On Thu, Oct 24, 2013 at 7:29 PM, wrote: > > My initial problem was that BIP0039 is not backward compatible with > Electrum. When trying to solve that, I realized that the seed encoding used > in Electrum does not help, because it does not contain a version number > information. However, BIP0039 suffers the same shortcoming: it does nothing > to help a future replacement, it wants to be final. My first recommendation > is to allocate a few bits of the mnemonic, in order to encode a "version > number" along with the checksum bits. > > On topic of "it wants to be final" and "it is incompatible with Electrum": None of this is true. Firstly, it *is* possible to implement both algorithm into the client at the same time, so user will be able to recover wallet using Electrum or bip39 mnemonic and - what is worse - you already *know* about this solution. Still you're spreading FUD about it on IRC, on emails behind my back and here on mailing list. The solution for Electrum client - as we discussed two weeks ago on IRC - is that: a) User type down the mnemonic (created with Electrum or BIP39) b1) Only if *all* words are presented in both dictionaries and it has valid BIP39 checksum (which is quite rare situation itself!), the mnemonic can be consider to be both Electrum or BIP39. b2) In most of cases we end up here, because the most common situation is that with given words, only Electrum *or* BIP39 seed can be recovered. ---- c) Consider the mnemonic as Electrum. Create first few addresses and do a lookup. If there are transactions in address history, this is Electrum mnemonic. d) If there were no used address in c), build seed using BIP39 and do the same lookup. If there's history, this is BIP39 mnemonic. e) If there are no history on both algorithm, then pick prefered one for given client (it should not hurt which one, because first use of given mnemonic will "freeze" given algorithm for next time of mnemonic recovery). Well, because only Electrum uses some mnemonic algorithm to this date, such decision tree need to be implemented only in Electrum. You cannot tell that "it is too complicated" or "ambiguous", because you're using the same algorithm of deciding between Electrum deterministic / BIP32. I must admit that I'm quite annoyed of such discussion, because we already discussed all this privately, you didn't tell me any reason why this should not work and still I see that this is coming back as a boomerang. slush