* [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys
@ 2013-09-10 16:44 slush
2013-09-10 17:36 ` Andreas M. Antonopoulos
2013-09-10 20:40 ` Matthew Mitchell
0 siblings, 2 replies; 19+ messages in thread
From: slush @ 2013-09-10 16:44 UTC (permalink / raw)
To: bitcoin-development
[-- Attachment #1: Type: text/plain, Size: 513 bytes --]
Hi all,
we just finalized the draft and reference implementation of BIP39. Regards
to rules in BIP0001 we're asking for comments.
The aim of the proposal is to standardize algorithm across various clients
and fix some design problems of existing (but not yet standardized)
Electrum mnemonic algorithm.
BIP39 is a nice complement to BIP32, which allow users to (paper) backup
and share their wallet accross multiple clients easily.
Link to BIP: https://en.bitcoin.it/wiki/BIP_0039
Thanks for your time,
slush
[-- Attachment #2: Type: text/html, Size: 756 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys
2013-09-10 16:44 [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys slush
@ 2013-09-10 17:36 ` Andreas M. Antonopoulos
2013-09-10 20:40 ` Matthew Mitchell
1 sibling, 0 replies; 19+ messages in thread
From: Andreas M. Antonopoulos @ 2013-09-10 17:36 UTC (permalink / raw)
To: slush; +Cc: bitcoin-development
[-- Attachment #1: Type: text/plain, Size: 1243 bytes --]
Excellent!
On Tue, Sep 10, 2013 at 9:44 AM, slush <slush@centrum•cz> wrote:
> Hi all,
>
> we just finalized the draft and reference implementation of BIP39. Regards
> to rules in BIP0001 we're asking for comments.
>
> The aim of the proposal is to standardize algorithm across various clients
> and fix some design problems of existing (but not yet standardized)
> Electrum mnemonic algorithm.
>
> BIP39 is a nice complement to BIP32, which allow users to (paper) backup
> and share their wallet accross multiple clients easily.
>
> Link to BIP: https://en.bitcoin.it/wiki/BIP_0039
>
> Thanks for your time,
> slush
>
>
> ------------------------------------------------------------------------------
> How ServiceNow helps IT people transform IT departments:
> 1. Consolidate legacy IT systems to a single system of record for IT
> 2. Standardize and globalize service processes across IT
> 3. Implement zero-touch automation to replace manual, redundant tasks
> http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
[-- Attachment #2: Type: text/html, Size: 2063 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys
2013-09-10 16:44 [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys slush
2013-09-10 17:36 ` Andreas M. Antonopoulos
@ 2013-09-10 20:40 ` Matthew Mitchell
2013-09-10 20:50 ` slush
1 sibling, 1 reply; 19+ messages in thread
From: Matthew Mitchell @ 2013-09-10 20:40 UTC (permalink / raw)
To: slush; +Cc: Bitcoin Dev
[-- Attachment #1.1: Type: text/plain, Size: 1329 bytes --]
I like this, though maybe sometimes you'll get rude word combinations come out.
Matthew
On 10 Sep 2013, at 17:44, slush <slush@centrum•cz> wrote:
> Hi all,
>
> we just finalized the draft and reference implementation of BIP39. Regards to rules in BIP0001 we're asking for comments.
>
> The aim of the proposal is to standardize algorithm across various clients and fix some design problems of existing (but not yet standardized) Electrum mnemonic algorithm.
>
> BIP39 is a nice complement to BIP32, which allow users to (paper) backup and share their wallet accross multiple clients easily.
