From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 4FECC7D for ; Sat, 14 May 2016 16:14:48 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from server3 (server3.include7.ch [144.76.194.38]) by smtp1.linuxfoundation.org (Postfix) with ESMTP id 4DFCC13D for ; Sat, 14 May 2016 16:14:47 +0000 (UTC) Received: by server3 (Postfix, from userid 115) id 4411F2E60526; Sat, 14 May 2016 18:14:46 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, FSL_HELO_NON_FQDN_1 autolearn=ham version=3.3.1 Received: from Jonass-MacBook-Pro.local (unknown [213.55.184.179]) by server3 (Postfix) with ESMTPSA id 5190C2D0046E; Sat, 14 May 2016 18:14:44 +0200 (CEST) To: Pavol Rusnak , Bitcoin Protocol Discussion References: <5735D3A4.7090608@mycelium.com> <5735EC17.5040901@satoshilabs.com> <5735FC99.5090001@satoshilabs.com> <57361577.7060207@satoshilabs.com> <5736DEEA.5030603@jonasschnelli.ch> <57373116.90902@satoshilabs.com> From: Jonas Schnelli Message-ID: <57374EF3.3000705@jonasschnelli.ch> Date: Sat, 14 May 2016 18:14:43 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <57373116.90902@satoshilabs.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="e3qJJTJ5LMCGlx6lff0T8o0sTlSxHgUbt" Subject: Re: [bitcoin-dev] Bip44 extension for P2SH/P2WSH/... X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 May 2016 16:14:48 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --e3qJJTJ5LMCGlx6lff0T8o0sTlSxHgUbt Content-Type: multipart/mixed; boundary="4LxGoVglmqPTDikLSsKwE8FkvDoHU3XBB" From: Jonas Schnelli To: Pavol Rusnak , Bitcoin Protocol Discussion Message-ID: <57374EF3.3000705@jonasschnelli.ch> Subject: Re: [bitcoin-dev] Bip44 extension for P2SH/P2WSH/... References: <5735D3A4.7090608@mycelium.com> <5735EC17.5040901@satoshilabs.com> <5735FC99.5090001@satoshilabs.com> <57361577.7060207@satoshilabs.com> <5736DEEA.5030603@jonasschnelli.ch> <57373116.90902@satoshilabs.com> In-Reply-To: <57373116.90902@satoshilabs.com> --4LxGoVglmqPTDikLSsKwE8FkvDoHU3XBB Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable > On 14/05/16 10:16, Jonas Schnelli via bitcoin-dev wrote: >> Importing a bip32 wallet (bip44 or not) is still an expert job IMO. >=20 > That's simply not true. All reasonable wallets (reasonable =3D user > oriented) now use BIP39 mnemonic for doing exactly this. AFAIK: Bip39 import (cross-wallet) is not supported by Schildbachs android wallet [1] and Electrum [2] and Breadwallet [3]. But I think forming a BIP39 mnemonic into a extended master private key is not the problem here. The problems I see: * What if the "old" wallet has used more then 1000 addresses? I guess some wallets do not even create a lookup window up to 1000 addresses. There is a high chance of loosing funds when doing sweep (move all funds to a new wallet) operation. * I guess most or maybe all wallets will keep all keys (the "lookup-window" keys) in the wallet database which could affect performance [4] * I guess most wallets do not offer "moving the funds to a new seed" [5] which results in not solving the problem of a "lost" or "compromised" wallet and implies wrong security to the enduser. * If I import a bip39 mnemonic into a hardware wallet (assume Trezor or Keepkey) I have to type in the words into my computer which bypasses some of the security my hardware wallet provides me (MITM seed attack). Together with the point above this reduces the security of a wallet (in particular cold storage significant). Please correct me if I'm wrong. I just wanted to point out that importing a wallet is a tricky step especially cross-wallet imports (I think cross wallet imports is an experts job without further improvements). [1] https://github.com/bitcoin-wallet/bitcoin-wallet/issues/245 [2] http://docs.electrum.org/en/latest/seedphrase.html [3] https://github.com/voisine/breadwallet/issues/360 [4] https://github.com/bitcoin-wallet/bitcoin-wallet/issues/158 [5] https://github.com/voisine/breadwallet/blob/master/BreadWallet/BRRestoreV= iewController.m#L225 --4LxGoVglmqPTDikLSsKwE8FkvDoHU3XBB-- --e3qJJTJ5LMCGlx6lff0T8o0sTlSxHgUbt Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXN07zAAoJECnUvLZBb1PslmEP/1XN+TIgYpU4pifQobd5Nfu4 k68od0IUEh8Qg/wmkN+xfpqkD6PgmiTQCdDFnXvV6LhOZYbdkEpOhpIS6CYu9OsY hKeuKJgnKxTOLf+KBPSfM9qL16hSwK/B76aIYImXSokT4MFvG3RnkkktiA0ccc9x cydaW5nT9iVW/oIlTBMNLEODcd8OcyrBrfS0JITZNDrBCVHcD3ILpwH34Yu1sn2M LeoCSvpJIwtp+/M31Og0mMle+DVLU6I82a/iMufzO8hUL24M5Kxu2HpjfHoq4vcO lBmNGANeqxgoj+xpH86X/Ao2hits8syXsDzzUYBp2LEH6AGQoCwcwzgiCF0unnBU uZrSH1cOYNsGwQi8KWCd+dMN60OwE63FlAxgdC6fMMrdMCHscyQWwPWeeRdWhzgi /cPmKgp1L6rS3kASKHPVLq6LUqapGKy+D2/flCu596KqmYqYDXrXlZhU4hOtPDrk XWOXJYQqZ8qUbWP9OpN7bD8lvbizfl+BFFNetTYczjPAgq+OKkJleS0WckkxbI72 p9Ltmg+ZkvaI863UHw6iyeByUSYW/NhGrSBOE8MWjIfx7hB+WsJ4dAJJZe83r1ty AtmLwdIKlOeFJlQAQaym0FEGEkC1GNXU3IKQ9y7cPvzPw3CPQW6rxV+eGX2vrJRp 2MZy6P7mMWTzfGtVXa9E =12xE -----END PGP SIGNATURE----- --e3qJJTJ5LMCGlx6lff0T8o0sTlSxHgUbt--