Is there research on timing side channels for wallets scanning for transactions?

There was a paper maybe half a year ago. Someone from Stanford, with Dan Boneh as coauthor, can't recall the main author.

It should be linked from the monero hackerone.

thanks a lot!

monero-project/monero #6639#issuecomment-642937117 "I read the stackexchange comments and didn't find a convincing reason to use more than 128 bits of entropy. The Pollard's Rho algorithm can calculate the private key from the public key in O(√n) time and O(1) space"

I found tevador's argument compelling. It would be very interesting to see if there is consensus that we have nothing to gain in security by going beyond 128 bits

/win/win1

tevador wrote a PoC for a 14 word seed: github.com/tevador/monero-seed

knaccc: ^^

whoa nice

wow that's incredible. using Reed-Solomon already!

my only comment is that maybe we should not be using more than rudimentary key stretching to add about 10-14 bits using rounds of keccak

otherwise issues maybe with low power simple hardware

Nice, all single-word issues detectable

does tevador not use irc?

He does

Perhaps he is not using a bouncer

and it uses BIP-39!

this is everything I has wished for

really nice work

I guess, if implemented, we should make the feature default but optional

Give users the ability to still generate the conventional seeds

I would leave it as an option in the CLI. Maybe best to not have it as an option during wallet creation in the GUI, as it may require additional explanation.

Yeah for the GUI we can disable it entirely