From: Jonas Schnelli <dev@jonasschnelli•ch>
To: Pavol Rusnak <stick@satoshilabs•com>,
Bitcoin Protocol Discussion
<bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Bip44 extension for P2SH/P2WSH/...
Date: Sat, 14 May 2016 18:14:43 +0200 [thread overview]
Message-ID: <57374EF3.3000705@jonasschnelli.ch> (raw)
In-Reply-To: <57373116.90902@satoshilabs.com>
[-- Attachment #1.1: Type: text/plain, Size: 2011 bytes --]
> On 14/05/16 10:16, Jonas Schnelli via bitcoin-dev wrote:
>> Importing a bip32 wallet (bip44 or not) is still an expert job IMO.
>
> That's simply not true. All reasonable wallets (reasonable = user
> oriented) now use BIP39 mnemonic for doing exactly this.
AFAIK: Bip39 import (cross-wallet) is not supported by Schildbachs
android wallet [1] and Electrum [2] and Breadwallet [3].
But I think forming a BIP39 mnemonic into a extended master private key
is not the problem here.
The problems I see:
* What if the "old" wallet has used more then 1000 addresses? I guess
some wallets do not even create a lookup window up to 1000 addresses.
There is a high chance of loosing funds when doing sweep (move all funds
to a new wallet) operation.
* I guess most or maybe all wallets will keep all keys (the
"lookup-window" keys) in the wallet database which could affect
performance [4]
* I guess most wallets do not offer "moving the funds to a new seed" [5]
which results in not solving the problem of a "lost" or "compromised"
wallet and implies wrong security to the enduser.
* If I import a bip39 mnemonic into a hardware wallet (assume Trezor or
Keepkey) I have to type in the words into my computer which bypasses
some of the security my hardware wallet provides me (MITM seed attack).
Together with the point above this reduces the security of a wallet (in
particular cold storage significant).
Please correct me if I'm wrong.
I just wanted to point out that importing a wallet is a tricky step
especially cross-wallet imports (I think cross wallet imports is an
experts job without further improvements).
[1] https://github.com/bitcoin-wallet/bitcoin-wallet/issues/245
[2] http://docs.electrum.org/en/latest/seedphrase.html
[3] https://github.com/voisine/breadwallet/issues/360
[4] https://github.com/bitcoin-wallet/bitcoin-wallet/issues/158
[5]
https://github.com/voisine/breadwallet/blob/master/BreadWallet/BRRestoreViewController.m#L225
</jonas>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2016-05-14 16:14 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-13 13:16 Daniel Weigl
2016-05-13 15:00 ` Pavol Rusnak
2016-05-13 16:03 ` Aaron Voisine
2016-05-13 16:11 ` Pavol Rusnak
2016-05-13 16:59 ` Aaron Voisine
2016-05-13 17:57 ` Pavol Rusnak
2016-05-13 21:42 ` Aaron Voisine
2016-05-14 8:16 ` Jonas Schnelli
2016-05-14 12:26 ` Jochen Hoenicke
2016-05-14 14:07 ` Pavol Rusnak
2016-05-14 16:14 ` Jonas Schnelli [this message]
2016-05-14 17:37 ` Kenneth Heutmaker
2016-05-15 8:53 ` Thomas Voegtlin
2016-05-15 10:04 ` Pavol Rusnak
2016-05-15 12:08 ` Daniel Weigl
2016-05-15 17:36 ` Aaron Voisine
2016-05-14 7:00 ` Andreas Schildbach
2016-05-14 14:08 ` Pavol Rusnak
2016-05-14 17:09 ` Aaron Voisine
2016-05-14 12:15 ` Jochen Hoenicke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57374EF3.3000705@jonasschnelli.ch \
--to=dev@jonasschnelli$(echo .)ch \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=stick@satoshilabs$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox