microchad
commented
1 year ago Hi Jason - thanks a lot for your helpful suggestions and taking the time to write. We will digest next week 👍
Open jasonpearce opened 1 year ago
microchad
commented
1 year ago Hi Jason - thanks a lot for your helpful suggestions and taking the time to write. We will digest next week 👍
SuperPhatArrow
commented
1 year ago Thanks for this. I am concerned about sending people to a random website to generate a password. While it might be perfectly safe now, we can't be sure that will be true in future.
jasonpearce
commented
1 year ago Thanks for this. I am concerned about sending people to a random website to generate a password. While it might be perfectly safe now, we can't be sure that will be true in future.
Certainly a reasonable concern.
A counter-point would be that the content was already linking to https://www.eff.org/dice (also a tool that may be used to generate pass phrases). That said, the eff.org website is more reputable than the passed.pw website.
Perhaps the content recommends two or three websites for passphrase/password generation. Here are some suggestions to consider:
Both password or passphrase generators:
Password generators:
Passphrase word lists:
Disclosure: About 10 years ago, I suggested an improvement to the passed.pw project via that project's GitHub page; much like I'm doing today for this wonderful project. I suggested adding the Mobile Keyboard Friendly feature.
SuperPhatArrow
commented
1 year ago Yes, I meant that EFF dice words website doesn't generate you a password, but teaches you how to make one. Having said that, we can't be certain that the link we use will always point to this site, so I do take your point.
Thanks for all of this, especially the byte words paper, which is new to me.
jasonpearce
commented
1 year ago I found the Bytewords word list particularly interesting. I like that...
That's much better than the BIP 39 list that "Each word's first four letters must be a unique sequence," but "Not all words are at least four letters long."
So a condensed string of Bytewords could look like this...
aeaybecscxdedyetfzfdgdhd
That string would easily represent ...
able away blue cats crux dice duty exit fizz fund good hard
Condensing each word down to just two X..X characters could really help jam a lot of content into a QR code.
Blockchain Commons also makes a mobile app that can shard content for you with X of Y QR codes for recovery. It's only for iOS and is called the Gordian Seed Tool: https://apps.apple.com/us/app/gordian-seed-tool/id1545088229
I wish to provide some feedback regarding the content found within the large red box that appears when visiting "Regenerate > Own Passphrase (Advanced) > WARNING!"
DUPLICATE PARAGRAPHS: There are 7 paragraphs starting with "This is an advanced..." and ending with "If you generate your own...". Paragraphs 5 and 7 contain the same content, which is:
My recommendation is to remove the duplicate content by removing paragraph 7.
ADDITIONAL GRAMMAR AND PUNCTUATION RECOMMENDATIONS: I found other punctuation, wording, and grammar issues that I hope to address. I also found an inconsistent use of the phrase "Own Passphrase" and "Regeneration Phrase", and have attempted to reduce confusion.
Before:
Recommendation (After):
Change the binary radio buttons to:
Regenerating a Bitcoin Border Wallet grid by supplying your own Regeneration Phrase is an advanced feature. Your funds may be at greater risk if you use this feature improperly!
In this Regeneration Phrase (Advanced) section, you may regenerate a Bitcoin Border Wallet grid from a Regeneration Phrase of your own choosing. Because Pattern Grids are not random by design (a Pattern Grid is your systematic 11- or 23-cell pattern that is easy for you to remember), all of the entropy that is used to generate a Bitcoin Border Wallet grid is derived from the Regeneration Phrase (Advanced) that you supply below.
Cryptographers recommend supplying a minimum of 128-bits of entropy when generating a Bitcoin wallet seed phrase (usually 12- or 24-words). As you input your own Regeneration Phrase below, our Minimum Potential Entropy tool will calculate the minimum potential entropy that your Regeneration Phrase provides.
The Minimum Potential Entropy calculation is based ONLY on the length and type of character sets comprised within your Regeneration Phrase. The calculation DOES NOT measure the entropy of your Regeneration Phrase. Meaning, that while a systematic Regeneration Phrase of "bacon bacon bacon bacon bacon" would produce a Minimum Potential Entropy value of 141 bits, it obviously lacks entropy and would be an irresponsible Regeneration Phrase to use.
In short, when using this Regeneration Phrase (Advanced) feature, the randomness of your Regeneration Phrase -- and the resulting Bitcoin Border Wallet grid that it deterministically generates -- is entirely up to you.
If you wish to create and provide your own Regeneration Phrase, our recommendation is to select random words from the EFF's Diceware Long Word List. To obtain at least 128-bits of entropy, your Regeneration Phrase must contain a minimum of 10 random words from that list. The more random words you use, the higher your entropy will be.
Optionally, you may also obtain at least 128-bits of entropy by selecting a minimum of 20 random characters (a combination of numbers, lower, upper, and punctuation). For example, you could use a tool like https://passed.pw/ to generate 20 random characters (example: y<v:Wq-bK89C/93+CnKm) with 131 bits of entropy. We think that 20 random characters are more difficult to memorize than 10 random words, which is why we created Bitcoin Border Wallets in the first place.
If the Regeneration Phrase that you provide fails to produce at least 128 bits of Minimum Potential Entropy, we will not generate a Bitcoin Border Wallet grid for you. This limitation is for your own protection and for the integrity of the Bitcoin Border Wallets project.
Bitcoin Border Wallets recommends selecting the 12 Words (Best Practice), which uses the much shorter Bitcoin Improvement Proposal (BIP 39) word list (a specific list of 2048 words) to obtain 128-bits of entropy. We follow the same process used by many other hardware and software wallets to generate a cryptographically-secure 12-word Regeneration Phrase. If you chose to supply your own Regeneration Phrase, you are deviating from the best practice.
Closing: Thank you for creating such a great project. I hope my feedback and suggestions are helpful.