use sha3-256. sha256 suffers from certain attacks (length extension,
for example) that could make your scheme vulnerable to leaking info,
depending on how you concatenate things, etc. better to choose
something where padding doesn't matter.
On Fri, Mar 19, 2021 at 7:28 PM vjudeu via bitcoin-dev
I recently found some interesting and simple HD wallet design here:
https://bitcointalk.org/index.php?topic=5321992.0
Could anyone see any flaws in such design or is it safe enough to implement it
and use in practice?
If I understand it correctly, it is just pure ECDSA and SHA-256, nothing else:
BEGIN:VCALENDAR
PRODID:-//Google Inc//Google Calendar 70.9054//EN
VERSION:2.0
CALSCALE:GREGORIAN
METHOD:PUBLISH
X-WR-CALNAME:Bitcoin
X-WR-TIMEZONE:America/Los_Angeles
BEGIN:VTIMEZONE
TZID:America/Los_Angeles
X-LIC-LOCATION:America/Los_Angeles
BEGIN:DAYLIGHT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
> back in the day we also had people that thought 10 min avg block time is too
> much.
Not sure what some people thought about block time interval has to do with me.
Also these are the things written by Greg Maxwell and Chris Belcher about it
that I agree with and been sharing from sometime
On Wed, Mar 17, 2021 at 09:21:39AM +0100, Prayank wrote:
> >??the last thing we need is
> a rushed upgrade
>
> Why do you think this is rushed? Speedy Trial will have few months and if
> UASF is required it won't involve activation immediately after ST fails.
> Taproot by 2022 doesn't look
Hi Craig,
For multisignature wallets, you need to back up the descriptor anyway,
especially for secure multisignature schemes
(https://github.com/nunchuk-io/bips/pull/1).
To restore, the user needs M private key data, and all public keys. The
descriptor provides the required public key data,
Hi Robert,
I believe many of the same concerns apply in multisig. If one has the
threshold and all the cosigner seeds, the funds in a multisig wallet can
very likely be discovered by checking one of a handful of standard
derivation paths/script types. Is the motivation of this BIP proposal
strong
(IMO), where this proposal really excels, is mutlisig. And if you check my
commits, it actually originally was for multisig only, and I extended it for
multisig and single sig wallets.
ghost43 and Jochen Hoenicke brought up important issues with this proposed BIP
re: single sig wallets, so I
