--- Log opened Sun Nov 14 00:00:32 2021
00:37 -!- karonto [~karonto@dynamic-002-211-085-157.2.211.pool.telefonica.de] has joined #bitcoin-wizards
01:40 -!- sr_gi [~sr_gi@static-195-77-225-77.ipcom.comunitel.net] has quit [Read error: Connection reset by peer]
01:42 -!- sr_gi [~sr_gi@static-195-77-225-77.ipcom.comunitel.net] has joined #bitcoin-wizards
01:54 -!- CryptoDavid [uid14990@uxbridge.irccloud.com] has joined #bitcoin-wizards
02:02 -!- AaronvanW [~AaronvanW@71pc74.sshunet.nl] has joined #bitcoin-wizards
02:02 -!- b10c [uid500648@ilkley.irccloud.com] has quit [Quit: Connection closed for inactivity]
02:04 -!- kexkey [~kexkey@static-198-54-132-133.cust.tzulo.com] has quit [Ping timeout: 256 seconds]
02:06 -!- kexkey [~kexkey@static-198-54-132-117.cust.tzulo.com] has joined #bitcoin-wizards
03:06 -!- karonto [~karonto@dynamic-002-211-085-157.2.211.pool.telefonica.de] has quit [Quit: This computer has gone to sleep]
03:34 < andytoshi> ademan[m]: no (at least without breaking sha2 in addition to loading your dice :))
03:35 < andytoshi> basically if you keep feeding more things into a hash function you keep increasing the total entropy
03:35 < andytoshi> *except* that you can grind hashes by deing this
03:35 < andytoshi> so if you were an attacker, and you knew CURRENT_SEED, and you wanted to ensure that the final seed started with 10 0 bits, you could do this by feeding in 1024 (on average) results of dice rolls
03:36 < andytoshi> but you can't do this unless you know all of previous input to the sha2
03:36 < andytoshi> and if you're doing this, it doesn't really matter whether the dice are loaded or not :)
04:01 -!- karonto [~karonto@dynamic-002-211-085-157.2.211.pool.telefonica.de] has joined #bitcoin-wizards
05:02 -!- b10c [uid500648@ilkley.irccloud.com] has joined #bitcoin-wizards
05:27 -!- roconnor [~roconnor@host-45-58-217-8.dyn.295.ca] has quit [Ping timeout: 260 seconds]
05:33 -!- karonto [~karonto@dynamic-002-211-085-157.2.211.pool.telefonica.de] has quit [Quit: This computer has gone to sleep]
05:52 -!- karonto [~karonto@dynamic-002-211-085-157.2.211.pool.telefonica.de] has joined #bitcoin-wizards
05:52 -!- sr_gi [~sr_gi@static-195-77-225-77.ipcom.comunitel.net] has quit [Read error: Connection reset by peer]
05:52 -!- sr_gi [~sr_gi@static-195-77-225-77.ipcom.comunitel.net] has joined #bitcoin-wizards
05:56 -!- karonto [~karonto@dynamic-002-211-085-157.2.211.pool.telefonica.de] has quit [Client Quit]
06:04 -!- karonto [~karonto@dynamic-002-211-085-157.2.211.pool.telefonica.de] has joined #bitcoin-wizards
07:18 -!- CryptoDavid [uid14990@uxbridge.irccloud.com] has quit [Quit: Connection closed for inactivity]
07:20 -!- b10c [uid500648@ilkley.irccloud.com] has quit [Quit: Connection closed for inactivity]
07:36 -!- karonto_ [~karonto@dynamic-002-211-085-157.2.211.pool.telefonica.de] has joined #bitcoin-wizards
07:39 -!- Guyver2 [Guyver@guyver2.xs4all.nl] has joined #bitcoin-wizards
07:39 -!- karonto [~karonto@dynamic-002-211-085-157.2.211.pool.telefonica.de] has quit [Ping timeout: 256 seconds]
07:58 -!- roconnor [~roconnor@host-45-58-217-8.dyn.295.ca] has joined #bitcoin-wizards
07:59 < roconnor> @andytoshi Okay I figured out why my test worksheet comes with 40 characters.
08:00 < roconnor> Seems my original thinking was to have 6 characters for the identifier field instead of 3.
08:01 < roconnor> So you get 1 character for the threshold plus 6 characters for the identifier plus 1 character for the share index plus 26 characters for 128ish bits of entropy plus a 6 character testing checksum = 40 characters.
08:03 < andytoshi> ah! gotcha
08:05 < roconnor> At one point the draft of slip-39 had 30 bit identifiers, so I was likely copying them.
08:05 < roconnor> just as now they have 15 bit identifiers.
08:07 < roconnor> The identifers field is fairly important.  It is somewhat unclear how long they ought to be.
08:07 < roconnor> They need be unique, at least among your own collection of secrets.
08:07 < roconnor> globaly unique is probably overkill.
08:08 -!- kexkey_ [~kexkey@static-198-54-132-133.cust.tzulo.com] has joined #bitcoin-wizards
08:08 < roconnor> But ideally you'd be able to pick random identifiers without likely picking the same one twice.
08:11 -!- kexkey [~kexkey@static-198-54-132-117.cust.tzulo.com] has quit [Ping timeout: 260 seconds]
08:11 < andytoshi> how many digits are they? i'd bet people just take the last 4 digits of their phone numbers or something
08:14 < roconnor> That's not quite right. The ID is there so when you are SSSing 2 or more shares yourself, you don't mix them up.
08:15 < roconnor> It's okay if you an I have the same ID, as long as we don't throw our secret shares into a pile together.
08:22 < andytoshi> understood. i think, in practice the way it might be used is that i've got a share from you, and one from aj, and one for me
08:22 < andytoshi> and i can coordinate between the three of you to make sure you're unique in my pile
08:22 < andytoshi> and (i expect) us just using phone numbers would accomplish that
08:23 < andytoshi> so i wouldn't even think about entropy, i just think from a human-centric POV if you give a user four base32 digits to work with he'll be able to come up with a workable scheme pretty easily
08:24 < roconnor> you are talking about storing shares amoung your friends?
08:25 < andytoshi> yeah
08:25 < roconnor> Got it.
08:25 < andytoshi> ah -- and you are talking about, suppose i have several secrets that i want to store myself in the same cache locations
08:25 < roconnor> I'm somewhat inclinded to increase it to 5 characters from 3.
08:26 < roconnor> Right, that is the purpose I was thinking of for IDs.
08:26 < roconnor> But your use case also makes sense.
08:27 < roconnor> Even if you store them a different cache locations for whatever reason, you still don't want to mix them up and take from the wrong cache.
08:29 < andytoshi> yeah. so, i like 5 digits .. that would let me write BTC00, BTC02, GPG00 AJBTC, RCBTC, etc
08:29 < andytoshi> the missing letters are a little annoying but such is life :)
08:29 < andytoshi> and i guess they really don't have to be human-meaningful (and maybe shouldn't be if my goal is genuinely to avoid collisions)
08:33 < andytoshi> the point i'm making though is: my first inclination *is* to use human-meaningful IDs and then to just try to make them unique in ad-hoc ways
08:33 < andytoshi> so we should choose the length of the ID based on that, rather than on probalistic arguments about random IDs
09:03 -!- karonto_ [~karonto@dynamic-002-211-085-157.2.211.pool.telefonica.de] has quit [Ping timeout: 256 seconds]
09:03 -!- karonto__ [~karonto@dynamic-002-211-085-157.2.211.pool.telefonica.de] has joined #bitcoin-wizards
09:07 -!- yanmaani [~yanmaani@gateway/tor-sasl/yanmaani] has quit [Ping timeout: 276 seconds]
09:11 -!- yanmaani [~yanmaani@gateway/tor-sasl/yanmaani] has joined #bitcoin-wizards
09:21 < andytoshi> more lessons from the checksum worksheet: we need to enlarge the squares a lot (and probably split the "ladder" into multiple pieces ... maybe we could give convenient "stop here" breaks for 128, 192, 256 bit secrets)
09:21 < andytoshi> hard to distinguish U/V, U/4, G/6, D/P, D/0, U/J when handwriting in small spaces
09:23 -!- jess [~jess@libera/staff/jess] has quit []
09:28 < roconnor> yikes
09:33 -!- karonto_ [~karonto@2a02:3102:48e1:ff7e:552d:4a3f:2d0d:d58f] has joined #bitcoin-wizards
09:35 -!- karonto__ [~karonto@dynamic-002-211-085-157.2.211.pool.telefonica.de] has quit [Ping timeout: 256 seconds]
09:50 < roconnor> So the ladder could be made vertical, by sheering it and making the verticle line at an angle, similar to my blog post at https://r6.ca/blog/20180106T164028Z.html
09:50 < roconnor> but I think that is probably worse.
09:50 < roconnor> P.S. if anyone can figure out why firefox says "parts of my page are insecure" I'd like to know.
09:52 < roconnor> Oh hmm, because I'm doing two characters at a time, it would have to be very very diagonal.
09:52 < roconnor> That's probably a hard no-go then.
10:54 < andytoshi> ok, increased the ladder size as much as i could (10 -> 12 height, 8 -> 9 width), bought some 0.5mm fineliners, and went to office depot to print the color volvelles  and get some brass fasteners (which look pretty damn cool)
10:54 < andytoshi> will take some pix of the volvelles and then we'll try this again
10:57 < andytoshi> also BTW i have not talked to kiara yet (i think we will meet sometime this week) who i'm sure will have some insights as to how we can split stuff up usably/intuitively
10:58 < andytoshi> in other news I implemented the 13-digit checksum code (and did a cleanroom implementation of bech32 and this code, in rust, to cross-check) here: https://github.com/apoelstra/SSS32/tree/russ32
10:59 < andytoshi> for the checksum table i just shrunk the text to 4.5-pt font :P we should split it across two pages i guess
11:39 -!- CryptoDavid [uid14990@uxbridge.irccloud.com] has joined #bitcoin-wizards
11:48 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards
11:49 -!- piku [~piku@47.202.122.99] has quit [Ping timeout: 245 seconds]
11:51 < roconnor> andytoshi: I pushed some recent changes that overlap with yours.
11:51 -!- piku [~piku@47.202.122.99] has joined #bitcoin-wizards
11:51 < andytoshi> oh, cool, i'll rebase
11:52 < roconnor> *lol* okay that is one way to squeeze in a longer ladder.
11:53 < andytoshi> :P
11:53 < andytoshi> i mostly did that as a joke. it's in its own commit
11:57 < roconnor> andytoshi: I was plannning to optimize for 44 characters and 70 character for 128-bit and 256-bit entropy encodings.
11:58 < roconnor> with debiasing, 44 characters should be fine.  But if you have a legacy 256-bit secret, then you can do 70 characters.
11:59 < pin> this is way more advanced than my old diceware kit
11:59 < andytoshi> makes sense
11:59 < andytoshi> honestly i like 256 bits because it also lets me leak some entropy
12:00 < andytoshi> accidentally being caught on camera, working on this in front of other people, etc
12:01 < andytoshi> roconnor: pushed rebase. i think my diff is quite a bit smaller now, thanks
12:06 < roconnor> We can improve this ladder by effectively eliminating the first 11 lines or so.
12:06 < roconnor> by adding together our known sums
12:06 < roconnor> and squishing everything down.
12:07 < roconnor> and eliminating the RL5GLNWWJKNJW stuff which doesn't actually need to appear.
12:07 < andytoshi> i think that stuff is helpful though as an example
12:08 -!- piku [~piku@47.202.122.99] has quit [Ping timeout: 256 seconds]
12:08 < roconnor> what is really helpful as an example is to replace [ 40 {32} repeat ] with an example string.
12:09 < roconnor> though you would have to undelete that.
12:09 < andytoshi> true, agreed
12:09 < roconnor> I was planning to make a subroutine for drawing the latter and make a little image with example values filled in.