>
> Link to BIP: https://en.bitcoin.it/wiki/BIP_0039
>
> Thanks for your time,
> slush
> ------------------------------------------------------------------------------
> How ServiceNow helps IT people transform IT departments:
> 1. Consolidate legacy IT systems to a single system of record for IT
> 2. Standardize and globalize service processes across IT
> 3. Implement zero-touch automation to replace manual, redundant tasks
> http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk_______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
[-- Attachment #1.2: Type: text/html, Size: 2065 bytes --]
[-- Attachment #2: Message signed with OpenPGP using GPGMail --]
[-- Type: application/pgp-signature, Size: 496 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys
2013-09-10 20:40 ` Matthew Mitchell
@ 2013-09-10 20:50 ` slush
2013-09-10 21:03 ` Matthew Mitchell
0 siblings, 1 reply; 19+ messages in thread
From: slush @ 2013-09-10 20:50 UTC (permalink / raw)
To: Matthew Mitchell; +Cc: Bitcoin Dev
In many iterations of editing the wordlist we made our best to pick
words which are easy to remember, still "neutral". Unfortunately it's
almost impossible to exclude some words which may together create
negative co-notations.
Thankfully we removed all racist and religious words so I believe all
three authors mentioned in the BIP are safe against fundamentalist
bitcoin users :-).
slush
On 9/10/13, Matthew Mitchell <matthewmitchell@godofgod•co.uk> wrote:
> I like this, though maybe sometimes you'll get rude word combinations come
> out.
>
> Matthew
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys
2013-09-10 20:50 ` slush
@ 2013-09-10 21:03 ` Matthew Mitchell
2013-09-10 21:34 ` Pavol Rusnak
` (2 more replies)
0 siblings, 3 replies; 19+ messages in thread
From: Matthew Mitchell @ 2013-09-10 21:03 UTC (permalink / raw)
To: slush; +Cc: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 862 bytes --]
Well let's hope something like "murder black people", "stupid asian person" or "whip african slave" doesn't come up. :-) Maybe it would have been better without the aggressive words?
Matthew
On 10 Sep 2013, at 21:50, slush <slush@centrum•cz> wrote:
> In many iterations of editing the wordlist we made our best to pick
> words which are easy to remember, still "neutral". Unfortunately it's
> almost impossible to exclude some words which may together create
> negative co-notations.
>
> Thankfully we removed all racist and religious words so I believe all
> three authors mentioned in the BIP are safe against fundamentalist
> bitcoin users :-).
>
> slush
>
> On 9/10/13, Matthew Mitchell <matthewmitchell@godofgod•co.uk> wrote:
>> I like this, though maybe sometimes you'll get rude word combinations come
>> out.
>>
>> Matthew
[-- Attachment #2: Message signed with OpenPGP using GPGMail --]
[-- Type: application/pgp-signature, Size: 496 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys
2013-09-10 21:03 ` Matthew Mitchell
@ 2013-09-10 21:34 ` Pavol Rusnak
2013-09-10 22:08 ` Gregory Maxwell
2013-09-12 12:11 ` Pavol Rusnak
2 siblings, 0 replies; 19+ messages in thread
From: Pavol Rusnak @ 2013-09-10 21:34 UTC (permalink / raw)
To: Bitcoin Dev
On 10/09/13 23:03, Matthew Mitchell wrote:
> Maybe it would have been better without the aggressive words?
Feel free to come up with wordlist enhancements. That's why we put
this BIP for discussion in the first place. Three people went through
the wordlist numerous number of times and as you can see it's still
not perfect.
Please bear in mind that for every word you remove from the list, you
have to come up with a good alternative that is unique and hard to
confuse with the others.
--
Best Regards / S pozdravom,
Pavol Rusnak <stick@gk2•sk>
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys
2013-09-10 21:03 ` Matthew Mitchell
2013-09-10 21:34 ` Pavol Rusnak
@ 2013-09-10 22:08 ` Gregory Maxwell
2013-09-10 22:35 ` Mark Friedenbach
2013-09-10 22:47 ` slush
2013-09-12 12:11 ` Pavol Rusnak
2 siblings, 2 replies; 19+ messages in thread
From: Gregory Maxwell @ 2013-09-10 22:08 UTC (permalink / raw)
To: Matthew Mitchell; +Cc: Bitcoin Dev
On Tue, Sep 10, 2013 at 2:03 PM, Matthew Mitchell
<matthewmitchell@godofgod•co.uk> wrote:
> Well let's hope something like "murder black people", "stupid asian person" or "whip african slave" doesn't come up. :-) Maybe it would have been better without the aggressive words?
