What is Nostr?
Aymeric Vitte [ARCHIVE] /
npub15fc…5grz
2023-06-07 18:09:21
in reply to nevent1q…pds3

Aymeric Vitte [ARCHIVE] on Nostr: 📅 Original date posted:2018-01-06 📝 Original message:Calm down now and stop ...

📅 Original date posted:2018-01-06
📝 Original message:Calm down now and stop your "do you want a" or "link" stupid comments,
whether you are really willing to propose some improvements, whether you
are just posting for nothing

BIP39:

"The length of the derived key is 512 bits (= 64 bytes).

This seed can be later used to generate deterministic wallets using
BIP-0032 or similar methods."

So the derived key is the seed? (derived key... this seed, really?
"similar methods",funny) That's not clear, then why everybody is using
xpriv which corresponds to the first step of the derivation (ie the
derived key)? And why BIP39 does not follow BIP32 recommendation (32B seed)?

Anyway, I don't really care about this stuff in fact, the only
interesting thing in this discussion beside arguing around unclear specs
misleading many people would be if you can convince that BIP39 & co are
really usefull for people (and easier than writing a seed): what
feedback do you have, don't you see how it's a pain in the xss for
everybody?

And if the answer is positive how can you can make it easier for people
(I am amazed too that people know about BIPXYZ, they should not),
probably this discussion will bore people and get moderated, but as
mentioned below, even maybe off topic, the subject is wider

Le 06/01/2018 à 19:28, Alan Evans a écrit :
> > Unfortunately, even "yourself" seems not to know what he is talking
> about (so imagine for other people, 256 bits is advised --> 32B),
> probably that's why you brought this discussion off the list, then
> making recommendations to improve something that is misleading and
> messy is quite dubious
>
> And yet you still fail to read the BIP, do you want a
> link? https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki I
> repeat it says:
>
> between 128 and 512 bits
>
> So, that's between 16 and 64 bytes, the advisory of 256 is clearly a
> minimum.
>
> > That's another thing I completely dislike with BIP39, it ends up
> with xpriv, not the 32B seed
>
> Please also read
> BIP0039 https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki,
> it generates *a BIP32 seed only*, no xpriv, that's completely false,
> then you use BIP0032 as normal with the seed. Because BIP0039 produces
> a seed, your whole argument goes out of the window, you can write the
> seed if that's what you want to do, and throw away the mnemonic.
>
>
>
> On Sat, Jan 6, 2018 at 1:40 PM, Aymeric Vitte <vitteaymeric at gmail.com
> <mailto:vitteaymeric at gmail.com>> wrote:
>
> Unfortunately, even "yourself" seems not to know what he is
> talking about (so imagine for other people, 256 bits is advised
> --> 32B), probably that's why you brought this discussion off the
> list, then making recommendations to improve something that is
> misleading and messy is quite dubious
>
> And maybe you should take a look at what people you are talking to
> are doing before arguing stuff that you apparently don't know very
> well (ie "the length of the *derived *key", not the seed), cf
> https://github.com/Ayms/bitcoin-wallets
> <https://github.com/Ayms/bitcoin-wallets>; and even
> https://github.com/Ayms/zcash-wallets (not official but
> https://github.com/zcash/zips/issues/95)
> <https://github.com/Ayms/zcash-wallets>;
>
> But as you can notice there is a missing feature, ie to derive the
> wallets from xpriv, there is a comment in the repo why I don't
> like some things "Surprisingly from ~32 bytes keys BIP32 ends up
> with a 78 bytes format to describe them with all the necessary
> information like indexes, parent to possibly allow to revert the tree"
>
> That's another thing I completely dislike with BIP39, it ends up
> with xpriv, not the 32B seed, there are many, many, many posts in
> forums of people fighting to figure out their private keys derived
> from bip39/44/etc
>
> "No offence too" but please keep your advises for yourself, I
> indeed don't read closely inept BIPs, and never said I did not
> like BIP32, that's the contrary, I really like it
>
> Before firing plenty of BIPs that do not fit together people maybe
> should take a break and see what people are doing today (this is
> quite amazing) and why they got stolen
>
> And you seem to know very little about security, if you suspect
> you home printer, then suspect you OS, your hw, etc, (you really
> envision to generate a seed from a mobile device ???) writing 64
> characters is not very difficult for a human being, even easier
> than writing x words of y length
>
> See this too
> https://bitcointalk.org/index.php?topic=2550529.msg26133887#msg26133887
> <https://bitcointalk.org/index.php?topic=2550529.msg26133887#msg26133887>;,
> the tutorial was corrected, but basic things are still missing, an
> offline version is when you disconnect from the internet, not when
> you use the "offline version"  (assuming that the browser storage
> or other stuff are not used...)
>
> Re-ccing the list because again at a certain point of time the
> theory should look at the reality and adapt accordingly, part of
> the example I gave is off topic for this thread but globally
> (which could become another thread) the message is: the bitcoin
> community should stop making things complicate for people,
> releasing BIPs of no use just ends up with complicating things
> more than it helps, people deserve to understand what they are
> doing, manage their keys by their own and stop syncing useless
> full nodes for every coin to sync their wallets, that's why I made
> the tool, the first people that used it made some outstanding
> mistakes that I did not envision now it's not possible any longer,
> except if they give wrong destination addresses and nobody can't
> do anything about this (btw the primary intent of the tool was for
> myself and you are right for once, I did not know that people
> could do so big mistakes, that's not their fault, I see it now, my
> mistake for underestimating this)
>
>
> Le 06/01/2018 à 16:00, Alan Evans a écrit :
>> You're mistaken. BIP32 does not require a particular length. It
>> recommends:
>>
>> * Generate a seed byte sequence S of a chosen length (between
>> 128 and 512 bits; 256 bits is advised) from a (P)RNG
>>
>> But BIP39 produces a 64 byte seed:
>>
>> The length of the derived key is 512 bits (= 64 bytes).
>>
>> If you don't believe me, why don't you just try it? That seed
>> will derive the same keys as that mnemonic, it's a real example.
>>
>> ---------
>>
>> About printing, there is a huge security risk involved in
>> printing anything. Networks, printers may have memory. People
>> will print to PDF when they don't have a printer on hand. Mobile
>> users often can't print.
>>
>> I wrote mine down, by hand, generated from an offline computer
>> booted with a readonly OS. 
>>
>> Feel free to produce a recommendation to replace BIP39/32/44 if
>> you like, but it's not broken just because someone had trouble
>> using your tool/following your instructions. And no offence but
>> I'd be wary using a tool from someone who doesn't read the BIPs
>> closely yet is so confident about how other people are wrong.
>>
>>
>> On Sat, Jan 6, 2018 at 6:57 AM, Aymeric Vitte
>> <vitteaymeric at gmail.com <mailto:vitteaymeric at gmail.com>> wrote:
>>
>> And Alan, btw, a BIP32 seed is 32 bytes, then 64 characters,
>> not 64
>> bytes as your wrote below, which probably corresponds to
>> xprv, which is
>> another misleading element of BIP39
>>
>>
>> Le 06/01/2018 à 02:56, Aymeric Vitte a écrit :
>> > The fact is indeed that "we should really find a way to
>> overhaul this
>> > whole BIP 39 / 43/ 44 etc ad hoc mess"
>> >
>> > Because the git example I provided is about someone that
>> knows (to a
>> > certain extent) what he is doing, then made a mistake for the
>> > destination address, which is not related to this discussion
>> >
>> > This just shows how complicate it can become even for
>> people knowing
>> > this to retrieve their wallet and how wallets made it "the
>> easy way" (ie
>> > bip39, 44, multisig...)
>> >
>> > If people prefer to store mnemonics, why not, but "writing
>> down" in both
>> > messages above is not accurate, you would better print it
>> and cut it in
>> > n pieces if you like, then the point of using mnemonics
>> that you can't
>> > remember more than an hex string still remains useless from
>> my standpoint
>> >
>> > Beside the theory we should look now if BIP39 & all brought
>> more good
>> > than the contrary in practice, I think that the later wins
>> >
>> >
>> > Le 05/01/2018 à 21:38, Sjors Provoost a écrit :
>> >> Hi Alan,
>> >>
>> >> The Github issue is arguably unrelated, which is why I put
>> it at the end and said “some related”.
>> >>
>> >> However it does all tie together; we should really find a
>> way to overhaul this whole BIP 39 / 43/ 44 etc ad hoc mess,
>> ideally in a way that even Bitcoin Core would be willing to
>> use it. When you change the word list, it’s best to change
>> everything else at the same time. Otherwise you’d have too
>> many different standards, which is a pain for wallets to
>> implement.
>> >>
>> >> I share your view than a mnemonic is better than a bunch
>> of hex numbers. It’s easier to memorize and easier to write
>> down. Some people don’t like it when users write down
>> phrases, but they’re much, much more likely to lose their
>> coins than some burglar to find the piece of paper. My issue
>> is only with the way derivation currently works.
>> >>
>> >> Sjors
>> >>
>> >>> Op 5 jan. 2018, om 21:05 heeft Alan Evans
>> <thealanevans at gmail.com <mailto:thealanevans at gmail.com>> het
>> volgende geschreven:
>> >>>
>> >>> Taking it off the board. I can't read all of that issue.
>> BIP0039 mnemonic generates a seed. Everything past there to
>> do with addresses (BIP32/44/49/141 whatever) is the same as
>> if you started with the seed. So you can't blaim BIP0039 for
>> that person's misunderstanding, and the way different wallets
>> use different derivation paths.
>> >>>
>> >>> If someone has a BIP0039 mnemonic and would rather back
>> up the seed, they can go ahead. But one tiny mistake in
>> writing it down and you may have a hell of a time finding out
>> what's wrong as every seed is valid. A mistake in writing
>> down words is far harder to make. You can also memorize a
>> mnemonic (hence the name), the average person cannot memorize
>> a seed.
>> >>>
>> >>> fork canal mad beyond spike pool expire fuel region
>> impose ceiling video
>> >>>
>> >>> vs:
>> >>>
>> >>>
>> f54b80812b3a6f1834095370df82a2123aece2d6089da67d7871477c004684fbc399a6155e53de0b783a9be6388354846e51f59e4869984f0c554e6469788c64
>> >>>
>> >>> But they lead to the same addresses.
>> >>>
>> >>> Need I say more?
>> >>>
>> >>>
>> >>> On Fri, Jan 5, 2018 at 3:56 PM, Aymeric Vitte
>> <vitteaymeric at gmail.com <mailto:vitteaymeric at gmail.com>> wrote:
>> >>> No that's not, some parts of the answer might be but this
>> related, this just shows how people use wrongly BIP39 and
>> subsequent BIPs (and globally other things), misleading them,
>> while the advantage of using it is quite dubious compared to
>> backing up a seed, unless you can convince me of the contrary
>> >>>
>> >>> Le 05/01/2018 à 19:16, Alan Evans a écrit :
>> >>>> Sjors, well in Electrum, validation is optional, but
>> English only. As for the Ledger-S, that sounds like a Ledger
>> problem.
>> >>>>
>> >>>> Aymeric, that is way off topic, did you reply to wrong
>> email?
>> >>>>
>> >>>> On Fri, Jan 5, 2018 at 2:08 PM, Aymeric Vitte
>> <vitteaymeric at gmail.com <mailto:vitteaymeric at gmail.com>> wrote:
>> >>>> See:
>> https://github.com/Ayms/bitcoin-transactions/issues/3
>> <https://github.com/Ayms/bitcoin-transactions/issues/3>;
>> >>>>
>> >>>> OK, maybe it's my fault, I did not foresee this case,
>> and now it's working for p2sh (non segwit)
>> >>>> From my standpoint this just means that BIP39/44 stuff
>> should be eradicated (not BIP141 but see what happened...),
>> this is of no use, confusing people, doing dangerous things
>> to recover
>> >>>> Really is it easier to save x words instead of a seed?
>> Knowing that people are creating several wallets not
>> understanding that this is not the purpose of BIP32?
>> >>>>
>> >>>> Multisig wallets (like Electrum) have created a big mess
>> too, on purpose or no, I don't know, but multisig is for
>> different parties involved, not just one
>> >>>>
>> >>>> Le 05/01/2018 à 18:13, Sjors Provoost via bitcoin-dev a
>> écrit :
>> >>>>> I don’t know about Electrum but many wallets validate
>> the English words, which helps in catching typos.
>> >>>>>
>> >>>>> Hardware wallets without a full keyboard, like the
>> Ledger Nano S, won’t even let you freely type characters; you
>> have to select words from a list.
>> >>>>>
>> >>>>> So although the standard technically allows what you
>> say, if you use anything other than 12, 16 or 24 English
>> words, you’ll have fewer wallets to choose from.
>> >>>>>
>> >>>>> I think it’s better to come up with a new standard than
>> trying to patch BIP-39 at this point, which is why I brought
>> it up.
>> >>>>>
>> >>>>> Sjors
>> >>>>>
>> >>>>>
>> >>>>>> Op 5 jan. 2018, om 17:27 heeft Alan Evans
>> <thealanevans at gmail.com <mailto:thealanevans at gmail.com>>
>> >>>>>>  het volgende geschreven:
>> >>>>>>
>> >>>>>> "Very few wallets support anything other than English"
>> >>>>>>
>> >>>>>> By support do you mean allow recovery, validation or
>> generation or all three? For if you can freely type a phrase
>> in (such as Electrum), or even word by word, then the
>> likely-hood is it is supported if they remembered to normalize.
>> >>>>>>
>> >>>>>> Seed generation in BIP0039 requires no dictionary
>> what-so-ever! So there is no word list to lose in the first
>> place. Your funds are accessible with just the characters and
>> the algorithm as described in BIP0039.
>> >>>>>>
>> >>>>>> But your proposal is a million miles away from simply
>> adding some standard in-language names to some word lists
>> feels like it's derailing the OP's simple proposal. Maybe
>> start own email chain about it.
>> >>>>>>
>> >>>>>> Alan
>> >>>>>>
>> >>>>>> On Fri, Jan 5, 2018 at 12:04 PM, Sjors Provoost via
>> bitcoin-dev
>> >>>>>> <bitcoin-dev at lists.linuxfoundation.org
>> <mailto:bitcoin-dev at lists.linuxfoundation.org>>
>> >>>>>>  wrote:
>> >>>>>> I’m not a fan of language specific word lists within
>> the current BIP-39 standard. Very few wallets support
>> anything other than English, which can lead to vendor lock-in
>> and long term loss of funds if a rare non-English wallet
>> disappears.
>> >>>>>>
>> >>>>>> However, because people can memorize things better in
>> their native tongue, supporting multiple languages seems
>> quite useful.
>> >>>>>>
>> >>>>>> I would prefer a new standard where words are mapped
>> to integers rather than to a literal string. For each
>> language a mapping from words to integers would be published.
>> In addition to that, there would be a mapping from original
>> language words to matching (in terms of integer value, not
>> meaning) English words that people can print on an A4 paper.
>> This would allow them to enter a mnemonic into e.g. a
>> hardware wallet that only support English. Such lists are
>> more likely to be around 100 years from now than some ancient
>> piece of software.
>> >>>>>>
>> >>>>>> This would not work with the current BIP-39 (duress)
>> password, but this feature could be replaced by appending
>> words (with or without a checksum for that addition).
>> >>>>>>
>> >>>>>> A replacement for BIP-39 would be a good opportunity
>> to produce a better English dictionary as Nic Johnson
>> suggested a while ago:
>> >>>>>>         • all words are 4-8 characters
>> >>>>>>         • all 4-character prefixes are unique (very
>> useful for hardware wallets)
>> >>>>>>         • no two words have edit distance < 2
>> >>>>>>
>> >>>>>> Wallets need to be able to distinguish between the old
>> and new standard, so un-upgraded BIP 39 wallets should
>> consider all new mnemonics invalid. At the same time, some
>> new wallets may not wish to support BIP39. They shouldn't be
>> burdened with storing the old word list.
>> >>>>>>
>> >>>>>> A solution is to sort the new word list such that
>> reused words appear first. When generating a mnemonic, at
>> least one word unique to the new list must be present. A
>> wallet only needs to know the index of the last BIP39
>> overlapping word. They reject a proposed mnemonic if none of
>> the elements use a word with a higher index.
>> >>>>>>
>> >>>>>> For my above point and some related ideas, see:
>> >>>>>> https://github.com/satoshilabs/slips/issues/103
>> <https://github.com/satoshilabs/slips/issues/103>;
>> >>>>>>
>> >>>>>>
>> >>>>>> Sjors
>> >>>>>>
>> >>>>>>
>> >>>>>>> Op 5 jan. 2018, om 14:58 heeft nullius via
>> bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org
>> <mailto:bitcoin-dev at lists.linuxfoundation.org>>
>> >>>>>>>  het volgende geschreven:
>> >>>>>>>
>> >>>>>>> I propose and request as an enhancement that the BIP
>> 39 wordlist set should specify canonical native language
>> strings to identify each wordlist, as well as short ASCII
>> language codes.  At present, the languages are identified
>> only by their names in English.
>> >>>>>>>
>> >>>>>>> Strings properly vetted and recommended by native
>> speakers should facilitate language identification in user
>> interface options or menus.  Specification of language
>> identifier strings would also promote interface consistency
>> between implementations; this may be important if a user
>> creates a mnemonic in Implementation A, then restores a
>> wallet using that mnemonic in Implementation B.
>> >>>>>>>
>> >>>>>>> As an independent implementer who does not know *all*
>> these different languages, I monkey-pasted language-native
>> strings from a popular wiki site.  I cannot guarantee that
>> they be all accurate, sensible, or even non-embarrassing.
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>
>> https://github.com/nym-zone/easyseed/blob/1a6e48bbdac9366d9d5d1912dc062dfc3f0db2c6/easyseed.c#L99
>> <https://github.com/nym-zone/easyseed/blob/1a6e48bbdac9366d9d5d1912dc062dfc3f0db2c6/easyseed.c#L99>;
>> >>>>>>>
>> >>>>>>> ```
>> >>>>>>>       LANG(english,                   u8"English",   
>> "en",   ascii_space ),
>> >>>>>>>       LANG(chinese_simplified,        u8"汉语",
>> "zh-CN",ascii_space ),
>> >>>>>>>       LANG(chinese_traditional,       u8"漢語",
>> "zh-TW",ascii_space ),
>> >>>>>>>       LANG(french,                    u8"Français", 
>>  "fr",   ascii_space ),
>> >>>>>>>       LANG(italian,                   u8"Italiano", 
>>  "it",   ascii_space ),
>> >>>>>>>       LANG(japanese,                  u8"日本語",       
>> "ja",   u8"\u3000"  ),
>> >>>>>>>       LANG(korean,                    u8"한국어",       
>> "ko",   ascii_space ),
>> >>>>>>>       LANG(spanish,                   u8"Español",   
>> "es",   ascii_space )
>> >>>>>>> ```
>> >>>>>>>
>> >>>>>>> Per the comment at #L85 of the quoted file, I also
>> know that for my short identifiers for Chinese, “zh-CN” and
>> “zh-TW”, are imprecise at best—insofar as Hong Kong uses
>> Traditional; and overseas Chinese may use either.  For
>> differentiating the two Chinese writing variants, are there
>> any appropriate standardized or customary short ASCII
>> language IDs similar to ISO 3166-1 alpha-2 which are purely
>> linguistic, and not fit to present-day political boundaries?
>> >>>>>>>
>> >>>>>>> My general suggestion is that the specification of
>> appropriate strings in
>> >>>>>>> bitcoin:bips/bip-0039/bip-0039-wordlists.md
>> <http://bip-0039-wordlists.md>;
>> >>>>>>>  be made part of the process for accepting new
>> wordlists.  My specific request is that such strings be
>> ascertained for the wordlists already existing, preferably
>> from the persons involved in the original pull requests therefor.
>> >>>>>>>
>> >>>>>>> Should this proposal be “concept ACKed” by
>> appropriate parties, then I may open a pull request
>> suggesting an appropriate format for specifying this
>> information in the repository.  However, I will must needs
>> leave the vetting of appropriate strings to native speakers
>> or experts in the respective languages.
>> >>>>>>>
>> >>>>>>> Prior references:  The wordlist additions at PRs #92,
>> #130 (Japanese); #100 (Spanish); #114 (Chinese, both
>> variants); #152 (French); #306 (Italian); #570 (Korean); #621
>> (Indonesian, *proposed*, open).
>> >>>>>>> ______________________________
>>
>

--
Bitcoin transactions made simple: https://github.com/Ayms/bitcoin-transactions
Zcash wallets made simple: https://github.com/Ayms/zcash-wallets
Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets
Get the torrent dynamic blocklist: http://peersm.com/getblocklist
Check the 10 M passwords list: http://peersm.com/findmyass
Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180106/54801027/attachment-0001.html>;
Author Public Key
npub15fc36esk6dy2x4ptk2ner209rl9u0d736gr99edtu9knu9uny80s4g5grz