Aymeric Vitte [ARCHIVE] on Nostr: 📅 Original date posted:2019-01-03 📝 Original message:What I have in mind is in ...
📅 Original date posted:2019-01-03
📝 Original message:What I have in mind is in my latest reply (difficult to have some kind
of fluent discussions on this list given the moderation and delayed posts)
I would just add that the derivation method (indeed something like what
you are sketching below) should estimate that there is enough entropy
from the secret, if not just throw
Le 02/01/2019 à 19:06, James MacWhyte via bitcoin-dev a écrit :
> On Wed, Jan 2, 2019 at 3:40 AM Alan Evans via bitcoin-dev
> <bitcoin-dev at lists.linuxfoundation.org
> <mailto:bitcoin-dev at lists.linuxfoundation.org>> wrote:
>
>
> I think any method that doesn't use real entropy, but some fake
> source of randomness, such as a book is asking to be hacked and so
> is not a reasonable idea.
>
> If an algorithm for book text to BIP39 sentence ever became well
> used, common books will be systematically searched for accounts.
> People will also choose their favourite passages, so I would
> expect to see collisions.
>
>
> I tend to have this conversation a lot ;) I'm not sure what Aymeric
> has in mind, but my suggestions are for use by the small few who
> properly understand how these things work. I am not suggesting
> blockchain.info <http://blockchain.info>; require every user to choose
> a book passage to use as their backup phrase!
>
> There are so many small things that could be done to make a text input
> unique. Choose the X number of words from the start of the Nth
> sentence. Replace all punctuation with exclamation points. Combine two
> sentences from different pages. It would be nigh impossible to brute
> force any of these, and would require hints/instructions from the
> owner to recover.
>
> But I admit if this is not intended for standardization, discussing it
> on this mailing list is probably unwarranted.
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
--
Move your coins by yourself (browser version): https://peersm.com/wallet
Bitcoin transactions made simple: https://github.com/Ayms/bitcoin-transactions
Zcash wallets made simple: https://github.com/Ayms/zcash-wallets
Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets
Get the torrent dynamic blocklist: http://peersm.com/getblocklist
Check the 10 M passwords list: http://peersm.com/findmyass
Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20190104/d8b994a9/attachment.html>;
📝 Original message:What I have in mind is in my latest reply (difficult to have some kind
of fluent discussions on this list given the moderation and delayed posts)
I would just add that the derivation method (indeed something like what
you are sketching below) should estimate that there is enough entropy
from the secret, if not just throw
Le 02/01/2019 à 19:06, James MacWhyte via bitcoin-dev a écrit :
> On Wed, Jan 2, 2019 at 3:40 AM Alan Evans via bitcoin-dev
> <bitcoin-dev at lists.linuxfoundation.org
> <mailto:bitcoin-dev at lists.linuxfoundation.org>> wrote:
>
>
> I think any method that doesn't use real entropy, but some fake
> source of randomness, such as a book is asking to be hacked and so
> is not a reasonable idea.
>
> If an algorithm for book text to BIP39 sentence ever became well
> used, common books will be systematically searched for accounts.
> People will also choose their favourite passages, so I would
> expect to see collisions.
>
>
> I tend to have this conversation a lot ;) I'm not sure what Aymeric
> has in mind, but my suggestions are for use by the small few who
> properly understand how these things work. I am not suggesting
> blockchain.info <http://blockchain.info>; require every user to choose
> a book passage to use as their backup phrase!
>
> There are so many small things that could be done to make a text input
> unique. Choose the X number of words from the start of the Nth
> sentence. Replace all punctuation with exclamation points. Combine two
> sentences from different pages. It would be nigh impossible to brute
> force any of these, and would require hints/instructions from the
> owner to recover.
>
> But I admit if this is not intended for standardization, discussing it
> on this mailing list is probably unwarranted.
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
--
Move your coins by yourself (browser version): https://peersm.com/wallet
Bitcoin transactions made simple: https://github.com/Ayms/bitcoin-transactions
Zcash wallets made simple: https://github.com/Ayms/zcash-wallets
Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets
Get the torrent dynamic blocklist: http://peersm.com/getblocklist
Check the 10 M passwords list: http://peersm.com/findmyass
Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20190104/d8b994a9/attachment.html>;