Le 24/01/2014 10:05, Peter Todd a écrit : > On Tue, Jan 21, 2014 at 01:00:43AM +0100, Thomas Voegtlin wrote: >> Hi slush, >> >> Thank you for your new proposal; it seems to be a compromise. >> >> @Christophe Biocca: >> If the wordlist becomes part of the standard, then we will run into >> problems of collisions once users ask for wordlists in every language. >> >> IMO the right approach is to implement checksums that do not depend >> on the wordlist (eg the 'brute force' method, Hash(mnemonic||1) mod >> 2^k == 0 ) >> this would also allow us to implement sipa's variable stretching proposal. >> >> I understand this is not possible because of the computational >> requirements of devices such as trezor. > Is it? Surely the trezor can bruteforce, say, 8 bits == 0. How many > SHA256/sec can the trezor hardware do? Generating your seed is a > one-time thing after all - that taking 10-30s doesn't seem like a big > deal to me. > > Even a 1/256th "checksum" will really cut down on the number of mistakes > made and money lost.
slush, correct me if I'm wrong, but I don't think that's the only reason: They want to generate a seed by combining entropy from the trezor device and from the user's computer; In addition, they want the computer to be able to check that the seed actually was derived from the entropy it provided, using only a master public key (the computer does not have access to the seed) This is why they designed bip39 that way. I think the new bip39 proposal could be used in Electrum as an option for trezor, but I am reluctant to make it default, because it imposes its own dictionary. ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
