Author: slush 2013-10-31 10:41:27
Published on: 2013-10-31T10:41:27+00:00
In this email conversation, Marek expresses his thoughts on the use of bip32 space and how to discover already used addresses in it. He believes that there should be a "good enough" way to do this discovery without the need for extra metadata. He suggests using a similar approach to Electrum's gap limit algorithm, but in two dimensions. Marek doesn't see the need for extra metadata since he thinks that this particular situation is an exact opposite of the original statement "no metadata in mnemonic". Regarding the bidirectionality of the transformation, Marek explains that it is necessary to produce plain seed first and then transform the result into a mnemonic. This is because they have developed a method to prove that the seed generated by Trezor has been created using a combination of computer-provided entropy and device-provided entropy, without leaking full private information to other computers. Marek believes that one-way mnemonics would complicate the design, and they want to keep things as clear and simple as possible, especially when handling seed generation. Pieter Wuille wonders why they need the transformation to be bidirectional and suggests that if it is just about generating master seeds, one direction should be enough. He also mentions that if they settle on a standard for 'brainwallets', he would prefer it to have some strengthening built-in to decrease the impact of worst-case situations. Marek agrees with the need for hardening, which is the default in bip39.
Updated on: 2023-06-07T18:25:06.815379+00:00