Ouch.
This sounds like something that $20 of mechanical turk time could help
out with a lot. Put up the 2048 words and ask people to rate them for
potential offensiveness and threatening. :)
Nouns often make for fairly neutral words, though careful for place
names which have had political complications. E.g. gdansk vs danzig.
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys
2013-09-10 22:08 ` Gregory Maxwell
@ 2013-09-10 22:35 ` Mark Friedenbach
2013-09-10 22:43 ` Gregory Maxwell
2013-09-11 12:49 ` Andreas Petersson
2013-09-10 22:47 ` slush
1 sibling, 2 replies; 19+ messages in thread
From: Mark Friedenbach @ 2013-09-10 22:35 UTC (permalink / raw)
To: bitcoin-development
Getting OT...
For a while I've wanted to combine one of these mnemonic code generators
with an NLP engine to do something like output a short story as the
passphrase, even a humorous onem with the key encoded in the story
itself (remember the gist of the story and that's sufficient to
reconstruct the key).
Also, obligatory link about the failures of unsanitized word lists:
http://iam.peteashton.com/keep-calm-rape-tshirt-amazon/
It can really backfire to get one of these things wrong.
Mark
On 9/10/13 3:08 PM, Gregory Maxwell wrote:
> On Tue, Sep 10, 2013 at 2:03 PM, Matthew Mitchell
> <matthewmitchell@godofgod•co.uk> wrote:
>> Well let's hope something like "murder black people", "stupid asian person" or "whip african slave" doesn't come up. :-) Maybe it would have been better without the aggressive words?
>
> Ouch.
>
> This sounds like something that $20 of mechanical turk time could help
> out with a lot. Put up the 2048 words and ask people to rate them for
> potential offensiveness and threatening. :)
>
> Nouns often make for fairly neutral words, though careful for place
> names which have had political complications. E.g. gdansk vs danzig.
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys
2013-09-10 22:35 ` Mark Friedenbach
@ 2013-09-10 22:43 ` Gregory Maxwell
2013-09-11 12:49 ` Andreas Petersson
1 sibling, 0 replies; 19+ messages in thread
From: Gregory Maxwell @ 2013-09-10 22:43 UTC (permalink / raw)
To: Mark Friedenbach; +Cc: Bitcoin Development
On Tue, Sep 10, 2013 at 3:35 PM, Mark Friedenbach <mark@monetize•io> wrote:
> It can really backfire to get one of these things wrong.
On the subject of unexpected results, for the longest time wikipedia
had problems with images randomly not displaying for some users.
Images were stored by their cryptographic hash. If the hash was
deadbeef the URL would be:
/d/de/deadbeef.jpg
Turns out that a lot of people are running addons that block /a/ad/ ...
Not running afoul of various censorware filters should be a design
target too, as insane as it seems. Simply because "The key is
'Tienanmen Square people monkey'" "People monkey isn't working!" is a
hard situation to trouble shoot!
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys
2013-09-10 22:08 ` Gregory Maxwell
2013-09-10 22:35 ` Mark Friedenbach
@ 2013-09-10 22:47 ` slush
1 sibling, 0 replies; 19+ messages in thread
From: slush @ 2013-09-10 22:47 UTC (permalink / raw)
To: Gregory Maxwell; +Cc: Bitcoin Dev
We're open to changes in the wordlist. We'll accept pull request
replacing potentially offensive words by another more neutral, which
also fits all other requirements.
Putting the wordlist together is really hard job and we spent few
sleepless nights on that. By the way, words "murder, black, people"
are contained also in Electrum wordlist and nobody complained yet :-).
slush
On 9/11/13, Gregory Maxwell <gmaxwell@gmail•com> wrote:
> On Tue, Sep 10, 2013 at 2:03 PM, Matthew Mitchell
> <matthewmitchell@godofgod•co.uk> wrote:
>> Well let's hope something like "murder black people", "stupid asian
>> person" or "whip african slave" doesn't come up. :-) Maybe it would have
>> been better without the aggressive words?
