From: William Yager <will.yager@gmail•com>
Cc: Bitcoin Dev <bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] [RFC] Proposal: Base58 encoded HD Wallet root key with optional encryption
Date: Wed, 12 Mar 2014 13:00:58 -0500 [thread overview]
Message-ID: <CAG8oi1OURpch-FBAgDcO-W-JxOaTk7CE98VtM+kuheXZk5rfTw@mail.gmail.com> (raw)
In-Reply-To: <CAKm8k+3bbhN=Kf2thvtakA7EGcTHDn1ssQm-+Fwf3hAAQmndTQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 4321 bytes --]
This spec offers a lot of benefits over BIP 0038:
* Multiple KDFs (I think the chosen list is reasonable and fits all
required use cases)
* Multiple seed lengths
* Explicit BIP 0032 support
* Creation date field
* Plausible deniability (via the multiple-password mechanism)
I don't think it makes any sense to compare this to BIP 0039. BIP 0039 is
for key import/export, but it doesn't deal with anything like encryption,
wallet creation date, etc. The use cases are completely different.
I don't think we should let BIP 0039 (which is perfectly good for its
intended use case) hold us back from improving on BIP 0038 (which is also
good, but could use some changes).
Will
On Wed, Mar 12, 2014 at 11:49 AM, Gary Rowe <g.rowe@froot•co.uk> wrote:
> Jean-Paul, it may be worth noting that the BIP39 word list is integrated
> into Bitcoinj so will likely become the de facto standard for Android,
> Trezor web and several desktop wallets. Anyone deviating from that word
> list would likely find themselves in an isolated pocket.
>
> Regarding the timestamp, MultiBit HD uses a simple timestamp of "number of
> days since midnight of Bitcoin genesis block in UTC with modulo 97 checksum
> appended". Thus a new seed generated on 27 January 2014 would have
> "1850/01" as its checksum. When creating a new wallet the users are tested
> that they have written the timestamp down along with the associated
> 12/18/24 words.
>
> Modulo 97 was chosen since it catches about 99% of errors.
>
>
> On 12 March 2014 15:55, Pavol Rusnak <stick@gk2•sk> wrote:
>
>> On 03/12/2014 04:45 PM, Jean-Paul Kogelman wrote:
>> > Yes I am. There are some differences between BIP 39 and my proposal
>> though.
>> >
>> > - BIP 39 offers an easy list of words, no gnarly string of case
>> sensitive letters and numbers.
>>
>> Which is better IMO. I can't imagine anyone writing down a long Base58
>> encoded string.
>>
>> > - BIP 39 only offers one fixed length of entropy, always 12 words, no
>> option to increase or decrease the length.
>>
>> Not true, BIP39 supports 12/18/24 words (= 128/192/256 bits of entropy).
>>
>> > - BIP 39 doesn't have a genesis date field, so no optimization during
>> blockchain rescan.
>>
>> This is nice addition, indeed. But we needed to limit the data as
>> possible in order not to increase the number of words needed to be noted
>> down.
>>
>> > - BIP 39 doesn't have password typo detection. No easy way to recover a
>> password if you know most of it.
>>
>> It has a detection. Not correction though.
>>
>> > - BIP 39 does not have a user selectable KDF, only 2048 round
>> PBKDF2-HMAC-SHA512.
>> > - BIP 39 can't outsource the KDF computation to a 3rd party.
>>
>> True, but having one or two solid options are better than having
>> gazillions of possible options.
>>
>> > - BIP 39 wallet implementors can use their own word lists, breaking
>> cross wallet compatibility.
>>
>> True, but they are encouraged to use the list provided. Possibility to
>> outsource KDF outside of your "standard" breaks much more compatibility
>> than this.
>>
>> --
>> Best Regards / S pozdravom,
>>
>> Pavol Rusnak <stick@gk2•sk>
>>
>>
>> ------------------------------------------------------------------------------
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/13534_NeoTech
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists•sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/13534_NeoTech
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
[-- Attachment #2: Type: text/html, Size: 5997 bytes --]
next prev parent reply other threads:[~2014-03-12 18:01 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <op.w0hd2nthyldrnw@laptop-air>
2013-07-19 18:15 ` [Bitcoin-development] [RFC] Proposal: Base58 encoded HD Wallet master seed " Jean-Paul Kogelman
2013-07-22 13:14 ` Mike Hearn
2013-07-22 14:33 ` Jean-Paul Kogelman
2013-07-22 21:37 ` Jean-Paul Kogelman
2013-11-16 2:47 ` Gregory Maxwell
2013-11-16 3:09 ` Jean-Paul Kogelman
2013-12-26 11:48 ` Jean-Paul Kogelman
2014-03-12 3:17 ` [Bitcoin-development] [RFC] Proposal: Base58 encoded HD Wallet root key " Jean-Paul Kogelman
2014-03-12 13:11 ` Pavol Rusnak
2014-03-12 15:45 ` Jean-Paul Kogelman
2014-03-12 15:55 ` Pavol Rusnak
2014-03-12 16:49 ` Gary Rowe
2014-03-12 18:00 ` William Yager [this message]
2014-03-12 19:35 ` Jean-Paul Kogelman
2014-03-12 19:41 ` Gary Rowe
2014-03-12 19:26 ` Jean-Paul Kogelman
2014-03-12 19:39 ` Pavol Rusnak
2014-03-12 19:55 ` William Yager
2014-03-12 20:04 ` Pavol Rusnak
2014-03-12 20:10 ` William Yager
2014-03-12 20:24 ` Pavol Rusnak
2014-03-12 20:37 ` William Yager
2014-03-12 20:42 ` Pavol Rusnak
2014-03-12 20:49 ` William Yager
2014-03-12 21:08 ` Jean-Paul Kogelman
2014-03-12 21:15 ` William Yager
2014-04-22 0:05 William Yager
2014-04-24 19:39 ` William Yager
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAG8oi1OURpch-FBAgDcO-W-JxOaTk7CE98VtM+kuheXZk5rfTw@mail.gmail.com \
--to=will.yager@gmail$(echo .)com \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox