
whatever.

Once again, I want to reiterate for this thread that there already exists a
BIP for a hand-computable friendly master secret format, which is BIP-93
(codex32).  Yes, hand computing the checksum for BIP-93 is a pain, but
unlike BIP-39's checksum, it is actually doable.  And unlike BIP-39's
checksum, the checksum for codex32 is actually an error-correcting code, so
you can actually repair errors and erasures in the data.  It is even
possible to use an untrusted computer to repair your codex32 string so that
the computer learns practically zero information about your secret or
secret share.

--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
CAMZUoKnzDf0hMC-i4Xis3GXW96fWRwJgKSzzcj5aqGg3zGM8Kg%40mail.gmail.com.

--0000000000005756b10636c28f1a
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_quote gmail_quote_container"><div =
dir=3D"ltr" class=3D"gmail_attr">On Wed, Jun 4, 2025 at 3:57=E2=80=AFAM pit=
hosian &lt;<a href=3D"mailto:pithosian@i2pmail.org">pithosian@i2pmail.org</=
a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0p=
x 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I&=
#39;m not totally against thinking about different ways to (effectively)<br=
>
represent the data you&#39;d use a descriptor for for simple use-cases,<br>
just not personally convinced on the utility of a purely<br>
hand-calculated mnemonic given the requirement of running (off the top<br>
of my head) SHA512 PBKDF2 for the BIP 32 seed, and a SHA512 HMAC for<br>
going from that to the root priv.<br></blockquote><div>=C2=A0</div><div>IMH=
O, the difference is that it is at least possible to cross-check the deriva=
tion of pubkeys and addresses from the master seed using hardware from diff=
erent vendors.=C2=A0 However it isn&#39;t really possible to cross-check th=
e quality of the initial random generation.=C2=A0 Some people are going to =
prefer to generate that randomness by hand in a fully transparent process a=
nd not hidden within some computer chip using a noisy transistor or whateve=
r.</div><div><br></div><div>Once again, I want to reiterate for this thread=
 that there already exists a BIP for a hand-computable friendly master secr=
et format, which is BIP-93 (codex32).=C2=A0 Yes, hand computing the checksu=
m for BIP-93 is a pain, but unlike BIP-39&#39;s checksum, it is actually do=
able.=C2=A0 And unlike BIP-39&#39;s checksum, the checksum for codex32 is a=
ctually an error-correcting code, so you can actually repair errors and era=
sures in the data.=C2=A0 It is even possible to use an untrusted computer t=
o repair your codex32 string so that the computer learns practically zero i=
nformation about your secret or secret share.</div><div><br></div></div></d=
iv>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/CAMZUoKnzDf0hMC-i4Xis3GXW96fWRwJgKSzzcj5aqGg3zGM8Kg%40mail.gmail=
.com?utm_medium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/ms=
gid/bitcoindev/CAMZUoKnzDf0hMC-i4Xis3GXW96fWRwJgKSzzcj5aqGg3zGM8Kg%40mail.g=
mail.com</a>.<br />

--0000000000005756b10636c28f1a--