Author: Adam Back 2014-01-20 23:14:41
Published on: 2014-01-20T23:14:41+00:00
The BIP39 proposal has been reconsidered and improved to meet all requirements for a standard, as per the feedback received from the community. The updated proposal does not require any specific wordlist, allowing every client to use its preferred list of words. The generated mnemonic can then be applied to any other BIP39-compatible client. However, this proposal raises concerns about users losing money because of the inability to verify the mnemonic passes its checksum. The mnemonic is encoded using a hash as a private key or derived part of one, which is an alternate alphabet encoding of the random private key. The issue with the checksum seems tricky to solve, except brute force methods. One proposed solution is H(mnemonic||1) mod 2^k == 0, where k is the amount of check digit redundancy. But it might be expensive for a trezor if k is significant. And then the key would be H(mnemonic). Peter Todd raised concerns over the security of the proposal and refused to approve it as a standard because it could lead to users losing money. He asked whether any wallets had implemented BIP39 in this way already in released code. Finally, CenturyLink Cloud was promoted in the email.
Updated on: 2023-06-08T00:32:27.853822+00:00