>
> Ouch.
>
> This sounds like something that $20 of mechanical turk time could help
> out with a lot. Put up the 2048 words and ask people to rate them for
> potential offensiveness and threatening. :)
>
> Nouns often make for fairly neutral words, though careful for place
> names which have had political complications. E.g. gdansk vs danzig.
>
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys
2013-09-10 22:35 ` Mark Friedenbach
2013-09-10 22:43 ` Gregory Maxwell
@ 2013-09-11 12:49 ` Andreas Petersson
2013-09-12 12:09 ` Pavol Rusnak
1 sibling, 1 reply; 19+ messages in thread
From: Andreas Petersson @ 2013-09-11 12:49 UTC (permalink / raw)
To: bitcoin-development
This an excellent idea, because i proposed the same thing previously.
these bip 39 mnemonics are IMO too hard to remember.
using NLP we could generate a gramatically correct sentence out of 128
completely random bits which is possible to remember. information could
be encoded in the selection of words but also in the choice of the
syntax tree.
if i had too much spare time this would be an excellent project.
Am 11.09.2013 00:35, schrieb Mark Friedenbach:
> For a while I've wanted to combine one of these mnemonic code generators
> with an NLP engine to do something like output a short story as the
> passphrase, even a humorous onem with the key encoded in the story
> itself (remember the gist of the story and that's sufficient to
> reconstruct the key).
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys
2013-09-11 12:49 ` Andreas Petersson
@ 2013-09-12 12:09 ` Pavol Rusnak
0 siblings, 0 replies; 19+ messages in thread
From: Pavol Rusnak @ 2013-09-12 12:09 UTC (permalink / raw)
To: bitcoin-development
On 11/09/13 14:49, Andreas Petersson wrote:
> using NLP we could generate a gramatically correct sentence out of 128
> completely random bits which is possible to remember. information could
> be encoded in the selection of words but also in the choice of the
> syntax tree.
We were playing with that idea quite a lot. The problem was that we
ended up with much bigger wordlist and thus it had to contain more
obscure words. Also remember that this scheme has to run on embedded
devices as well, so any unnecessary complexity should be avoided.
--
Best Regards / S pozdravom,
Pavol Rusnak <stick@gk2•sk>
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys
2013-09-10 21:03 ` Matthew Mitchell
2013-09-10 21:34 ` Pavol Rusnak
2013-09-10 22:08 ` Gregory Maxwell
@ 2013-09-12 12:11 ` Pavol Rusnak
2013-09-12 16:02 ` Matthew Mitchell
2 siblings, 1 reply; 19+ messages in thread
From: Pavol Rusnak @ 2013-09-12 12:11 UTC (permalink / raw)
To: Bitcoin Dev
On 10/09/13 23:03, Matthew Mitchell wrote:
> Maybe it would have been better without the aggressive words?
I revisited the wordlist and replaced around 67 words that can be
found offensive in some context.
--
Best Regards / S pozdravom,
Pavol Rusnak <stick@gk2•sk>
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys
2013-09-12 12:11 ` Pavol Rusnak
@ 2013-09-12 16:02 ` Matthew Mitchell
2013-10-24 18:26 ` slush
0 siblings, 1 reply; 19+ messages in thread
From: Matthew Mitchell @ 2013-09-12 16:02 UTC (permalink / raw)
To: Pavol Rusnak; +Cc: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 1245 bytes --]
I removed some more but I haven't added enough back in. It was taking far longer than expected so I gave up, but maybe someone else can try to add some more:
https://github.com/MatthewLM/python-mnemonic/blob/master/mnemonic/wordlist/english.txt
On 12 Sep 2013, at 13:11, Pavol Rusnak <stick@gk2•sk> wrote:
> On 10/09/13 23:03, Matthew Mitchell wrote:
>> Maybe it would have been better without the aggressive words?
>
> I revisited the wordlist and replaced around 67 words that can be
> found offensive in some context.
>
> --
> Best Regards / S pozdravom,
>
> Pavol Rusnak <stick@gk2•sk>
>
> ------------------------------------------------------------------------------
> How ServiceNow helps IT people transform IT departments:
> 1. Consolidate legacy IT systems to a single system of record for IT
> 2. Standardize and globalize service processes across IT
> 3. Implement zero-touch automation to replace manual, redundant tasks
> http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
[-- Attachment #2: Message signed with OpenPGP using GPGMail --]
[-- Type: application/pgp-signature, Size: 496 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys
2013-09-12 16:02 ` Matthew Mitchell
@ 2013-10-24 18:26 ` slush
2013-10-24 19:23 ` Pieter Wuille
2013-10-24 19:32 ` Jorge Timón
0 siblings, 2 replies; 19+ messages in thread
From: slush @ 2013-10-24 18:26 UTC (permalink / raw)
To: Matthew Mitchell; +Cc: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 3453 bytes --]
We've reflected many comments about BIP39 wordlist from the community and I
think the wordlist is much better now. Specifically we removed many of
theoretically offensive words as well as we implemented algorithm for
detecting words with similar characters (cat/eat) and we resolved these
duplicities. I'm now quite happy with the wordlist and I want to ask you
for next (final?) round of comments.
From other features, we added password protection of seed and seed
hardening (against bruteforcing) using Rijndael cipher. This has been
chosen because its blocksize can be 128, 192 or 256 bits, so it fits length
of desired seeds. Also there are Rijndael implementations in every
language. Btw password protection has one interesting feature - plausible
deniability. It allows user to have one mnemonic and by using it with
different passwords, it will generate different BIP32 wallets.... (wink
wink)
I want to be pretty clear that we need to close this topic somehow, because
we want to use such algorithm in Trezor (which deadline is coming quick)
and also other wallet developers want to implement such algorithm into
clients to be compatible with Trezor. There were quite strict requirements
for such algorithm (like the possibility to convert mnemonic to seed as
well as seed to mnemonic) and I think we found a good solution. I'm wildly
asking you for constructive comments, but saying "it's a crap, I don't like
it" won't help anything.
Thanks,
slush
On Thu, Sep 12, 2013 at 6:02 PM, Matthew Mitchell <
matthewmitchell@godofgod•co.uk> wrote:
> I removed some more but I haven't added enough back in. It was taking far
> longer than expected so I gave up, but maybe someone else can try to add
> some more:
>
>
> https://github.com/MatthewLM/python-mnemonic/blob/master/mnemonic/wordlist/english.txt
>
> On 12 Sep 2013, at 13:11, Pavol Rusnak <stick@gk2•sk> wrote:
>
> > On 10/09/13 23:03, Matthew Mitchell wrote:
> >> Maybe it would have been better without the aggressive words?
> >
> > I revisited the wordlist and replaced around 67 words that can be
> > found offensive in some context.
> >
> > --
> > Best Regards / S pozdravom,
> >
> > Pavol Rusnak <stick@gk2•sk>
> >
> >
> ------------------------------------------------------------------------------
> > How ServiceNow helps IT people transform IT departments:
> > 1. Consolidate legacy IT systems to a single system of record for IT
> > 2. Standardize and globalize service processes across IT
> > 3. Implement zero-touch automation to replace manual, redundant tasks
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
> > _______________________________________________
> > Bitcoin-development mailing list
> > Bitcoin-development@lists•sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
>
> ------------------------------------------------------------------------------
> How ServiceNow helps IT people transform IT departments:
> 1. Consolidate legacy IT systems to a single system of record for IT
> 2. Standardize and globalize service processes across IT
> 3. Implement zero-touch automation to replace manual, redundant tasks
> http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
[-- Attachment #2: Type: text/html, Size: 4889 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys
2013-10-24 18:26 ` slush
@ 2013-10-24 19:23 ` Pieter Wuille
2013-10-24 19:46 ` slush
2013-10-24 19:32 ` Jorge Timón
1 sibling, 1 reply; 19+ messages in thread
From: Pieter Wuille @ 2013-10-24 19:23 UTC (permalink / raw)
To: slush; +Cc: Bitcoin Dev
This is probably too late in the discussion, and I certainly don't
want to derail any standard being formed. But if it is controversial,
I want to offer my own suggestion.
This is a proposal I wrote a year ago, but never spent enough work to
push it as a standard:
https://bitcointalk.org/index.php?topic=102349.0
It needs some work, but I believe it may be a base for a superior
system than what is being proposed here. As the scheme linked above
has built-in configurable difficulty and checksums, the word set being
used doesn't need to function for checking anymore. You could use any
dictionary/language/text generator, and feed it into the system - the
software on the other side doesn't need to use the same dictionary.
The disadvantage is of course that it cannot encode arbitrary data -
it can only be used to generate a random seed. It does have some
theoretical advantages, though (see link).
--
Pieter
On Thu, Oct 24, 2013 at 8:26 PM, slush <slush@centrum•cz> wrote:
> We've reflected many comments about BIP39 wordlist from the community and I
> think the wordlist is much better now. Specifically we removed many of
> theoretically offensive words as well as we implemented algorithm for
> detecting words with similar characters (cat/eat) and we resolved these
> duplicities. I'm now quite happy with the wordlist and I want to ask you for
> next (final?) round of comments.
>
> From other features, we added password protection of seed and seed hardening
> (against bruteforcing) using Rijndael cipher. This has been chosen because
> its blocksize can be 128, 192 or 256 bits, so it fits length of desired
> seeds. Also there are Rijndael implementations in every language. Btw
> password protection has one interesting feature - plausible deniability. It
> allows user to have one mnemonic and by using it with different passwords,
> it will generate different BIP32 wallets.... (wink wink)
>
> I want to be pretty clear that we need to close this topic somehow, because
> we want to use such algorithm in Trezor (which deadline is coming quick) and
> also other wallet developers want to implement such algorithm into clients
> to be compatible with Trezor. There were quite strict requirements for such
> algorithm (like the possibility to convert mnemonic to seed as well as seed
> to mnemonic) and I think we found a good solution. I'm wildly asking you for
> constructive comments, but saying "it's a crap, I don't like it" won't help
> anything.
>
> Thanks,
> slush
>
>
> On Thu, Sep 12, 2013 at 6:02 PM, Matthew Mitchell
> <matthewmitchell@godofgod•co.uk> wrote:
>>
>> I removed some more but I haven't added enough back in. It was taking far
>> longer than expected so I gave up, but maybe someone else can try to add
>> some more:
>>
>>
>> https://github.com/MatthewLM/python-mnemonic/blob/master/mnemonic/wordlist/english.txt
>>
>> On 12 Sep 2013, at 13:11, Pavol Rusnak <stick@gk2•sk> wrote:
>>
>> > On 10/09/13 23:03, Matthew Mitchell wrote:
>> >> Maybe it would have been better without the aggressive words?
>> >
>> > I revisited the wordlist and replaced around 67 words that can be
>> > found offensive in some context.
>> >
>> > --
>> > Best Regards / S pozdravom,
>> >
>> > Pavol Rusnak <stick@gk2•sk>
>> >
>> >
>> > ------------------------------------------------------------------------------
>> > How ServiceNow helps IT people transform IT departments:
>> > 1. Consolidate legacy IT systems to a single system of record for IT
>> > 2. Standardize and globalize service processes across IT
>> > 3. Implement zero-touch automation to replace manual, redundant tasks
>> >
>> > http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
>> > _______________________________________________
>> > Bitcoin-development mailing list
>> > Bitcoin-development@lists•sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>>
>>
>> ------------------------------------------------------------------------------
>> How ServiceNow helps IT people transform IT departments:
>> 1. Consolidate legacy IT systems to a single system of record for IT
>> 2. Standardize and globalize service processes across IT
>> 3. Implement zero-touch automation to replace manual, redundant tasks
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists•sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
> from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys
2013-10-24 18:26 ` slush
2013-10-24 19:23 ` Pieter Wuille
@ 2013-10-24 19:32 ` Jorge Timón
2013-10-24 19:37 ` slush
1 sibling, 1 reply; 19+ messages in thread
From: Jorge Timón @ 2013-10-24 19:32 UTC (permalink / raw)
To: slush; +Cc: Bitcoin Dev
This will probably sound stupid to most of you, but I'll say it anyway.
