What is Nostr?
Jean-Paul Kogelman [ARCHIVE] /
npub1sa8…y304
2023-06-07 15:15:15
in reply to nevent1q…x4cf

Jean-Paul Kogelman [ARCHIVE] on Nostr: 📅 Original date posted:2014-03-12 📝 Original message:On Mar 12, 2014, at 08:55 ...

📅 Original date posted:2014-03-12
📝 Original message:On Mar 12, 2014, at 08:55 AM, Pavol Rusnak <stick at gk2.sk> wrote:

On 03/12/2014 04:45 PM, Jean-Paul Kogelman wrote:
Yes I am. There are some differences between BIP 39 and my proposal though.
- BIP 39 offers an easy list of words, no gnarly string of case sensitive letters and numbers.

Which is better IMO. I can't imagine anyone writing down a long Base58
encoded string.
 
That depends on your use case. A list of words is totally fine for someone to write down, a long string of case sensitive letters is easier to put into a QR code.


- BIP 39 only offers one fixed length of entropy, always 12 words, no option to increase or decrease the length.

Not true, BIP39 supports 12/18/24 words (= 128/192/256 bits of entropy).
 
I stand corrected.


- BIP 39 doesn't have a genesis date field, so no optimization during blockchain rescan.

This is nice addition, indeed. But we needed to limit the data as
possible in order not to increase the number of words needed to be noted
down.
 
My proposal didn't have this either initially, but it was deemed an essential feature for SPV clients.


- BIP 39 doesn't have password typo detection. No easy way to recover a password if you know most of it.

It has a detection. Not correction though.
 
If I understand the code correctly (and please correct me if I'm wrong), the validation only happens on the mnemonic list, not on the password:

"Described method also provides plausible deniability, because every passphrase generates a valid seed (and thus deterministic wallet) but only the correct one will make the desired wallet available"

So upon entering a password with a typo, the user will not be notified of an error, but be presented with a wallet balance of 0, after the blockchain has been scanned. I'm sorry, but that's not the kind of experience I would want to present to my users.


- BIP 39 does not have a user selectable KDF, only 2048 round PBKDF2-HMAC-SHA512.
- BIP 39 can't outsource the KDF computation to a 3rd party.

True, but having one or two solid options are better than having
gazillions of possible options.
 
5 defined KDFs out of a possible 32 is hardly "gazillions".

- BIP 39 wallet implementors can use their own word lists, breaking cross wallet compatibility.

True, but they are encouraged to use the list provided. Possibility to
outsource KDF outside of your "standard" breaks much more compatibility
than this.
 
Would you care to elaborate how optional outsourcing of the KDF breaks compatibility?

jp

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140312/c685124f/attachment.html>;
Author Public Key
npub1sa86gng3pvs3jgyt5majwcrhn8ck5qxgy9pjqxkh79u638cd7dys28y304