12:10 < andytoshi> oo neat
12:10 < roconnor> *drawing the ladder
12:10 < andytoshi> i wouldn't have deleted the {32} repeat, but i didn't understand it until after i was done rewriting the whole function :P
12:11 -!- piku [~piku@47.202.113.8] has joined #bitcoin-wizards
12:14 < andytoshi> when you say 44 and 70 chars, are you including a checksum?
12:14 < roconnor> yes and a 5 character header
12:15 < roconnor> though maybe we want a 7 character header.
12:15 < andytoshi> my inclination would be to split the smaller ladder into two 22-row pieces (and you could fit them both on one page i think, one below the other) with instructions to copy the bottom row of the first into the top row of the second
12:15 < andytoshi> then you could have a 3rd, 26-row piece on a separate page marked "only use for 256-bit secrets"
12:15 < roconnor> oh I see.
12:16 < andytoshi> and to enlarge all the ladders as much as will fit on one page
12:21 -!- jasan [~j@tunnel625336-pt.tunnel.tserv1.bud1.ipv6.he.net] has joined #bitcoin-wizards
12:23 < andytoshi> 5s and Ss are currently the hardest thing for us to distinguish in handwriting
12:24 < andytoshi> it's tempting to replace the bech32 alphabet with one that uses shapes and greek letters and whatever else we can find
12:27 < andytoshi> or maybe just suggest the user replace S with $, 0 with *, G with @, since these are visually similar substitutions
12:28 < andytoshi> i guess, 0 with a bar through it is already pretty distinct
12:29 < andytoshi> in any case we should add a table mapping the alphabet to binary somewhere (i have one in my "bip39" branch) which will give the user some resiliance against alphabet changes
12:32 < andytoshi> ok, mechanical pencils seem to be better than any pen that we tried
12:45 < ademan[m]> <andytoshi> "and if you're doing this, it..." <-  thanks! I guess to be more specific, and a bit obtuse. I don't know how to completely trust the hw random number generator in the ColdCard, supposing a supply chain attack or something. But I can roll 100 dice (or 1 dice 100 times) to add 256 bits more entropy, and I can verify on an offline computer that the hw random seed is being combined with the dice rolls properly. However I
12:45 < ademan[m]> want to understand if I am harming myself by using less than perfect, precision dice. It *sounds like* the answer is no, I can really only help myself. I assume, perhaps incorrectly, that if I suspected my dice are biased, I could actually roll more times? (If I assume my dice are biased, I may be getting less than 2.58 bits of entropy from each roll, so maybe I assume I'm getting 2 bits of entropy from it, and roll 129 times
12:45 < ademan[m]> instead of 100, to get 256 bits of entropy?)
13:09 < andytoshi> ademan[m]: in short, the dice being biased won't hurt you here
13:10 < andytoshi> in the sense that they'll be no worse than no dice at all :)
13:10 < andytoshi> roconnor: i mocked up the "split worksheet" idea in https://github.com/apoelstra/SSS32/tree/russ32 .. see page 20
13:17 -!- Guyver2 [Guyver@guyver2.xs4all.nl] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
13:22 -!- karonto_ [~karonto@2a02:3102:48e1:ff7e:552d:4a3f:2d0d:d58f] has quit [Quit: This computer has gone to sleep]
14:04 < roconnor> nice.
14:29 < andytoshi> lol, actually, for 256-bit proofs we could put the extra 26-row ladder  *between* the two ladders on that page
14:29 < andytoshi> that way we don't need to muck around moving the pink squares and the final checksum, depending on your key length
14:30 < roconnor> intresting idea.
14:30 < andytoshi> i mean, not physically between (there is no room), but give the user instructions saying "don't copy the cells on this page, first copy onto the next page"
14:30 < andytoshi> it will be a bit difficult to word those instructions
14:30 < andytoshi> but the result, i think, will be minimally intrusive for "normal" 128-bit users
14:31 < roconnor> I'm not really convinced we should change the alphabet.  I kinda feel the having familar letters is more useful.
14:31 < andytoshi> Yeah, I think you're right
14:31 < roconnor> But we should be clear that they need to write clearly.
14:31 < roconnor> maybe link to my high school drafting class.
14:32 < andytoshi> I just did a test run with the zoomed-in split sheet, and it was much easier to keep my letters straight than it was with the tiny cells. and it took me only 36 minutes to do a complete bech32 checksum (though this time i had the professinoally printed color volvelle)
14:32 < roconnor> https://uwoodcraft.com/drafting-lettering-guide-for-beginners/
14:32 < andytoshi> I think we should also suggest that the user write $ instead of S, since 5/S continues to be the hardest thing for me
14:33 < andytoshi> lol fascinating link
14:33 < roconnor> hmm
14:35 < roconnor> like a stroke through the S doesn't seem like a bad idea.
14:35 < roconnor> Now I'm wondering if we should suggest decoding a $ as an S if it "occurs".
14:36 < roconnor> Normally I'd suggest decoding any unknown character as a missing character.
14:36 < roconnor> and so decoding it as an S isn't that much worse.
14:37 < andytoshi> basically, a missing character is better than a wrong one in the sense that it gives you a "free correction" because you know its position
14:37 < andytoshi> so i _think_ with a distance-9 code, if you have 8 missing characters you could actually correct all 8
14:38 < andytoshi> whereas you cannot reliably correct more than 4 wrong characters
14:38 < andytoshi> anyway .. i think "decode $ as S" is a good idea, and probably users would do this anyway
14:39 < roconnor> We'd have to make a list
14:41 < roconnor> $ -> s O -> O 1 -> L I -> L  B -> um 3?
14:42 < roconnor> I don't know why b is missing.
14:46 < roconnor> I guess B looks like 13.
14:46 < roconnor> I guess B looks like I3.
14:47 < roconnor> so nevermind about the B substitution.
14:54 -!- b10c [uid500648@ilkley.irccloud.com] has joined #bitcoin-wizards
14:54 < andytoshi> i think B looks like 8
14:54 < andytoshi> but yeah, also 13
14:54 < roconnor> oh 8 of course.
14:54 < roconnor> B -> 8
14:55 < roconnor> O -> 0 I meant.
14:55 < roconnor> *lol* I was thinking those two characters look at bit too similar.
14:55 < andytoshi> lol!
14:56 < andytoshi> An unrelated idea ... i am musing about how i can outsource checksum verification to untrusted parties (e.g. unsuspecting students of mine who think they are learning coding theory). it occurs to me that if I do the checksum worksheet with 13 Qs as the checksum, i'll get a word that i can add to any codeword while preserving the checksum. (and if I put Qs in all the header slots i can preserve 
14:56 < andytoshi> those too)
14:56 < andytoshi> this will let me blind or "encrypt" my shit by hand
14:56 < roconnor> intresting so we'd be putting the secret at the $ share.
14:56 < andytoshi> hah, cute
14:57 < andytoshi> unfortunately, if my goal is saving checksum verification time, this does not accomplish it ... because i need to manually verify the all-0 checksum on my blinder, and then the blinder is single-use only
14:58 < roconnor> you cannot just add words, you have to do affine combinations.
14:58 < andytoshi> roconnor: the "blinder" here is not a word, it's a skew-word whose checksum is all 0s
14:58 < andytoshi> and that, i can add to any word
14:58 < roconnor> oh right.
14:59 < roconnor> you can add two words and get a word with a checksum of um Q's I guess.
14:59 < andytoshi> oh that's a neat symmetry
15:00 < roconnor> But still
15:00 < roconnor> generating a blinder is as hard as validating the checksum yourself.
15:00 < andytoshi> yeah :/
15:00 < roconnor> actually it is a bit harder.
15:01 < roconnor> and reusing blinders doesn't strike me as safe.
15:01 < andytoshi> blinders may be independently useful though. e.g. if you encrypt the S share before splitting it, then you have a policy of the form "2-of-N and the blinding key"
15:01 < andytoshi> yeah agreed, you cannot reuse blinders without leaking some hard-to-quantify amount of secret
15:02 < andytoshi> or if individual parties use blinders, then you have a policy of the form "2-of-N of 2-of-2s"
15:02 < roconnor> andytoshi: I'm not sure that work.  2-of-2 *is* a one-time pad.
15:02 < roconnor> and I don't think SSS is securely composable with itself.
15:02 < andytoshi> i believe i'm composing SSS with a one-time-pad
15:02 < roconnor> well I don't know.  maybe it is.
15:03 < andytoshi> which i think is ok
15:03 < andytoshi> but also, i think you can compose SSS with itself
15:03 < roconnor> I guess if SSS is perfectly hiding it must be composable with itself.
15:03 < andytoshi> yeah that's a good argument
15:03 < andytoshi> in any case, i feel pretty confident that if i OTP my secret, then SSS the ciphertext, that both schemes will retain full security
15:04 < andytoshi> and the resulting scheme will by "2 of N shares, and the OTP key"
15:04 < roconnor> Why are you trying to lose you seed? :D
15:04 < andytoshi> haha, yeah, i definitely need to think about the availability/security tradeoff i'm making here
15:05 < andytoshi> it may be that this is simply a bad dangerous idea
15:05 < roconnor> so slip39 has a two level scheme built in for this.
15:05 < roconnor> I was thinking of maybe making a second scheme for splitting up the first scheme.
15:06 < roconnor> I don't know.  I don't like getting too fancy.
15:06 < andytoshi> it might not be too hard -- i think you add a second "share index"
15:06 < andytoshi> which is constant during the first splitting
15:06 < andytoshi> and changes during the second one
15:07 < andytoshi> but i agree, fanciness is scary
15:07 < andytoshi> having these volvelles may be too much power for me. i am tempted to do all sorts of absurd things now that i know i can do checksummed SSS and basic arithmetic on my secrets
15:08 < roconnor> I mean, abusing the index field for the second level isn't the worst thing in the world.
15:08 < roconnor> I meant abusing the ID field.
15:09 < andytoshi> ah yep, that'd work
15:10 < andytoshi> mathematically, anyway. i think in practice it is important that non-mathematicians be able to recover your secrets, if they have enough keys and the volvelle+instructions
15:10 < andytoshi> hence your "fanciness scares me"
15:16 < andytoshi> BTW colored volvelle: https://www.wpsoftware.net/pix/2021-11-14_224919.jpg
15:17 < roconnor> are 5 and S different colours?
15:17 < roconnor> no.
15:17 < roconnor> well there's your problem.
15:21 < andytoshi> hehe, yeah, i should fix that actually
15:21 < andytoshi> but i have little difficulty distinguishing the Courier 5 and S
15:21 -!- CryptoDavid [uid14990@uxbridge.irccloud.com] has quit [Quit: Connection closed for inactivity]
15:23 < roconnor> 5,S O,D U,V and everything else you said.
15:24 < andytoshi> yep. i have a much better command of postscript now so i can fix that.
15:24 < andytoshi> I also think I should use much *deeper* colors and do white-on-color text
15:24 < andytoshi> and i should have colored squares on the front piece of the volvelle, even though that will require i write more square-drawing code
15:24 < andytoshi> rather than just coloring the text, which didn't really work
15:25 < roconnor> TBH I'm still unconvinced that the colours are helpful.
15:26 < roconnor> But as long as we have a monochrome mode, I'll be fine.
15:26 < andytoshi> they are helpful in two ways -- one is that i have a much easier time remembering where symbols are on the front sheet when they have distinct colors as well as distinct shapes. and the other is directly "if i am adding yellow to $color the result will be $color so i only need to scan for those squares"/"if i am adding $color to itself the result will be yellow, i only need to scan for those 
15:27 < andytoshi> squares"
15:27 < andytoshi> but yes, i expect a -lot- of personal variance on whether the colors help or hurt
15:27 < andytoshi> and i think the specific way that i did them, where they are overlapping and all the same saturation/intensity, is probably suboptimal
15:29 -!- jtrag [~jtrag@user/jtrag] has quit [Quit: <-----  is PODAK (Passed out drunk at keyboard), and he has somehow managed to quit/disconnect...]