The aim of mnemonics is to easily remember, isn't it?
But the approach of removing "offensive words" is probably
counterproductive to achieving that end. These words cause a greater
emotional impact in our human moral psyches.
If we were willing to use that fact in our advantage to optimize the
"maximum unforgettableness" criterion, we should actually prefer the
most generally offensive words in that list. Specially if they can
combine with each other to produce more offensive results, basically
the opposite of what we're doing.
Isn't "legalize murder dirty jew" much easier to remember for most
people than "sandwich house yellow cauliflower"?
I guess that even if I'm right, this will be hard to explain to users
and I'm not offering myself to do it. So I completely understand if
the people working on this BIP simply ignore this "unforgettable
wordlist" proposal like if it was just a bad taste joke.
Using the sub-optimal (in terms of human memory) politically correct
wordlist probably won't be that much worse.
On 10/24/13, slush <slush@centrum•cz> wrote:
> We've reflected many comments about BIP39 wordlist from the community and I
> think the wordlist is much better now. Specifically we removed many of
> theoretically offensive words as well as we implemented algorithm for
> detecting words with similar characters (cat/eat) and we resolved these
> duplicities. I'm now quite happy with the wordlist and I want to ask you
> for next (final?) round of comments.
>
> >From other features, we added password protection of seed and seed
> hardening (against bruteforcing) using Rijndael cipher. This has been
> chosen because its blocksize can be 128, 192 or 256 bits, so it fits length
> of desired seeds. Also there are Rijndael implementations in every
> language. Btw password protection has one interesting feature - plausible
> deniability. It allows user to have one mnemonic and by using it with
> different passwords, it will generate different BIP32 wallets.... (wink
> wink)
>
> I want to be pretty clear that we need to close this topic somehow, because
> we want to use such algorithm in Trezor (which deadline is coming quick)
> and also other wallet developers want to implement such algorithm into
> clients to be compatible with Trezor. There were quite strict requirements
> for such algorithm (like the possibility to convert mnemonic to seed as
> well as seed to mnemonic) and I think we found a good solution. I'm wildly
> asking you for constructive comments, but saying "it's a crap, I don't like
> it" won't help anything.
>
> Thanks,
> slush
>
>
> On Thu, Sep 12, 2013 at 6:02 PM, Matthew Mitchell <
> matthewmitchell@godofgod•co.uk> wrote:
>
>> I removed some more but I haven't added enough back in. It was taking far
>> longer than expected so I gave up, but maybe someone else can try to add
>> some more:
>>
>>
>> https://github.com/MatthewLM/python-mnemonic/blob/master/mnemonic/wordlist/english.txt
>>
>> On 12 Sep 2013, at 13:11, Pavol Rusnak <stick@gk2•sk> wrote:
>>
>> > On 10/09/13 23:03, Matthew Mitchell wrote:
>> >> Maybe it would have been better without the aggressive words?
>> >
>> > I revisited the wordlist and replaced around 67 words that can be
>> > found offensive in some context.
