From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 45372E4D for ; Mon, 8 Jan 2018 07:35:55 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-yb0-f170.google.com (mail-yb0-f170.google.com [209.85.213.170]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 35A2C163 for ; Mon, 8 Jan 2018 07:35:54 +0000 (UTC) Received: by mail-yb0-f170.google.com with SMTP id b132so993146yba.5 for ; Sun, 07 Jan 2018 23:35:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ThkAivM8PtJPG21hF92LvgReIrAHyMCCVhV25LKdKX4=; b=loIsCmQEwCzl2ExLiVHUNcyEvFwqakyYruVXn0zUTciOzKM/ziS98aZMwbRyCIIGKQ 2HwGy5DYrIxnUghFeDSIc6liz4xHU9SS+TY/DUrZLcwFaicvkbargg45zfNiqyyY6lAv 8DZzcdtbH+/jeRS5VeLm8T16MzRwJoB+t/V7LDO2rxBC+RZ31VHW9Pzff98GVdpCJpvY nSK2y1oioeb1YPV1FZNW8BYIVAmG2iJvuI2PVLqhOhazFhCNu4dW8NmjVjPQFKnlU3Qq byIWu0EhbbnjHr/AuR9yMSBnG7xfz7lRWEenpi3VBj09r5q+Nd/viq669nvoR+ArNXZc 8dwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ThkAivM8PtJPG21hF92LvgReIrAHyMCCVhV25LKdKX4=; b=t0lDHn3fX9tj8L14XfqnZEvuj0lv7LIBUeJhBtiDsN4eBY1HO+1Wr/Hh/Xan3cMRRz x6LTYBYXZtgOchYu+BLmTsCchTM6hjZ2lufO7aX+yrYEFHP2IoS3WHHue+Aw2p1y/mNA xCnTq6lsO0rkwDge2ArlXYfPzWR8dU7/RAH4UgRAuPFF47v3lxgmpF33awvNF3Ij2whh 8TdGRlG06IbSXDb3CNoFwoN1/QYdmuzBvGTT8hmrYGNvCCI+0cB9qkzcj164QrAQydAa urbdROsOg8PFJWMSVFEzTZKn3mjrzBBwYN31q1ekPL6bywiKoUJZ1UtG+tSVibIS+h7C RV5w== X-Gm-Message-State: AKGB3mKHrxD81uQnaHY6+Y6DB19NjA+y2fnKmzQDSKDTxXZRlCpTjztV s4JpFoQ+unZDxrtZIeZb4QGrWaFPvUiUP2BBoV0= X-Google-Smtp-Source: ACJfBosPY2j0mJZqSBxH5d1MPTSVsm6DW8fYWRElyH7mMSM9G+R3d5i0uEPARLWc8Xya6257I3m5nwav/q4QHibjTeo= X-Received: by 10.37.215.74 with SMTP id o71mr10133482ybg.406.1515396953174; Sun, 07 Jan 2018 23:35:53 -0800 (PST) MIME-Version: 1.0 Received: by 10.129.87.69 with HTTP; Sun, 7 Jan 2018 23:35:52 -0800 (PST) In-Reply-To: References: <57f5fcd8644c6f6472cd6a91144a6152@nym.zone> From: =?UTF-8?B?5pyo44OO5LiL44GY44KH44Gq?= Date: Mon, 8 Jan 2018 16:35:52 +0900 Message-ID: To: Pavol Rusnak Content-Type: multipart/alternative; boundary="94eb2c06a5a016773d05623ed9f6" X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, TRACKER_ID autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] BIP 39: Add language identifier strings for wordlists X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jan 2018 07:35:55 -0000 --94eb2c06a5a016773d05623ed9f6 Content-Type: text/plain; charset="UTF-8" This is very sad. The number one problem in Japan with BIP39 seeds is with English words. I have seen a 60 year old Japanese man writing down his phrase (because he kept on failing recovery), and watched him write down "aneter" for "amateur"... So instead I had him use Copay which generates Japanese words, wrote it down 20x faster, and perfectly. Was able to recovery on the first try. Imagine if I didn't tell him to try recovery before using it? (iirc Trezor doesn't say to wipe and recover before using???) If you understand English and can spell, you read a word, your brain processes the word, and you can spell it on your own when writing down. Not many Japanese people can do that, so they need to copy letter for letter, taking a long time, and still messing up on occasion. Even native English speakers who can't spell can mess it up badly too. To be honest, a key storage format that doesn't support multiple languages is much more dangerous than any doomsday situation you can think of for supporting them. BIP39 states that seed derivation is INDEPENDENT of wordlists, and that failure to verify checksum (not knowing the wordlist falls under this) should "WARN" the user and not fail, continuing to derive the seed anyways. Currently the only wallet I know of following this part of the BIP is, ironically Electrum. I can recover any BIP39 phrase from any wordlist even if Electrum doesn't know it. I really hope you reconsider multi-language support for