-
TheCharl1Is there research on timing side channels for wallets scanning for transactions?
-
moneromoooThere was a paper maybe half a year ago. Someone from Stanford, with Dan Boneh as coauthor, can't recall the main author.
-
moneromoooIt should be linked from the monero hackerone.
-
sarang
-
TheCharl1thanks a lot!
-
knacccmonero-project/monero #6639#issuecomment-642937117 "I read the stackexchange comments and didn't find a convincing reason to use more than 128 bits of entropy. The Pollard's Rho algorithm can calculate the private key from the public key in O(√n) time and O(1) space"
-
knacccI found tevador's argument compelling. It would be very interesting to see if there is consensus that we have nothing to gain in security by going beyond 128 bits
-
smooth/win/win1
-
selstatevador wrote a PoC for a 14 word seed: github.com/tevador/monero-seed
-
selstaknaccc: ^^
-
knacccwhoa nice
-
knacccwow that's incredible. using Reed-Solomon already!
-
knacccmy only comment is that maybe we should not be using more than rudimentary key stretching to add about 10-14 bits using rounds of keccak
-
knacccotherwise issues maybe with low power simple hardware
-
sarangNice, all single-word issues detectable
-
knacccdoes tevador not use irc?
-
dEBRUYNEHe does
-
dEBRUYNEPerhaps he is not using a bouncer
-
tobtohtand it uses BIP-39!
-
tobtohtthis is everything I has wished for
-
tobtohtreally nice work
-
dEBRUYNEI guess, if implemented, we should make the feature default but optional
-
dEBRUYNEGive users the ability to still generate the conventional seeds
-
tobtohtI would leave it as an option in the CLI. Maybe best to not have it as an option during wallet creation in the GUI, as it may require additional explanation.
-
dEBRUYNEYeah for the GUI we can disable it entirely