>> >
>> > --
>> > Best Regards / S pozdravom,
>> >
>> > Pavol Rusnak <stick@gk2•sk>
>> >
>> >
>> ------------------------------------------------------------------------------
>> > How ServiceNow helps IT people transform IT departments:
>> > 1. Consolidate legacy IT systems to a single system of record for IT
>> > 2. Standardize and globalize service processes across IT
>> > 3. Implement zero-touch automation to replace manual, redundant tasks
>> >
>> http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
>> > _______________________________________________
>> > Bitcoin-development mailing list
>> > Bitcoin-development@lists•sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>>
>>
>> ------------------------------------------------------------------------------
>> How ServiceNow helps IT people transform IT departments:
>> 1. Consolidate legacy IT systems to a single system of record for IT
>> 2. Standardize and globalize service processes across IT
>> 3. Implement zero-touch automation to replace manual, redundant tasks
>> http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists•sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>>
>
--
Jorge Timón
http://freico.in/
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys
2013-10-24 19:32 ` Jorge Timón
@ 2013-10-24 19:37 ` slush
0 siblings, 0 replies; 19+ messages in thread
From: slush @ 2013-10-24 19:37 UTC (permalink / raw)
To: Jorge Timón; +Cc: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 1328 bytes --]
On Thu, Oct 24, 2013 at 9:32 PM, Jorge Timón <jtimon@monetize•io> wrote:
> This will probably sound stupid to most of you, but I'll say it anyway.
>
> The aim of mnemonics is to easily remember, isn't it?
>
Well, I would say more "retype" than "remember". I really don't think that
common user will memorize it. But of course, it is still an option.
> But the approach of removing "offensive words" is probably
> counterproductive to achieving that end. These words cause a greater
> emotional impact in our human moral psyches.
>
No, I dont' think it is stupid! Actually it was my concern as well.
Unfortunately I don't think it is "politically correct" to include all
bitches, assholes and motherfuckers in end user product :-).
> If we were willing to use that fact in our advantage to optimize the
> "maximum unforgettableness" criterion, we should actually prefer the
> most generally offensive words in that list. Specially if they can
> combine with each other to produce more offensive results, basically
> the opposite of what we're doing.
> Isn't "legalize murder dirty jew" much easier to remember for most
> people than "sandwich house yellow cauliflower"?
>
>
Well, bip39 can have more dictionaries and *maybe* swearword dictionary
would gain some popularity ;).
slush
[-- Attachment #2: Type: text/html, Size: 2227 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys
2013-10-24 19:23 ` Pieter Wuille
@ 2013-10-24 19:46 ` slush
0 siblings, 0 replies; 19+ messages in thread
From: slush @ 2013-10-24 19:46 UTC (permalink / raw)
To: Pieter Wuille; +Cc: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 470 bytes --]
On Thu, Oct 24, 2013 at 9:23 PM, Pieter Wuille <pieter.wuille@gmail•com>wrote:
>
> This is a proposal I wrote a year ago, but never spent enough work to
> push it as a standard:
> https://bitcointalk.org/index.php?topic=102349.0
>
>
I think that PoW concept in your proposal is quite smart! However the
problem that it isn't bidirectional; it don't allow to convert back and
forth between mnemonic and seed, which was one of basic requirement for
such algorithm.
slush
[-- Attachment #2: Type: text/html, Size: 936 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
end of thread, other threads:[~2013-10-24 20:06 UTC | newest]
Thread overview: 19+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-09-10 16:44 [Bitcoin-development] BIP0039 Mnemonic code for generating deterministic keys slush
2013-09-10 17:36 ` Andreas M. Antonopoulos
2013-09-10 20:40 ` Matthew Mitchell
2013-09-10 20:50 ` slush
2013-09-10 21:03 ` Matthew Mitchell
2013-09-10 21:34 ` Pavol Rusnak
2013-09-10 22:08 ` Gregory Maxwell
2013-09-10 22:35 ` Mark Friedenbach
2013-09-10 22:43 ` Gregory Maxwell
2013-09-11 12:49 ` Andreas Petersson
2013-09-12 12:09 ` Pavol Rusnak
2013-09-10 22:47 ` slush
2013-09-12 12:11 ` Pavol Rusnak
2013-09-12 16:02 ` Matthew Mitchell
2013-10-24 18:26 ` slush
2013-10-24 19:23 ` Pieter Wuille
2013-10-24 19:46 ` slush
2013-10-24 19:32 ` Jorge Timón
2013-10-24 19:37 ` slush
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox