Zach Lym via bitcoin-dev
2017-05-17 17:01:04 UTC
I am working on a replacement for BIP39 and noticed that the password
section mandates a Unicode normalization pass but does not prohibit
unassigned character points.
I believe that this is problematic as newer drafts of Unicode alter the
output of normalization passes. So if a user assigned a password using a
wallet that linked to Unicode 9 but input a code point reserved in Unicode
10, updating the wallet to Unicode 10 could incorrectly remap that code
point [0].
Thank you,
-Zach Lym
P.S. The relevant RFC on this subject specifies a different normalization
procedure [1]
[BIP39]: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki
[0]: http://unicode.org/reports/tr15/#Stabilized_Strings
[1]: https://tools.ietf.org/html/rfc7564
section mandates a Unicode normalization pass but does not prohibit
unassigned character points.
I believe that this is problematic as newer drafts of Unicode alter the
output of normalization passes. So if a user assigned a password using a
wallet that linked to Unicode 9 but input a code point reserved in Unicode
10, updating the wallet to Unicode 10 could incorrectly remap that code
point [0].
Thank you,
-Zach Lym
P.S. The relevant RFC on this subject specifies a different normalization
procedure [1]
[BIP39]: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki
[0]: http://unicode.org/reports/tr15/#Stabilized_Strings
[1]: https://tools.ietf.org/html/rfc7564