16:14 -!- yanmaani [~yanmaani@gateway/tor-sasl/yanmaani] has quit [Remote host closed the connection]
16:24 -!- yanmaani [~yanmaani@gateway/tor-sasl/yanmaani] has joined #bitcoin-wizards
16:27 -!- piku [~piku@47.202.113.8] has quit [Remote host closed the connection]
16:27 -!- piku [~piku@47.202.113.8] has joined #bitcoin-wizards
16:48 < _aj_> andytoshi: maybe could use a list of 1024 words instead of 2048, so each word matches a pair of bech32 characters? if you set the high bit to zero and only used 255 bits of entropy, you'd have 25.5 words of entropy, 2.5 words of checksum. having an easy mapping of words the a pair of bech32 letters seems like it might be a win?
16:49 < andytoshi> _aj_: yep, SLIP39 does this
16:49 < andytoshi> but you've gotta be compatible with hardware wallets somehow and most of them use bip39 :(
16:50 < andytoshi> SLIP39 actually has a reed solomon code checksum, but i think we can compute that with volvelles
16:53 < _aj_> andytoshi: i dunno, if you're changing the checksum you're already kind-of incompatible... having something that's optimised for by-hand generation/verification could be worth it. especially if it's a shared wordlist (every second word from the bip39 list?) and a different count of words, making your hw wallet support both could be alright
16:57 < andytoshi> _aj_: i think convincing hw wallets to deal with yet another standard would be a tough sell (and is way more scope than i want to deal with)
16:58 < andytoshi> so if there's a somewhat-manageable way to convert from the by-hand format to popular hww formats, i'll be happy
17:12 -!- AaronvanW [~AaronvanW@71pc74.sshunet.nl] has quit [Quit: Leaving...]
17:39 < andytoshi> roconnor: it occurs to me that an application of 2-of-N secret sharing is transporting secrets ... generally i think my secrets are safe when they're at rest (on locked cryptosteels or whatever), but i worry a lot about shipping them or bringing them on planes or anything
17:39 < andytoshi> but if i split it, then i can bring the two halves with me individually
17:39 < andytoshi> neither is valuable by itself, so if either gets compromised in transit i just destroy both and then restart
17:39 < andytoshi> bring the two halves on separate trips*
18:08 -!- belcher [~belcher@user/belcher] has quit [Ping timeout: 264 seconds]
18:15 < roconnor> surely trezor uses the SLIP39 wordlist.  They invented it.
18:23 -!- sr_gi [~sr_gi@static-195-77-225-77.ipcom.comunitel.net] has quit [Read error: Connection reset by peer]
18:23 -!- b10c [uid500648@ilkley.irccloud.com] has quit [Quit: Connection closed for inactivity]
18:24 -!- sr_gi [~sr_gi@static-195-77-225-77.ipcom.comunitel.net] has joined #bitcoin-wizards
18:44 -!- belcher [~belcher@user/belcher] has joined #bitcoin-wizards
19:12 -!- solocshaw [~Thunderbi@gateway/vpn/pia/solocshaw] has joined #bitcoin-wizards
19:52 -!- grubman9000 [~ufotofu@user/ufotofu] has joined #bitcoin-wizards
22:58 -!- Netsplit *.net <-> *.split quits: pin, real_or_random, Keele, ryan-c
22:58 -!- Netsplit over, joins: Keele
22:58 -!- pin [pinne@bsd.douchedata.com] has joined #bitcoin-wizards
22:59 -!- Netsplit over, joins: ryan-c
22:59 -!- Netsplit over, joins: real_or_random
23:00 -!- jonatack [jonatack@user/jonatack] has quit [Ping timeout: 268 seconds]
23:04 -!- Netsplit *.net <-> *.split quits: stevenro-
23:04 -!- stevenroose [~steven@irc.roose.io] has joined #bitcoin-wizards
23:45 -!- AaronvanW [~AaronvanW@71pc74.sshunet.nl] has joined #bitcoin-wizards
--- Log closed Mon Nov 15 00:00:33 2021