On Wed, Jun 4, 2025 at 3:57 AM pithosian <[email protected]> wrote:
> I'm not totally against thinking about different ways to (effectively) > represent the data you'd use a descriptor for for simple use-cases, > just not personally convinced on the utility of a purely > hand-calculated mnemonic given the requirement of running (off the top > of my head) SHA512 PBKDF2 for the BIP 32 seed, and a SHA512 HMAC for > going from that to the root priv. > IMHO, the difference is that it is at least possible to cross-check the derivation of pubkeys and addresses from the master seed using hardware from different vendors. However it isn't really possible to cross-check the quality of the initial random generation. Some people are going to prefer to generate that randomness by hand in a fully transparent process and not hidden within some computer chip using a noisy transistor or whatever. Once again, I want to reiterate for this thread that there already exists a BIP for a hand-computable friendly master secret format, which is BIP-93 (codex32). Yes, hand computing the checksum for BIP-93 is a pain, but unlike BIP-39's checksum, it is actually doable. And unlike BIP-39's checksum, the checksum for codex32 is actually an error-correcting code, so you can actually repair errors and erasures in the data. It is even possible to use an untrusted computer to repair your codex32 string so that the computer learns practically zero information about your secret or secret share. -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CAMZUoKnzDf0hMC-i4Xis3GXW96fWRwJgKSzzcj5aqGg3zGM8Kg%40mail.gmail.com.
