From: Trey Del Bonis <j.delbonis.3@gmail.com>
To: James MacWhyte <macwhyte@gmail.com>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Fortune Cookies to Bitcoin Seed
Date: Tue, 5 Mar 2019 20:37:35 -0500 [thread overview]
Message-ID: <CAFUsdzpfWe8pcdBWf5hrOoydWTwOwyGPrbOoYW221naNxKGUcQ@mail.gmail.com> (raw)
In-Reply-To: <CAH+Axy7YXDC4M0o9WHwaR2k46nWYBtM9VetXyBMx=B9-fxupug@mail.gmail.com>
>Mid-level hardware can check 50k addresses per second, which means it would only take around 2 hours to check all possibilities.
Yes that's a problem that I'm now realizing exists. Whoops! Changing
the parameters to a 25-of-50 setup gets us ~129 bits in that case,
which is better but still somewhat crappy as 25 is a lot of words to
remember. You'd be *far* better off just memorizing a BIP-39
seedphrase. Maybe it would make sense to include in the hash some
extra secret phrase as extra entropy? Probably not worth it.
>Maybe they only print 35 different combinations and assume people don't eat Chinese food enough to notice?
Upon some later research I found that this is actually the case from
certain vendors, which is unfortunate.
>I'm not sure why you would want to go this route :)
Because it was a fun idea I had while eating Chinese take-out the other day. :)
On Tue, Mar 5, 2019 at 8:06 PM James MacWhyte <macwhyte@gmail.com> wrote:
>
> On Tue, Mar 5, 2019 at 4:39 PM Trey Del Bonis via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
>>
>> Keeping 20 around is a little excessive but it gives 390700800 possible wallets. So security can be trivially parameterized based on how secure you want your wallet to be if someone finds your stash.
>
>
> Mid-level hardware can check 50k addresses per second, which means it would only take around 2 hours to check all possibilities. So please don't think this presents any kind of challenge to someone who finds your 20 pieces of paper and assumes you would only keep them if they are hiding your wallet ;)
>
> Entropy-wise, simply using a strong RNG would provide a better result than relying on the printing company. Maybe they only print 35 different combinations and assume people don't eat Chinese food enough to notice?
>
> If it's poor entropy and doesn't really provide any protection against being brute forced if found, I'm not sure why you would want to go this route :)
>
> James
prev parent reply other threads:[~2019-03-06 1:37 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-28 3:48 [bitcoin-dev] Fortune Cookies to Bitcoin Seed Trey Del Bonis
2019-03-06 1:05 ` James MacWhyte
2019-03-06 1:37 ` Trey Del Bonis [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFUsdzpfWe8pcdBWf5hrOoydWTwOwyGPrbOoYW221naNxKGUcQ@mail.gmail.com \
--to=j.delbonis.3@gmail.com \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=macwhyte@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox