From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id E2A08C002D for ; Sat, 9 Jul 2022 20:31:35 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id AEC7F41B79 for ; Sat, 9 Jul 2022 20:31:35 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org AEC7F41B79 Authentication-Results: smtp4.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=ZSel6gYe X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.098 X-Spam-Level: X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WRS_oIxeYCxJ for ; Sat, 9 Jul 2022 20:31:34 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 5F96C41B5C Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) by smtp4.osuosl.org (Postfix) with ESMTPS id 5F96C41B5C for ; Sat, 9 Jul 2022 20:31:34 +0000 (UTC) Received: by mail-io1-xd2c.google.com with SMTP id h200so1819836iof.9 for ; Sat, 09 Jul 2022 13:31:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=gAFMxqfOl/wSvUZM1jaJbwREpkveD2lGfV2e8627BW4=; b=ZSel6gYenBQOtKxtQckUdM6jF7FB66w+2l6gTM/wW58Xn3HdjIDDGyyaRz9Dh/4SUf A8oDZmAqR1rVY3AkpTlF6bNSmGDt0LSrek0k72HihWqbQXqoNo7noy648mSgs51cGi9l oshXGBemloSZVZY7DDKqRghbz7LpYflPzuFZx10J4U+f4QzUyWa/YIIgcz6w8Rfg6YOT G8gAB0lYKe9kJLePL6dSJQcUIyII7G9swivBQE66Rkk3w8P3cLJ1yiuycQ48GPEivj44 sMzTrgjsMVR2ajunZpfKSGm+0xHTBfloaeRLng55bkagca549AnHiUPwlXTQpt9Ys93c ohJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=gAFMxqfOl/wSvUZM1jaJbwREpkveD2lGfV2e8627BW4=; b=dJq5V4eyGgiLbcatncr6HDbd2v/toR1wSf544fOoPXm4u8u6Nb5cszC3n+e+CD6jkl G0HtdwPYRxeUHjb9LcdKDuZCV1BQZ5LbkxLfLagOS4NKifxEtSWg1hbVpYYqI+PVo1Kj QjQBdjfS/m60sjU5myWUZ+48r0eBRvddt6iEZs2IABPSMpjL8mUIU6UQTqEz45tfHP2p vGkO++Dkt2THqoSpxK4Ekz5AIpbJ6L+wq9oyMIJ0vl3Tb92mSkkgNygXyvRyQdMa7GuZ 2uYv/4dzMt9gx8FuLjkCoEvhr/OOaeYl1tA8OFHk/t0iCZ5+EWVV6W5YfJSZ5h0JD2Wd 3xkw== X-Gm-Message-State: AJIora98grmp8BgGl1Fny9AYSOMhSX9jQyf7txk1dx7R/tXH1Q8GCFRM ZvbUbuuLla2JMsaOSaHIqn4K9yyGRPIbwIdvRNR1n2Gk X-Google-Smtp-Source: AGRyM1vcrmT25iyj8D3LUfxS0z8I5qpXeApqS4C4pGhDL75gsTQiR2v3wSIn7iKl5ylES4jjGVzMyP46nMvVUWWP2pY= X-Received: by 2002:a02:a890:0:b0:33f:22b8:cb0b with SMTP id l16-20020a02a890000000b0033f22b8cb0bmr6285275jam.136.1657398693424; Sat, 09 Jul 2022 13:31:33 -0700 (PDT) MIME-Version: 1.0 References: <3D3BFE9C-CFF3-49FF-840F-063B52C69A42@voskuil.org> <164256450-0ee6752f92c0be297952fc72b59076df@pmq5v.m5r2.onet> In-Reply-To: From: Zac Greenwood Date: Sat, 9 Jul 2022 22:31:22 +0200 Message-ID: To: Bitcoin Protocol Discussion , James MacWhyte Content-Type: multipart/alternative; boundary="0000000000005f76c105e3653451" X-Mailman-Approved-At: Sat, 09 Jul 2022 21:26:46 +0000 Subject: Re: [bitcoin-dev] No Order Mnemonic X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jul 2022 20:31:36 -0000 --0000000000005f76c105e3653451 Content-Type: text/plain; charset="UTF-8" Sorting a seed alphabetically reduces entropy by ~29 bits. A 12-word seed has (12, 12) permutations or 479 million, which is ln(469m) / ln(2) ~= 29 bits of entropy. Sorting removes this entropy entirely, reducing the seed entropy from 128 to 99 bits. Zac On Fri, 8 Jul 2022 at 16:09, James MacWhyte via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > > What do you do if the "first" word (of 12), happens to be the last word in >> the list alphabetically? >> > > That couldn't happen. If one word is the very last from the wordlist, it > would end up at the end of your mnemonic once you rearrange your 12 words > alphabetically. > > However! > > (@vjudeu) Choosing 11 random words and then sorting them alphabetically > before assigning a checksum would reduce entropy considerably. If you think > about it, to bruteforce the entire keyspace one would only need to come up > with every possible combination of 11 words + 1 checksum. I'm not the best > at napkin math, but I think that leaves you with around 10 trillion > combinations, which would only take a couple months to exhaust with > hardware that can do 1 million guesses per second. > > > James > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --0000000000005f76c105e3653451 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Sorting a seed alphabetically reduces entropy by ~29 bits= .

A 12-word seed has (12= , 12) permutations or 479 million, which is ln(469m) / ln(2) ~=3D 29 bits o= f entropy. Sorting removes this entropy entirely, reducing the seed entropy= from 128 to 99 bits.

Za= c


On Fri, 8 Jul 2022 at= 16:09, James MacWhyte via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrot= e:

What do you do = if the "first" word (of 12), happens to be the last word in the l= ist alphabetically?

That couldn't= happen. If one word is the very last from the wordlist, it would end up at= the end of your mnemonic=C2=A0once you rearrange your 12 words alphabetica= lly.

However!=C2=A0

(@vjudeu) Choosing 11 random words= and then sorting them alphabetically before assigning=C2=A0a checksum woul= d reduce entropy considerably. If you think about it, to bruteforce the ent= ire keyspace one would only need to come up with every possible combination= of 11 words=C2=A0+ 1 checksum. I'm not the best at napkin math, but I = think that leaves you with around=C2=A010 trillion combinations, which woul= d only take a couple months to exhaust with hardware that can do 1 million = guesses per second.


James
_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev
--0000000000005f76c105e3653451--