From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WNmLE-0004QF-9F for bitcoin-development@lists.sourceforge.net; Wed, 12 Mar 2014 16:49:16 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.128.173 as permitted sender) client-ip=209.85.128.173; envelope-from=g.rowe.froot@gmail.com; helo=mail-ve0-f173.google.com; Received: from mail-ve0-f173.google.com ([209.85.128.173]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1WNmLC-0004sj-Lo for bitcoin-development@lists.sourceforge.net; Wed, 12 Mar 2014 16:49:16 +0000 Received: by mail-ve0-f173.google.com with SMTP id oy12so10321442veb.18 for ; Wed, 12 Mar 2014 09:49:09 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.52.108.228 with SMTP id hn4mr727715vdb.43.1394642949119; Wed, 12 Mar 2014 09:49:09 -0700 (PDT) Sender: g.rowe.froot@gmail.com Received: by 10.220.251.65 with HTTP; Wed, 12 Mar 2014 09:49:09 -0700 (PDT) In-Reply-To: <53208356.7010209@gk2.sk> References: <81f77484-3ca9-40a7-a999-884260b26be5@me.com> <682B9F30-7DDC-4A9D-886E-5454D5F45665@me.com> <53205D1E.1000100@gk2.sk> <53208356.7010209@gk2.sk> Date: Wed, 12 Mar 2014 16:49:09 +0000 X-Google-Sender-Auth: v_ktJi0zTm4YAfDLriof5Mxy-5o Message-ID: From: Gary Rowe To: Bitcoin Dev Content-Type: multipart/alternative; boundary=bcaec548a8e99240d004f46b9d30 X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (g.rowe.froot[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1WNmLC-0004sj-Lo Subject: Re: [Bitcoin-development] [RFC] Proposal: Base58 encoded HD Wallet root key with optional encryption X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Mar 2014 16:49:16 -0000 --bcaec548a8e99240d004f46b9d30 Content-Type: text/plain; charset=UTF-8 Jean-Paul, it may be worth noting that the BIP39 word list is integrated into Bitcoinj so will likely become the de facto standard for Android, Trezor web and several desktop wallets. Anyone deviating from that word list would likely find themselves in an isolated pocket. Regarding the timestamp, MultiBit HD uses a simple timestamp of "number of days since midnight of Bitcoin genesis block in UTC with modulo 97 checksum appended". Thus a new seed generated on 27 January 2014 would have "1850/01" as its checksum. When creating a new wallet the users are tested that they have written the timestamp down along with the associated 12/18/24 words. Modulo 97 was chosen since it catches about 99% of errors. On 12 March 2014 15:55, Pavol Rusnak wrote: > On 03/12/2014 04:45 PM, Jean-Paul Kogelman wrote: > > Yes I am. There are some differences between BIP 39 and my proposal > though. > > > > - BIP 39 offers an easy list of words, no gnarly string of case > sensitive letters and numbers. > > Which is better IMO. I can't imagine anyone writing down a long Base58 > encoded string. > > > - BIP 39 only offers one fixed length of entropy, always 12 words, no > option to increase or decrease the length. > > Not true, BIP39 supports 12/18/24 words (= 128/192/256 bits of entropy). > > > - BIP 39 doesn't have a genesis date field, so no optimization during > blockchain rescan. > > This is nice addition, indeed. But we needed to limit the data as > possible in order not to increase the number of words needed to be noted > down. > > > - BIP 39 doesn't have password typo detection. No easy way to recover a > password if you know most of it. > > It has a detection. Not correction though. > > > - BIP 39 does not have a user selectable KDF, only 2048 round > PBKDF2-HMAC-SHA512. > > - BIP 39 can't outsource the KDF computation to a 3rd party. > > True, but having one or two solid options are better than having > gazillions of possible options. > > > - BIP 39 wallet implementors can use their own word lists, breaking > cross wallet compatibility. > > True, but they are encouraged to use the list provided. Possibility to > outsource KDF outside of your "standard" breaks much more compatibility > than this. > > -- > Best Regards / S pozdravom, > > Pavol Rusnak > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > --bcaec548a8e99240d004f46b9d30 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Jean-Paul, it may be worth noting that the BIP39 word list= is integrated into Bitcoinj so will likely become the de facto standard fo= r Android, Trezor web and several desktop wallets. Anyone deviating from th= at word list would likely find themselves in an isolated pocket.

Regarding the timestamp, MultiBit HD uses a simple timestamp= of "number of days since midnight of Bitcoin genesis block in UTC wit= h modulo 97 checksum appended". Thus a new seed generated on 27 Januar= y 2014 would have "1850/01" as its checksum. When creating a new = wallet the users are tested that they have written the timestamp down along= with the associated 12/18/24 words.

Modulo 97 was chosen since it catches about 99% of erro= rs.


On 12 March 2014 15:55, Pavol Rusnak <stick@gk2.sk> wrote:
On 03/12/2014 04:45 PM, Jean= -Paul Kogelman wrote:
> Yes I am. There are some differences between BIP 39 and my proposal th= ough.
>
> - BIP 39 offers an easy list of words, no gnarly string of case sensit= ive letters and numbers.

Which is better IMO. I can't imagine anyone writing down a long B= ase58
encoded string.

> - BIP 39 only offers one fixed length of entropy, always 12 words, no = option to increase or decrease the length.

Not true, BIP39 supports 12/18/24 words (=3D 128/192/256 bits of entr= opy).

> - BIP 39 doesn't have a genesis date field, so no optimization dur= ing blockchain rescan.

This is nice addition, indeed. But we needed to limit the data as
possible in order not to increase the number of words needed to be noted down.

> - BIP 39 doesn't have password typo detection. No easy way to reco= ver a password if you know most of it.

It has a detection. Not correction though.

> - BIP 39 does not have a user selectable KDF, only 2048 round PBKDF2-H= MAC-SHA512.
> - BIP 39 can't outsource the KDF computation to a 3rd party.

True, but having one or two solid options are better than having
gazillions of possible options.

> - BIP 39 wallet implementors can use their own word lists, breaking cr= oss wallet compatibility.

True, but they are encouraged to use the list provided. Possibility t= o
outsource KDF outside of your "standard" breaks much more compati= bility
than this.

--
Best Regards / S pozdravom,

Pavol Rusnak <stick@gk2.sk>

---------------------------------------------------------------------------= ---
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases = and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf= .net/sfu/13534_NeoTech
_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment

--bcaec548a8e99240d004f46b9d30--