From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1W6chw-00044r-9I for bitcoin-development@lists.sourceforge.net; Fri, 24 Jan 2014 09:05:48 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.149.56 as permitted sender) client-ip=62.13.149.56; envelope-from=pete@petertodd.org; helo=outmail149056.authsmtp.com; Received: from outmail149056.authsmtp.com ([62.13.149.56]) by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1W6chu-0002La-A1 for bitcoin-development@lists.sourceforge.net; Fri, 24 Jan 2014 09:05:48 +0000 Received: from mail-c237.authsmtp.com (mail-c237.authsmtp.com [62.13.128.237]) by punt17.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s0O95d3E097507; Fri, 24 Jan 2014 09:05:39 GMT Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s0O95WZa053234 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Fri, 24 Jan 2014 09:05:35 GMT Date: Fri, 24 Jan 2014 04:05:32 -0500 From: Peter Todd To: Thomas Voegtlin Message-ID: <20140124090532.GB15398@savin> References: <20140120223502.GA1055@petertodd.org> <52DDB8AB.4010103@gmx.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="1UWUbFP1cBYEclgG" Content-Disposition: inline In-Reply-To: <52DDB8AB.4010103@gmx.de> User-Agent: Mutt/1.5.21 (2010-09-15) X-Server-Quench: afbc67be-84d6-11e3-94fa-002590a135d3 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aAdMdAYUElQaAgsB AmIbW11eUFh7WmY7 bAxPbAVDY01GQQRq WVdMSlVNFUsrAWMI A3l0Axl3dAdFfDB4 YkZkECENDhd8chQo X0ZQQWsbZGY1a30W VBYJagNUcgZDfk5E aVUrVz1vNG8XDQg5 AwQ0PjZ0MThBJSBS WgQAK04nCWwqJmZk HEFQVRsuG0QBDy46 KxhO X-Authentic-SMTP: 61633532353630.1024:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 76.10.178.109/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1W6chu-0002La-A1 Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] BIP0039: Final call X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Jan 2014 09:05:48 -0000 --1UWUbFP1cBYEclgG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 21, 2014 at 01:00:43AM +0100, Thomas Voegtlin wrote: > Hi slush, >=20 > Thank you for your new proposal; it seems to be a compromise. >=20 > @Christophe Biocca: > If the wordlist becomes part of the standard, then we will run into > problems of collisions once users ask for wordlists in every language. >=20 > IMO the right approach is to implement checksums that do not depend > on the wordlist (eg the 'brute force' method, Hash(mnemonic||1) mod > 2^k =3D=3D 0 ) > this would also allow us to implement sipa's variable stretching proposal. >=20 > I understand this is not possible because of the computational > requirements of devices such as trezor. Is it? Surely the trezor can bruteforce, say, 8 bits =3D=3D 0. How many SHA256/sec can the trezor hardware do? Generating your seed is a one-time thing after all - that taking 10-30s doesn't seem like a big deal to me. Even a 1/256th "checksum" will really cut down on the number of mistakes made and money lost. --=20 'peter'[:-1]@petertodd.org 0000000000000001d8b9d438c18e856735ddae5b1d918416010350d19794aab6 --1UWUbFP1cBYEclgG Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQGrBAEBCACVBQJS4izbXhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw MDAwMDAwMDAwMDAwMDFkOGI5ZDQzOGMxOGU4NTY3MzVkZGFlNWIxZDkxODQxNjAx MDM1MGQxOTc5NGFhYjYvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0 ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkft/rAgAtYnXDiVpLS+UpFTqLAjq8bzk wlmz9FxyQXskZ6O7xPcyHHCvrg+OHi8jV8gdzIUjGT3j6u9afO3PYrb0UjFhhmbJ CeArxFYfmSowgUOFhQi3qYsIfEXqc0PGTnQ4VVWReoaBbhNnNgqDMtbIGydlTS+Q kT4mnqyDXkx2mTz/5cVUxmvqMFdfGI8ZqsvnOoXk5rAwgTvAnxAe4xAapsSz+5x+ EpMccC1+eGdf1vJzmv75ZAleKFhrm6ruTTTCedTwXjn3tVyC/HbLalWWxY9WLDTS X3v+6kORnFucTzUZl8S2XHxJZ7TYaWlKuw3kPPfqP+WFiBhG21Zmuxrs6DY0cA== =eGcy -----END PGP SIGNATURE----- --1UWUbFP1cBYEclgG--