so itâs less obvious that itâs a bitcoin seed when found by a malicious
third party
1. The same words are used for wallets of all kinds of coins, so it's not
obvious it's for bitcoin.
2. Anyone recognising the word "satoshi" as related to cryptocurrency in
general, would also recognise any mnemonic.
3. You could elect to skip a mnemonic that includes the word if it was a
personal concern (but I would discourage selecting a mnemonic base on
personal preference, as could get dangerously close to being a brain wallet
in effect).
4. You could choose to record just the first 4 characters of each word,
"sato" is enough.
5. Where do we stop? the words "coin", "cash", "rich" are in there too.
6. About automated data-recovery, if you are storing mnemonics on HDDs or
other digial media, then you have larger security concerns than it just
being found during HDD recycling.
But most of all:
7. Removing a word or changing a list *is impossible* as verification of an
existing mnemonic requires the list. To change one word, you would need to
provide an alternative to BIP0039 to cope with alternative words, or change
all the words to a completely new set of 2048 English words so that it is
clear which wordlist is in use.
Regards,
Alan
On Thu, Jan 18, 2018 at 2:55 AM, Jonathan Sterling via bitcoin-dev <
All the more reason to only use the most common words that meet the other
criteria: https://github.com/bitcoin/bips/blob/master/bip-
0039.mediawiki#Wordlist
I agree - keeping "satoshi" in there is an unnecessary security risk.
Kind Regards,
Jonathan Sterling
On Thu, Jan 18, 2018 at 8:14 AM, CryptAxe via bitcoin-dev <
Post by CryptAxe via bitcoin-devWhy wouldn't they just test the frequency of words from the wordlist in
entirety?
On Jan 17, 2018 5:10 PM, "Weiwu Zhang via bitcoin-dev" <
Post by Weiwu Zhang via bitcoin-dev2018-01-09 19:20 GMT+08:00 Ronald van der Meer via bitcoin-dev
Post by Ronald van der Meer via bitcoin-devAfter reviewing some bitcoin improvement proposals, I noticed that one
of the words that can be found on the BIP39 English wordlist is âsatoshiâ.
Post by Ronald van der Meer via bitcoin-devI suggest removing this word from the list so itâs less obvious that
itâs a bitcoin seed when found by a malicious third party.
If a malicious third party discovers a word list that look like a
seed, they would try using it as Bitcoin seed first anyway, with or
without finding the word 'satoshi' in it. The security threat is that
a malicious third party may index what they found and test every
occurrence of 'satoshi' for a lead to a seed.
For example, a hard-disk recycling service would add this word to
their salvage tools. Any successfully hacked gmail account will be
'satoshi' tested too.
So I see this as a reasonable improvement:)
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
--
Kind Regards,
Jonathan Sterling
+44 (0)7415 512691 <+44%207415%20512691>
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev