public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: James MacWhyte <macwhyte@gmail.com>
To: vitteaymeric@gmail.com,
	 Bitcoin Protocol Discussion
	<bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] BIP39 seeds
Date: Tue, 25 Dec 2018 00:30:26 +0000	[thread overview]
Message-ID: <CAH+Axy6dKDOkE6cQYZUusTUxxOSwWchOWxYh6ZkhnOgXuELaYg@mail.gmail.com> (raw)
In-Reply-To: <db184306-7ec0-322e-5637-7889b51f50bf@gmail.com>

[-- Attachment #1: Type: text/plain, Size: 1605 bytes --]

On Mon, Dec 24, 2018 at 2:48 PM Aymeric Vitte via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

>
> I don't see very well why it's easier to write n words that you cannot
> choose rather than a 32B BIP32 hex seed, and I have seen many people
> completely lost with their wallets because of this
>

In practice it has quite a few qualities that make it a bit more resilient
for physical (written) storage.

If a few letters of a word get rubbed off or otherwise become illegible, it
is pretty easy for a native speaker to figure out what the word is supposed
to be. Even a non-native speaker could look through the word list and
figure out which word fits. Missing characters in a hex string require more
advanced brute force searching, which the average user isn't capable of.

Additionally, having the bits grouped into words makes a more serious
recovery easier. If you lose one entire word, it can be brute forced in
about 5 minutes on a normal pc, even if you don't know which position the
missing word is in (I have published a tool that does just this:
https://jmacwhyte.github.io/recovery-phrase-recovery). If you are missing
two words, you can brute force it in about a week (napkin math).

If you were missing a random chunk of a hex string, I don't know how you'd
go about brute forcing that in a timely manner.

As an aside, from a UX standpoint we've seen that the 12 words don't *look*
important so people don't take them seriously (and they get lost). A hex
string or equivalent would look more password-y, and therefore would most
likely be better protected by users.

James

[-- Attachment #2: Type: text/html, Size: 2147 bytes --]

  reply	other threads:[~2018-12-25  0:30 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-12-21 23:58 [bitcoin-dev] BIP39 seeds Aymeric Vitte
2018-12-23 18:46 ` Pavol Rusnak
2018-12-23 22:41   ` Aymeric Vitte
2018-12-25  0:30     ` James MacWhyte [this message]
2018-12-26 11:33       ` Aymeric Vitte
2018-12-26 18:54         ` James MacWhyte
2018-12-27 11:04           ` Aymeric Vitte
2018-12-31 16:52             ` Alan Evans
2019-01-01 19:44               ` Aymeric Vitte
2019-01-02 18:06               ` James MacWhyte
2019-01-04  0:02                 ` Aymeric Vitte
2018-12-24 14:58   ` Tiago Romagnani Silveira
2018-12-23 20:55 ` Eric Scrivner
2018-12-23 21:08 ` Jameson Lopp

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAH+Axy6dKDOkE6cQYZUusTUxxOSwWchOWxYh6ZkhnOgXuELaYg@mail.gmail.com \
    --to=macwhyte@gmail.com \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=vitteaymeric@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox