From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 6D110ECC for ; Wed, 6 Mar 2019 01:37:47 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-qt1-f172.google.com (mail-qt1-f172.google.com [209.85.160.172]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 14609180 for ; Wed, 6 Mar 2019 01:37:47 +0000 (UTC) Received: by mail-qt1-f172.google.com with SMTP id a48so11152797qtb.4 for ; Tue, 05 Mar 2019 17:37:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=4IgD1X13c1IrxqXFa/+Rnwkqiv8toISiW/cEBwFWoi0=; b=kZq+qP9R+OdAVrBbxY7pffROlvU4kSco64Dd9Fg/ZkPG8+JLQnGxnR+FYDxTwB786a ynNi8X0NP71f/I+CtUG9P+a70OFaKq9Y81Nzu5OVswE2hy4cLE2QWO3sJwYzmwXQRJKb mSl10NT79RBX4nn4Vpm3Y5gLXFLePnZF80ZG6YsT/5ms6xeHFrXNoSDL+0emD2OTI/S7 zVnyQDXHeIDYSTzxHu144KHJ1ugk6rtFtvHiaeBl8oDypYci6Vibl75RUvueQt/yxPHX cLBKzaEb7QVTIMjcLvJrZNNmPkTswla+8yacfc5bWAC+ZAwCIM4CzaW6QhWhdJCEFZwV AJzg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=4IgD1X13c1IrxqXFa/+Rnwkqiv8toISiW/cEBwFWoi0=; b=Bh1g3H2Oke6fQ/02IpM3fTnE5vO60HUqKktUwIeO2/ITQH7G0IXNuQ0z6/0mBEqCEh 5ezeCnrRqqCfVwur5F5VshPx/w3UVDhkL/fYmPzemCDDwvhU336A4pB6PPQgh48A4Is/ TSSJ+l6M/TbYzuAI+73UUjlOyGWpgaHLJHlp6WFgwEEr/vggQ/ZGRHkMtsH5/fxKEMP0 jDjOMBJC5tIbqMk7HtUpjt9nCCqB8OB87Nv6k1pDVFWySyucZtY7SX9L0J9ZB6GeOPtA xacswFtma6D5WmRPgcjgSFykXcIiViUlezbBW8Z6lNmzNnlCWrkDJni+XcUuHCX9fhvi oi1w== X-Gm-Message-State: APjAAAV0bmaGXOVdwALFSP0lByZPBj0EbCbD3aRRbfzjh8Z/GyNxpVnV hrYUd8bxZpQPNuxyld5QVpkLF3KqogGxsJUitSw= X-Google-Smtp-Source: APXvYqyQcgCUQGK7WeCeoYjkRYYdOtvfJj5CuvSCX4GLIHps8pIwdUh1mKLrh/Ly47Lb3biUHXm8rmY8oZgaJJQ7aa0= X-Received: by 2002:a0c:9586:: with SMTP id s6mr4555192qvs.217.1551836266123; Tue, 05 Mar 2019 17:37:46 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Trey Del Bonis Date: Tue, 5 Mar 2019 20:37:35 -0500 Message-ID: To: James MacWhyte Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Wed, 06 Mar 2019 14:41:06 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Fortune Cookies to Bitcoin Seed X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Mar 2019 01:37:47 -0000 >Mid-level hardware can check 50k addresses per second, which means it woul= d only take around 2 hours to check all possibilities. Yes that's a problem that I'm now realizing exists. Whoops! Changing the parameters to a 25-of-50 setup gets us ~129 bits in that case, which is better but still somewhat crappy as 25 is a lot of words to remember. You'd be *far* better off just memorizing a BIP-39 seedphrase. Maybe it would make sense to include in the hash some extra secret phrase as extra entropy? Probably not worth it. >Maybe they only print 35 different combinations and assume people don't ea= t Chinese food enough to notice? Upon some later research I found that this is actually the case from certain vendors, which is unfortunate. >I'm not sure why you would want to go this route :) Because it was a fun idea I had while eating Chinese take-out the other day= . :) On Tue, Mar 5, 2019 at 8:06 PM James MacWhyte wrote: > > On Tue, Mar 5, 2019 at 4:39 PM Trey Del Bonis via bitcoin-dev wrote: >> >> Keeping 20 around is a little excessive but it gives 390700800 possible = wallets. So security can be trivially parameterized based on how secure you= want your wallet to be if someone finds your stash. > > > Mid-level hardware can check 50k addresses per second, which means it wou= ld only take around 2 hours to check all possibilities. So please don't thi= nk this presents any kind of challenge to someone who finds your 20 pieces = of paper and assumes you would only keep them if they are hiding your walle= t ;) > > Entropy-wise, simply using a strong RNG would provide a better result tha= n relying on the printing company. Maybe they only print 35 different combi= nations and assume people don't eat Chinese food enough to notice? > > If it's poor entropy and doesn't really provide any protection against be= ing brute forced if found, I'm not sure why you would want to go this route= :) > > James