> so it’s less obvious that it’s a bitcoin seed when found by a malicious third party

1. The same words are used for wallets of all kinds of coins, so it's not obvious it's for bitcoin.

2. Anyone recognising the word "satoshi" as related to cryptocurrency in general, would also recognise any mnemonic.

3. You could elect to skip a mnemonic that includes the word if it was a personal concern (but I would discourage selecting a mnemonic base on personal preference, as could get dangerously close to being a brain wallet in effect).

4. You could choose to record just the first 4 characters of each word, "sato" is enough.

5. Where do we stop? the words "coin", "cash", "rich" are in there too.

6. About automated data-recovery, if you are storing mnemonics on HDDs or other digial media, then you have larger security concerns than it just being found during HDD recycling.

But most of all:

7. Removing a word or changing a list is impossible as verification of an existing mnemonic requires the list. To change one word, you would need to provide an alternative to BIP0039 to cope with alternative words, or change all the words to a completely new set of 2048 English words so that it is clear which wordlist is in use.

Regards,

Alan

On Thu, Jan 18, 2018 at 2:55 AM, Jonathan Sterling via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:

All the more reason to only use the most common words that meet the other criteria: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#Wordlist

I agree - keeping "satoshi" in there is an unnecessary security risk.

Kind Regards,

Jonathan Sterling

On Thu, Jan 18, 2018 at 8:14 AM, CryptAxe via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
Why wouldn't they just test the frequency of words from the wordlist in entirety?

On Jan 17, 2018 5:10 PM, "Weiwu Zhang via bitcoin-dev" <bitcoin-dev@lists.linuxfoundation.org> wrote:
2018-01-09 19:20 GMT+08:00 Ronald van der Meer via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org>:
> After reviewing some bitcoin improvement proposals, I noticed that one of the words that can be found on the BIP39 English wordlist is “satoshi”.
> I suggest removing this word from the list so it’s less obvious that it’s a bitcoin seed when found by a malicious third party.

If a malicious third party discovers a word list that look like a
seed, they would try using it as Bitcoin seed first anyway, with or
without finding the word 'satoshi' in it. The security threat is that
a malicious third party may index what they found and test every
occurrence of 'satoshi' for a lead to a seed.

For example, a hard-disk recycling service would add this word to
their salvage tools. Any successfully hacked gmail account will be
'satoshi' tested too.

So I see this as a reasonable improvement:)
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

--
Kind Regards,

Jonathan Sterling
+44 (0)7415 512691

_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev