๐
Original date posted:2013-10-31
๐ Original message:Indeed, I want to include a version number in the seed phrase because
there are
multiple ways to define the tree structure used with BIP32. It is
certainly too early
to make final decisions on that, or to achieve a common standard.
Also, I can imagine that bip32 itself might be superseeded in the future.
I understand that encapsulating a version number in the seed phrase might
not be as important for other wallets as it is for Electrum. So it is
probably not
necessary to propose another BIP for that. I will simply implement it
for Electrum,
and I will try to do it in such a way that other wallets can use the
same format.
The other question we might be solving is strenghtening (your proposal).
I consider
that this is not a strong requirement for Electrum, because it does not
let the user
choose their seed phrase. However, if a few bits of the seed phrase are
allocated
for metadata, then I guess strenghtening can be part of it. That's
another good
reason to have a version number encapsulated in the seed.
I too wonder why the transformation needs to be bidirectional in bip39.
Le 26/10/2013 23:30, Pieter Wuille a รฉcrit :
> Let's first try to agree on what we are solving.
>
> It seems that Thomas wants - in addition to the cryptographic data -
> to encode the tree structure, or at least version information about
> what features are used in it, inside the seed.
>
> I'm not sure whether we're ready to standardize on something like that
> yet, not having established best practices regarding different wallet
> structures. I do think we first need to see what possibilities and
> developments are possible related to it.
>
> In addition, information about the wallet structure is strictly less
> secret than the key data - it is even less confidential than address
> book data, transaction annotations, labels and comments and
> bookkeeping information. It could be backed up anywhere and everywhere
> without any repercussions, as far as I can see. I understand that in
> the case of Electrum, there is a strong reason to want this
> encapsulated together with the seed, but it's not really a requirement
> for most wallets.
> (if really needed, any key derivation scheme that starts from random
> strings can be augmented with metadata by enforcing property-bits on a
> hash of the string (so not of the output), as this data doesn't need
> protection from brute-forcing).
>
> Regarding other requirements, I wonder why we want the transformation
> to be bidirectional? If it is just about generating master seeds, one
> direction should be enough, and allows far nicer properties w.r.t.
> security. If we do settle on a standard for 'brainwallets', I would
> strongly prefer if it had at least some strengthening built-in, to
> decrease the impact of worst-case situations.
> If the reason is backward-compatibility, I think that any client that
> supports seeds already can just keep supporting whatever they
> supported before. Only if it matches both encoding schemes (as
> mentioned before) there is a potential collision (and in that case,
> the user could just be asked).
>
Thomas Voegtlin [ARCHIVE] /
npub10fโฆ7ej47
2023-06-07 15:08:01
in reply to nevent1qโฆdrhj
Author Public Key
npub10f96gqrsu4qpygfgvuvzce47aavjvql703egfde0l2hua8dzpszs67ej47Published at
2023-06-07 15:08:01Event JSON
{
"id": "b0bd729a7d4081fa9e8f2155602a726c2e8d81370189652bb8af1dd630473d4e",
"pubkey": "7a4ba40070e54012212867182c66beef592603fe7c7284b72ffaafce9da20c05",
"created_at": 1686150481,
"kind": 1,
"tags": [
[
"e",
"7e718d510a3d5e22e518f7bf94409c5e05c663f2a1066298ced00d73c104e803",
"",
"root"
],
[
"e",
"9fc3894435ada2292116d1b2c6a1b311eac99ebcbe1f5b4253c15b43b69695bc",
"",
"reply"
],
[
"p",
"5cb21bf5d7f25a9d46879713cbd32433bbc10e40ef813a3c28fe7355f49854d6"
]
],
"content": "๐
Original date posted:2013-10-31\n๐ Original message:Indeed, I want to include a version number in the seed phrase because \nthere are\nmultiple ways to define the tree structure used with BIP32. It is \ncertainly too early\nto make final decisions on that, or to achieve a common standard.\nAlso, I can imagine that bip32 itself might be superseeded in the future.\n\nI understand that encapsulating a version number in the seed phrase might\nnot be as important for other wallets as it is for Electrum. So it is \nprobably not\nnecessary to propose another BIP for that. I will simply implement it \nfor Electrum,\nand I will try to do it in such a way that other wallets can use the \nsame format.\n\nThe other question we might be solving is strenghtening (your proposal). \nI consider\nthat this is not a strong requirement for Electrum, because it does not \nlet the user\nchoose their seed phrase. However, if a few bits of the seed phrase are \nallocated\nfor metadata, then I guess strenghtening can be part of it. That's \nanother good\nreason to have a version number encapsulated in the seed.\n\nI too wonder why the transformation needs to be bidirectional in bip39.\n\n\n\n\nLe 26/10/2013 23:30, Pieter Wuille a รฉcrit :\n\u003e Let's first try to agree on what we are solving.\n\u003e\n\u003e It seems that Thomas wants - in addition to the cryptographic data -\n\u003e to encode the tree structure, or at least version information about\n\u003e what features are used in it, inside the seed.\n\u003e\n\u003e I'm not sure whether we're ready to standardize on something like that\n\u003e yet, not having established best practices regarding different wallet\n\u003e structures. I do think we first need to see what possibilities and\n\u003e developments are possible related to it.\n\u003e\n\u003e In addition, information about the wallet structure is strictly less\n\u003e secret than the key data - it is even less confidential than address\n\u003e book data, transaction annotations, labels and comments and\n\u003e bookkeeping information. It could be backed up anywhere and everywhere\n\u003e without any repercussions, as far as I can see. I understand that in\n\u003e the case of Electrum, there is a strong reason to want this\n\u003e encapsulated together with the seed, but it's not really a requirement\n\u003e for most wallets.\n\u003e (if really needed, any key derivation scheme that starts from random\n\u003e strings can be augmented with metadata by enforcing property-bits on a\n\u003e hash of the string (so not of the output), as this data doesn't need\n\u003e protection from brute-forcing).\n\u003e\n\u003e Regarding other requirements, I wonder why we want the transformation\n\u003e to be bidirectional? If it is just about generating master seeds, one\n\u003e direction should be enough, and allows far nicer properties w.r.t.\n\u003e security. If we do settle on a standard for 'brainwallets', I would\n\u003e strongly prefer if it had at least some strengthening built-in, to\n\u003e decrease the impact of worst-case situations.\n\u003e If the reason is backward-compatibility, I think that any client that\n\u003e supports seeds already can just keep supporting whatever they\n\u003e supported before. Only if it matches both encoding schemes (as\n\u003e mentioned before) there is a potential collision (and in that case,\n\u003e the user could just be asked).\n\u003e",
"sig": "827b9c695c8f5cbb0ed475ba1dce727d63d18f007e5f5b1dd7d48831b3a58ae444b27b34b0183f55b8044e749242e5c0371bab18e5e59625454df9b8f09f0622"
}