everything moving forward. I understand it's a nightmare to plan for and support, which is fine if you were just developing a piece of software sold by a company based in a western country... but you are trying to make a standard for an international currency. Defining "everyone should only use English, because ASCII is easier to plan for" is not a good way to move forward as a currency. I am just thinking of all the users I will have to help out down the road when they come crying to me saying they can't recover, and it turns out they wrote down some non-English gibberish in roman characters claiming "I wrote the English just as it was on the screen!" and I have to write a brute force script to try all the word combinations for the mystery words. (I have done this before) Just my two cents. Not to be accusatory or anything. Please reconsider. Thanks. 2018-01-08 0:16 GMT+09:00 Pavol Rusnak via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org>: > On 05/01/18 14:58, nullius via bitcoin-dev wrote: > > I propose and request as an enhancement that the BIP 39 wordlist set > > should specify canonical native language strings to identify each > > wordlist, as well as short ASCII language codes. At present, the > > languages are identified only by their names in English. > > I am advising not to use any other language than English for BIP39. I > got persuaded to allow more languages when writing BIP39 spec, but I > learned that it was something I should've been more persistently against. > > I am currently drafting a new standard[1] which will allow also Shamir > Secret Scheme Splitting and there we disallow usage of a custom wordlist > in order to eradicate this mess. Will try to push this as BIP too once > we get it to the point we are OK with the contents. > > https://github.com/satoshilabs/slips/blob/master/slip-0039.md > > -- > Best Regards / S pozdravom, > > Pavol "stick" Rusnak > CTO, SatoshiLabs > > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > -- -----BEGIN PGP PUBLIC KEY BLOCK----- Comment: http://openpgpjs.org xsBNBFTmJ8oBB/9rd+7XLxZG/x/KnhkVK2WBG8ySx91fs+qQfHIK1JrakSV3 x6x0cK3XLClASLLDomm7Od3Q/fMFzdwCEqj6z60T8wgKxsjWYSGL3mq8ucdv iBjC3wGauk5dQKtT7tkCFyQQbX/uMsBM4ccGBICoDmIJlwJIj7fAZVqGxGOM bO1RhYb4dbQA2qxYP7wSsHJ6/ZNAXyEphOj6blUzdqO0exAbCOZWWF+E/1SC EuKO4RmL7Imdep7uc2Qze1UpJCZx7ASHl2IZ4UD0G3Qr3pI6/jvNlaqCTa3U 3/YeJwEubFsd0AVy0zs809RcKKgX3W1q+hVDTeWinem9RiOG/vT+Eec/ABEB AAHNI2tpbm9zaGl0YSA8a2lub3NoaXRham9uYUBnbWFpbC5jb20+wsByBBAB CAAmBQJU5ifRBgsJCAcDAgkQRB9iZ30dlisEFQgCCgMWAgECGwMCHgEAAC6Z B/9otobf0ASHYdlUBeIPXdDopyjQhR2RiZGYaS0VZ5zzHYLDDMW6ZIYm5CjO Fc09ETLGKFxH2RcCOK2dzwz+KRU4xqOrt/l5gyd50cFE1nOhUN9+/XaPgrou WhyT9xLeGit7Xqhht93z2+VanTtJAG6lWbAZLIZAMGMuLX6sJDCO0GiO5zxa 02Q2D3kh5GL57A5+oVOna12JBRaIA5eBGKVCp3KToT/z48pxBe3WAmLo0zXr hEgTSzssfb2zTwtB3Ogoedj+cU2bHJvJ8upS/jMr3TcdguySmxJlGpocVC/e qxq12Njv+LiETOrD8atGmXCnA+nFNljBkz+l6ADl93jHzsBNBFTmJ9EBCACu Qq9ZnP+aLU/Rt6clAfiHfTFBsJvLKsdIKeE6qHzsU1E7A7bGQKTtLEnhCCQE W+OQP+sgbOWowIdH9PpwLJ3Op+NhvLlMxRvbT36LwCmBL0yD7bMqxxmmVj8n vlMMRSe4wDSIG19Oy7701imnHZPm/pnPlneg/Meu/UffpcDWYBbAFX8nrXPY vkVULcI/qTcCxW/+S9fwoXjQhWHaiJJ6y3cYOSitN31W9zgcMvLwLX3JgDxE flkwq/M+ZkfCYnS3GAPEt8GkVKy2eHtCJuNkGFlCAmKMX0yWzHRAkqOMN5KP LFbkKY2GQl13ztWp82QYJZpj5af6dmyUosurn6AZABEBAAHCwF8EGAEIABMF AlTmJ9QJEEQfYmd9HZYrAhsMAABKbgf/Ulu5JAk4fXgH0DtkMmdkFiKEFdkW 0Wkw7Vhd5eZ4NzeP9kOkD01OGweT9hqzwhfT2CNXCGxh4UnvEM1ZMFypIKdq 0XpLLJMrDOQO021UjAa56vHZPAVmAM01z5VzHJ7ekjgwrgMLmVkm0jWKEKaO n/MW7CyphG7QcZ6cJX2f6uJcekBlZRw9TNYRnojMjkutlOVhYJ3J78nc/k0p kcgV63GB6D7wHRF4TVe4xIBqKpbBhhN+ISwFN1z+gx3lfyRMSmiTSrGdKEQe XSIQKG8XZQZUDhLNkqPS+7EMV1g7+lOfT4GhLL68dUXDa1e9YxGH6zkpVECw Spe3vsHZr6CqFg== =/vUJ -----END PGP PUBLIC KEY BLOCK----- --94eb2c06a5a016773d05623ed9f6 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
This is very sad.

The number one proble= m in Japan with BIP39 seeds is with English words.

I have seen a 60 year old Japanese man writing down his phrase (because he= kept on failing recovery), and watched him write down "aneter" f= or "amateur"...
So instead I had him use Copay which ge= nerates Japanese words, wrote it down 20x faster, and perfectly. Was able t= o recovery on the first try.
Imagine if I didn't tell him to = try recovery before using it? (iirc Trezor doesn't say to wipe and reco= ver before using???)

If you understand English and= can spell, you read a word, your brain processes the word, and you can spe= ll it on your own when writing down.
Not many Japanese people can= do that, so they need to copy letter for letter, taking a long time, and s= till messing up on occasion.
Even native English speakers who can= 't spell can mess it up badly too.

To be hones= t, a key storage format that doesn't support multiple languages is much= more dangerous than any doomsday situation you can think of for supporting= them.

BIP39 states that seed derivation is INDEPE= NDENT of wordlists, and that failure to verify checksum (not knowing the wo= rdlist falls under this) should "WARN" the user and not fail, con= tinuing to derive the seed anyways.
Currently the only wallet I k= now of following this part of the BIP is, ironically Electrum. I can recove= r any BIP39 phrase from any wordlist even if Electrum doesn't know it.<= br>

I really hope you reconsider multi-language su= pport for everything moving forward.

I understand = it's a nightmare to plan for and support, which is fine if you were jus= t developing a piece of software sold by a company based in a western count= ry... but you are trying to make a standard for an international currency. = Defining "everyone should only use English, because ASCII is easier to= plan for" is not a good way to move forward as a currency.
=
I am just thinking of all the users I will have to help out = down the road when they come crying to me saying they can't recover, an= d it turns out they wrote down some non-English gibberish in roman characte= rs claiming "I wrote the English just as it was on the screen!" a= nd I have to write a brute force script to try all the word combinations fo= r the mystery words. (I have done this before)

Just my two cents. Not to be accusatory or anything.
Please = reconsider. Thanks.

2018-01-08 0:16 GMT+09:00 Pavol Rusnak via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>:
On 05/01/18 14:58, nullius vi= a bitcoin-dev wrote:
> I propose and request as an enhancement that the BIP 39 wordlist set > should specify canonical native language strings to identify each
> wordlist, as well as short ASCII language codes.=C2=A0 At present, the=
> languages are identified only by their names in English.

I am advising not to use any other language than English for BIP39. = I
got persuaded to allow more languages when writing BIP39 spec, but I
learned that it was something I should've been more persistently agains= t.

I am currently drafting a new standard[1] which will allow also Shamir
Secret Scheme Splitting and there we disallow usage of a custom wordlist in order to eradicate this mess. Will try to push this as BIP too once
we get it to the point we are OK with the contents.

https://github.com/satoshilabs/sli= ps/blob/master/slip-0039.md

--
Best Regards / S pozdravom,

Pavol "stick" Rusnak
CTO, SatoshiLabs


_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.= linuxfoundation.org
https://lists.linuxfoundation.org= /mailman/listinfo/bitcoin-dev




--
=
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsBNBFTmJ8oBB/9rd+7XLxZG/x/KnhkVK2WBG8ySx91fs+qQfHIK1JrakSV3
x6x0cK3XLClASLLDomm7Od3Q/fMFzdwCEqj6z60T8wgKxsjWYSGL3mq8ucdv
<= div>iBjC3wGauk5dQKtT7tkCFyQQbX/uMsBM4ccGBICoDmIJlwJIj7fAZVqGxGOM
= bO1RhYb4dbQA2qxYP7wSsHJ6/ZNAXyEphOj6blUzdqO0exAbCOZWWF+E/1SC
EuKO= 4RmL7Imdep7uc2Qze1UpJCZx7ASHl2IZ4UD0G3Qr3pI6/jvNlaqCTa3U
3/YeJwEu= bFsd0AVy0zs809RcKKgX3W1q+hVDTeWinem9RiOG/vT+Eec/ABEB
AAHNI2tpbm9z= aGl0YSA8a2lub3NoaXRham9uYUBnbWFpbC5jb20+wsByBBAB
CAAmBQJU5ifRBgsJ= CAcDAgkQRB9iZ30dlisEFQgCCgMWAgECGwMCHgEAAC6Z
B/9otobf0ASHYdlUBeIP= XdDopyjQhR2RiZGYaS0VZ5zzHYLDDMW6ZIYm5CjO
Fc09ETLGKFxH2RcCOK2dzwz+= KRU4xqOrt/l5gyd50cFE1nOhUN9+/XaPgrou
WhyT9xLeGit7Xqhht93z2+VanTtJ= AG6lWbAZLIZAMGMuLX6sJDCO0GiO5zxa
02Q2D3kh5GL57A5+oVOna12JBRaIA5eB= GKVCp3KToT/z48pxBe3WAmLo0zXr
hEgTSzssfb2zTwtB3Ogoedj+cU2bHJvJ8upS= /jMr3TcdguySmxJlGpocVC/e
qxq12Njv+LiETOrD8atGmXCnA+nFNljBkz+l6ADl= 93jHzsBNBFTmJ9EBCACu
Qq9ZnP+aLU/Rt6clAfiHfTFBsJvLKsdIKeE6qHzsU1E7= A7bGQKTtLEnhCCQE
W+OQP+sgbOWowIdH9PpwLJ3Op+NhvLlMxRvbT36LwCmBL0yD= 7bMqxxmmVj8n
vlMMRSe4wDSIG19Oy7701imnHZPm/pnPlneg/Meu/UffpcDWYBbA= FX8nrXPY
vkVULcI/qTcCxW/+S9fwoXjQhWHaiJJ6y3cYOSitN31W9zgcMvLwLX3J= gDxE
flkwq/M+ZkfCYnS3GAPEt8GkVKy2eHtCJuNkGFlCAmKMX0yWzHRAkqOMN5KP=
LFbkKY2GQl13ztWp82QYJZpj5af6dmyUosurn6AZABEBAAHCwF8EGAEIABMF
AlTmJ9QJEEQfYmd9HZYrAhsMAABKbgf/Ulu5JAk4fXgH0DtkMmdkFiKEFdkW
0Wkw7Vhd5eZ4NzeP9kOkD01OGweT9hqzwhfT2CNXCGxh4UnvEM1ZMFypIKdq
0= XpLLJMrDOQO021UjAa56vHZPAVmAM01z5VzHJ7ekjgwrgMLmVkm0jWKEKaO
n/MW7= CyphG7QcZ6cJX2f6uJcekBlZRw9TNYRnojMjkutlOVhYJ3J78nc/k0p
kcgV63GB6= D7wHRF4TVe4xIBqKpbBhhN+ISwFN1z+gx3lfyRMSmiTSrGdKEQe
XSIQKG8XZQZUD= hLNkqPS+7EMV1g7+lOfT4GhLL68dUXDa1e9YxGH6zkpVECw
Spe3vsHZr6CqFg=3D= =3D
=3D/vUJ
-----END PGP PUBLIC KEY BLOCK-----
--94eb2c06a5a016773d05623ed9f6--