Published on: 2015-03-18T02:06:09+00:00
In an email conversation from March 2015, Andreas Schildbach discussed issues with using BIP70 for mobile wallets. Another participant suggested un-multisigging coins for daily use. The discussion also touched on multisig adoption, which was predicted to increase exponentially. In another email thread, concerns were raised about importing wallets from different providers. A solution was proposed to have the importing wallet specify which sections it supports. The thread also discussed the need for a standard synchronization or transition protocol for wallets. Gregory Maxwell suggested using an explicit unstructured mass private key export and a sweep function for emergency transitions. He expressed concerns about the availability of sweep functions that create enough keys for sweeping purposes. Bryan added that privacy can be compromised when broadcasting multiple transactions during a sweep.A suggestion was made to create a common file format for wallets to interpret. However, it was met with skepticism due to the differences in wallet designs. Instead, it was proposed that bitcoinj-based wallets could share the bitcoinj protobuf wallet format. The ultimate goal is to have a 12-word seed serve as an encryption key for a wallet backup, but this transition will take time.Mike Hearn discussed the need for a common file format that all wallets can use. He suggested creating something extensible that can describe how to derive addresses used by the user. The format should also allow for different types of wallets, such as multisignature wallets. Additionally, there should be labels for transactions and P2SH script templates for address recovery.Jim and his team considered several factors when selecting which HD wallet structures to support. They found BIP39, BIP32, and BIP44 to be good standards for maximum compatibility with other wallets. They opted for a timestamp as optional external metadata to reduce user error when entering a timestamp. Restoring a wallet requires the user to select where the "wallet words" came from.The discussion around BIP39 clarified that changing the word list does not affect previously generated mnemonics. However, a static word list is necessary for real-world usage. Electrum v2 seed phrases include an explicit version number, unlike BIP39. The new seed derivation method in Electrum allows for wordlists to be added and modified without breaking existing seed phrases.The usage of BIP39 seed phrases was discussed, noting that changing the wordlist will invalidate existing mnemonics. However, changing the wordlist only affects new mnemonics, not previously generated ones. The wordlist is only used to generate a mnemonic, not for seed generation. BIP39 was criticized for not including a version number in the seed phrase and requiring a fixed wordlist. Electrum v2 seed phrases include a version number and allow for future wordlist modifications.In another discussion, concerns were raised about the implementation of BIP39 in libbitcoin. Changing the wordlist would invalidate mnemonics, but it has no impact on previously generated ones. It was suggested that BIP39 should include a version number and allow for flexible wordlists.Overall, the discussions revolve around the challenges and considerations of using different wallet standards and formats. There is a need for interoperability, privacy considerations, and long-term solutions for securing wallets.In an email exchange, Thomas V. expresses concern about the need to explore branches of the derivation tree to determine if a wallet exists. He suggests that a version number would be more useful as it allows the software to answer negatively without being online. Andreas Schildbach questions why BIP43 is tied to BIP32, leading to a discussion on their thoughts about the matter.The effectiveness of PBKDF2 in securing wallet seeds is discussed. While PBKDF2 slows down attackers attempting to attack through an interface, it doesn't add any security to the seed in a brute force attack. The 2048 iteration count is sufficient for its purpose, even though it adds a slight delay in seed generation. Aaron Voisine shares his thoughts on the compromises made for current low power embedded devices and the need for stronger password key stretching and the ability to derive the seed phrase from the wallet seed.Aaron Voisine disagrees with the sentiment that BIP39 is admirable. He acknowledges the compromises made for current generation devices but expresses concern about the weak password key stretching and the inability to derive the seed phrase from the wallet seed. Despite his concerns, he understands the motivation behind the decision.The discussion revolves around determining the version for different Bitcoin wallets and the use of BIP39. The group believes that brute force is an acceptable trade-off for not requiring the need to remember a version. They also disagree with the need for version "magic flags" or creation dates stored in the mnemonic. Wordlists don't require fixing between wallet providers according to BIP39 recommendations.
Updated on: 2023-08-01T11:59:08.478016+00:00