From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id D96A1FCB for ; Thu, 18 Jan 2018 19:50:26 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-oi0-f41.google.com (mail-oi0-f41.google.com [209.85.218.41]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id EACE25AD for ; Thu, 18 Jan 2018 19:50:25 +0000 (UTC) Received: by mail-oi0-f41.google.com with SMTP id t8so16556648oie.6 for ; Thu, 18 Jan 2018 11:50:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=h+kp1/8TrCrZOjyexxVY+AnwhqzkZt1XsOHs9DatQSQ=; b=EKr931dE1v4yy6vqW3fJLZZjSr9gZmpvcAMzzPJ3Zm8tdhkOPjXtiYQl++mHgElD61 juP9+JhcO8PE2EW5hB96rsJTUNHDefrMPm1LUB9q6ZXj8opeiGXrPNqyMwXjf7bTkP2k Iy3Wt5h1/UvVQBXS3RrnK6xGnHdUp6iuXvqh51+7ig4PkFmLE3ibWfj5mPsSX9X3FrtN KSawYkr1qNqsehY51NyrqJAqKXgo5IZPrg9LH46AqBQMtdsv6/iVx7d3kXOTfz2frC0U 7S3vM1Cv7PpLun2uOpPDUrlgFQWPzHMMrgaH5PTjPIBI4Xgi5/wqkTignEn27rHG04vb Pnrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=h+kp1/8TrCrZOjyexxVY+AnwhqzkZt1XsOHs9DatQSQ=; b=M38x977vNk42Ju3QZxiBPrJOLIYuGysEjvsGOUQ+2wcDl1sZHASId2uWldIA76xzFD rvB2Snw+ypdWKdpc376Se4AZXi0nfFsivpIGcpfG0dQTPvBernNpFYVoAXdSFaL+jQWl 7FJxf8RRhDmZlhtZTH9ZS9g5TECWJ/Wk0u8muoLS5CxJECHDdXflLs/xc+NxRdn7heVk 0CI4gC+R9b5N7wW6+4FZVzqEu4VREzXguy2yToTXGZk715DBZOAuE8ruCvAQ8+y3se1M QG4yrKgQAd9ylr5dK3fSIkJZZjKwD3p85kreRkqKzee4kUuCcUfT4dYivisuRzWrcJXI NcWg== X-Gm-Message-State: AKwxytfHoGzDft0YoGFq29uSuBwCto4W1yBPpl1qoQxX/BhwOC2f1XA9 61oR+yE9ieWZkKhEdEoAnPoAOUKh+DKRl1HoBSbWQw== X-Google-Smtp-Source: ACJfBosk4s4CLCalbYbyspjaqAykCD0K0fZMLI0SuA5O2bD5YEDpefBJ1B++/uNHPa3gSZQ4X2CMd49y9ugotdyBBTI= X-Received: by 10.202.6.4 with SMTP id 4mr3760396oig.316.1516305025186; Thu, 18 Jan 2018 11:50:25 -0800 (PST) MIME-Version: 1.0 Received: by 10.74.152.10 with HTTP; Thu, 18 Jan 2018 11:50:24 -0800 (PST) In-Reply-To: References: <31430A55-57AD-4648-8D6D-DE2A45CC013C@vandermeer.frl> From: Alan Evans Date: Thu, 18 Jan 2018 15:50:24 -0400 Message-ID: To: Jonathan Sterling , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="94eb2c18d95465c1e605631246e4" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Thu, 18 Jan 2018 20:11:00 +0000 Subject: Re: [bitcoin-dev] Suggestion to remove word from BIP39 English wordlist X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jan 2018 19:50:27 -0000 --94eb2c18d95465c1e605631246e4 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable > so it=E2=80=99s less obvious that it=E2=80=99s a bitcoin seed when found = by a malicious third party 1. The same words are used for wallets of all kinds of coins, so it's not obvious it's for bitcoin. 2. Anyone recognising the word "satoshi" as related to cryptocurrency in general, would also recognise any mnemonic. 3. You could elect to skip a mnemonic that includes the word if it was a personal concern (but I would discourage selecting a mnemonic base on personal preference, as could get dangerously close to being a brain wallet in effect). 4. You could choose to record just the first 4 characters of each word, "sato" is enough. 5. Where do we stop? the words "coin", "cash", "rich" are in there too. 6. About automated data-recovery, if you are storing mnemonics on HDDs or other digial media, then you have larger security concerns than it just being found during HDD recycling. But most of all: 7. Removing a word or changing a list *is impossible* as verification of an existing mnemonic requires the list. To change one word, you would need to provide an alternative to BIP0039 to cope with alternative words, or change all the words to a completely new set of 2048 English words so that it is clear which wordlist is in use. Regards, Alan On Thu, Jan 18, 2018 at 2:55 AM, Jonathan Sterling via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > All the more reason to only use the most common words that meet the other > criteria: https://github.com/bitcoin/bips/blob/master/bip- > 0039.mediawiki#Wordlist > > I agree - keeping "satoshi" in there is an unnecessary security risk. > > Kind Regards, > > Jonathan Sterling > > On Thu, Jan 18, 2018 at 8:14 AM, CryptAxe via bitcoin-dev < > bitcoin-dev@lists.linuxfoundation.org> wrote: > >> Why wouldn't they just test the frequency of words from the wordlist in >> entirety? >> >> On Jan 17, 2018 5:10 PM, "Weiwu Zhang via bitcoin-dev" < >> bitcoin-dev@lists.linuxfoundation.org> wrote: >> >>> 2018-01-09 19:20 GMT+08:00 Ronald van der Meer via bitcoin-dev >>> : >>> > After reviewing some bitcoin improvement proposals, I noticed that on= e >>> of the words that can be found on the BIP39 English wordlist is =E2=80= =9Csatoshi=E2=80=9D. >>> > I suggest removing this word from the list so it=E2=80=99s less obvio= us that >>> it=E2=80=99s a bitcoin seed when found by a malicious third party. >>> >>> If a malicious third party discovers a word list that look like a >>> seed, they would try using it as Bitcoin seed first anyway, with or >>> without finding the word 'satoshi' in it. The security threat is that >>> a malicious third party may index what they found and test every >>> occurrence of 'satoshi' for a lead to a seed. >>> >>> For example, a hard-disk recycling service would add this word to >>> their salvage tools. Any successfully hacked gmail account will be >>> 'satoshi' tested too. >>> >>> So I see this as a reasonable improvement:) >>> _______________________________________________ >>> bitcoin-dev mailing list >>> bitcoin-dev@lists.linuxfoundation.org >>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >>> >> >> _______________________________________________ >> bitcoin-dev mailing list >> bitcoin-dev@lists.linuxfoundation.org >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >> >> > > > -- > Kind Regards, > > Jonathan Sterling > +44 (0)7415 512691 <+44%207415%20512691> > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > --94eb2c18d95465c1e605631246e4 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
&= gt;=C2=A0so it= =E2=80=99s less obvious that it=E2=80=99s a bitcoin seed when found by a ma= licious third party
1. The sam= e words are used for wallets of all kinds of coins, so it's not obvious= it's for bitcoin.

2. Anyone recognising the word "satoshi&qu= ot; as related to cryptocurrency in general, would also recognise any mnemo= nic.

3. You could elect to skip a mnemonic that includes the word if it= was a personal concern (but I would discourage=C2=A0selecting a mnemonic b= ase on personal preference, as could get=C2=A0dangerously close to being a= =C2=A0brain wallet in effect).

4. You could choose to record just the f= irst 4 characters of each word, "sato" is enough.

5. Where do we stop?=C2=A0the words "coin",= "cash", "rich" are in there too.

6. Abo= ut automated data-recovery, if you are storing=C2=A0mnemonics on HDDs or ot= her digial=C2=A0media, then you have larger security concerns than it just = being found during HDD recycling.

=
But most of all:

7. Removing a word or changing a list is impossible= as verification of an existing mnemonic requires the list. To change one w= ord, you would need to provide an=C2=A0alternative to BIP0039 to cope with = alternative words, or change all the words to a completely new set of 2048 = English words so that it is clear which wordlist is in use.

Rega= rds,

Alan

On Thu, Jan 18, 2018 at 2:55 AM, Jonathan Sterling via bitcoin-dev = <bitcoin-dev@lists.linuxfoundation.org> = wrote:
All the more reas= on to only use the most common words that meet the other criteria:=C2=A0=C2= =A0https://github.com/bitcoin/bips/blob/mas= ter/bip-0039.mediawiki#Wordlist=C2=A0

I agree -= keeping "satoshi" in there is an unnecessary security risk.
<= div class=3D"gmail_extra">
Kind Regards= ,

Jona= than Sterling

On Thu, Jan 18, 2018 at 8:14 AM, CryptAxe via bitc= oin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
Why= wouldn't they just test the frequency of words from the wordlist in en= tirety?

On Jan 17, 2018 5:10 PM, "Weiwu Zhang via bitcoin-dev" <bit= coin-dev@lists.linuxfoundation.org> wrote:
2018-01-09 19:20 GMT+08:00 Ronald van de= r Meer via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org>:
> After reviewing some bitcoin improvement proposals, I noticed that one= of the words that can be found on the BIP39 English wordlist is =E2=80=9Cs= atoshi=E2=80=9D.
> I suggest removing this word from the list so it=E2=80=99s less obviou= s that it=E2=80=99s a bitcoin seed when found by a malicious third party.
If a malicious third party discovers a word list that look like a
seed, they would try using it as Bitcoin seed first anyway, with or
without finding the word 'satoshi' in it. The security threat is th= at
a malicious third party may index what they found and test every
occurrence of 'satoshi' for a lead to a seed.

For example, a hard-disk recycling service would add this word to
their salvage tools. Any successfully hacked gmail account will be
'satoshi' tested too.

So I see this as a reasonable improvement:)
_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org= /mailman/listinfo/bitcoin-dev

_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org= /mailman/listinfo/bitcoin-dev




--
Kind Regards,

Jonathan Sterling

_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.= linuxfoundation.org
https://lists.linuxfoundation.org= /mailman/listinfo/bitcoin-dev


--94eb2c18d95465c1e605631246e4--