From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1W5NR4-0001Co-Nf for bitcoin-development@lists.sourceforge.net; Mon, 20 Jan 2014 22:35:14 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.148.99 as permitted sender) client-ip=62.13.148.99; envelope-from=pete@petertodd.org; helo=outmail148099.authsmtp.net; Received: from outmail148099.authsmtp.net ([62.13.148.99]) by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1W5NR2-0007fJ-LB for bitcoin-development@lists.sourceforge.net; Mon, 20 Jan 2014 22:35:14 +0000 Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235]) by punt18.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s0KMZ6qO031379; Mon, 20 Jan 2014 22:35:06 GMT Received: from petertodd.org (petertodd.org [174.129.28.249]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s0KMZ2jw042005 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 20 Jan 2014 22:35:04 GMT Date: Mon, 20 Jan 2014 17:35:02 -0500 From: Peter Todd To: Brooks Boyd Message-ID: <20140120223502.GA1055@petertodd.org> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="BXVAT5kNtrzKuDFl" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Server-Quench: 1bb97ca8-8223-11e3-b802-002590a15da7 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aAdMdAIUElQaAgsB AmIbWVZeU1h7WWY7 ag1VcwRfa1RMVxto VEFWR1pVCwQmQhx6 e3QcCF5ycwdGeHs+ bUBrWT5aDhZzchUs SlNcF28FeGZhPWMC AkhYdR5UcAFPdx8U a1UrBXRDAzANdhES HhM4ODE3eDlSNilR RRkIIFQOdA4hPwZk H0tTT30BHEsMQ204 JhgiQmv9 X-Authentic-SMTP: 61633532353630.1023:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 174.129.28.249/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1W5NR2-0007fJ-LB Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] BIP0039: Final call X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jan 2014 22:35:14 -0000 --BXVAT5kNtrzKuDFl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 20, 2014 at 04:05:14PM -0600, Brooks Boyd wrote: > On Mon, Jan 20, 2014 at 11:42 AM, slush wrote: >=20 > > Hi all, > > > > during recent months we've reconsidered all comments which we received > > from the community about our BIP39 proposal and we tried to meet all > > requirements for such standard. Specifically the proposal now doesn't > > require any specific wordlist, so every client can use its very own lis= t of > > preferred words. Generated mnemonic can be then applied to any other > > BIP39-compatible client. Please follow current draft at > > https://github.com/trezor/bips/blob/master/bip-0039.mediawiki. >=20 > So, because the [mnemonic]->[bip32 root] is just hashing, you've > effectively made your "mnemonic sentence" into a brainwallet? Since every > mnemonic sentence can now lead to a bip32 root, and only the client that > created the mnemonic can verify the mnemonic passes its checksum (assuming > all clients use different wordlists, the only client that can help you if > you fat-finger the sentence is the client that created it)? That issue is more than enough to get a NACK from me on making the current BIP39 draft a standard - I can easily see that leading to users losing a lot of money. Have any wallets implemented BIP39 this way already in released code? --=20 'peter'[:-1]@petertodd.org 00000000000000009c3092c0b245722363df8b29cfbb86368f4f7303e655983a --BXVAT5kNtrzKuDFl Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBCAAGBQJS3aSVAAoJEBmcgzuo5/CFeJwIAJrYSPoaXgfAX6iZVZMJMC56 KgqV85g8xvA1cWeiyf2WtAk2t7+WBkO6tKCAH691AmIilKOxfG0hZL5ZxVYYK6Ds ZOVy8ACD4nddxHaS9gdw/vUjzKKPCNvBw3EUI9YjFz2YANnURnSlKGerV8ySHb+M MW4lfGdDJ7s5FFxwPITRQdLhh3DUBcae+w/41XK7Bpq21WOn/tg20f2l+lCHTcq0 b11pfS8DNDaYxGtKFPmkzO9gvl/0WO4cec3T/mvo8gOUVisDhF4A+baYEHFOhfY3 qcqPJU4KIf4ilNIYS0IrVaR3CrlRSZr1oB8Sk6D+Oirzz2il62nLHe29me/95pg= =iSmS -----END PGP SIGNATURE----- --BXVAT5kNtrzKuDFl--