On Wed, Mar 12, 2014 at 2:39 PM, Pavol Rusnak <stick@gk2.sk> wrote:

On 03/12/2014 08:26 PM, Jean-Paul Kogelman wrote:
> So upon entering a password with a typo, the user will not be notified of an
> error, but be presented with a wallet balance of 0, after the blockchain has
> been scanned. I'm sorry, but that's not the kind of experience I would want to
> present to my users.

Sure, you can have either plausible deniability or typo checking, not
both at the same time.

The proposed BIP uses a bloom filter, so it has both plausible deniability and typo checking. The bloom filter is optimized for two elements and will catch something like 99.9975% of typos, despite allowing two different passwords.

> Would you care to elaborate how optional outsourcing of the KDF breaks
> compatibility?

I'm afraid one would end up with code generated in one client that is
unusable in a different client, because the client's developer thought
that using fancier algorithm instead of the proposed ones was a good idea.

This is clearly in violation of the spec. You could argue this about anything in Bitcoin. What if a developer decided to replace SHA256 with SHA3 in their implementation of a Bitcoin client? Obviously this would cause issues.

Will