close
close
migores1

SHINOBI: Stop demonizing developers over bullshit

SHINOBI: Stop demonizing developers over bullshit

screenshot-2024-09-30-at-103753am.png

There was a big snafu recently about the changes to the BIP 85 repository. For those unfamiliar with BIP, it’s a very simple scheme to allow new word seeds to be generated from a derivation path into a pre-existing word seed that you have. The logic of BIP is to allow people using multiple wallets to manage the chaos of having to maintain individual isolated backups for numerous wallets.

By generating new seeds based on the entropy of a derivation path, users can simply make a single backup copy of a “master” word seed and from there regenerate any child seeds from that master seed. Just one reserve and you can have as many independent word seeds as you need. They are even safe to carry around, import into different devices or wallets and have zero risk of jeopardizing the main seed or any coins stored on it.

Cryptographically, there is no way to switch back from a child seed to the master seed, even if it were compromised. This design makes it very safe to use multiple independent seeds/wallets while simplifying the backup process to protect against loss.

The BIP has been updated to follow a pull request suggestion that clarifies a number of things, but the key change was a change to how the actual child keys were generated, apparently to follow the specification in BIP 32 (which details how to generate keys using the derivation paths in HD). wallets) which BIP 85 did not strictly. This would have resulted in the same BIP 85 paths generating different keys than they did under the current specification. This is a disruptive change.

If it was implemented in the new spec by any project, it would not properly generate any of the old BIP 85 seeds that users would have already generated and sent money to. This would mean that those funds would be “lost” in the sense that the upgrade wallets would no longer correctly generate keys to get people’s money if they lost a copy of the previously generated seeds.

But the reality is that no wallet would have implemented this feature, or if they did, they would have done it in a way that supported both methods, because they already have users in the world who generated seeds using the old spec. Wallets and device manufacturers wouldn’t introduce a change that would only affect users’ ability to recover existing funds, it’s simply not in their best interest.

All this incident demonstrated is a lack of communication, nothing more. There was no real risk of anything coming off to create real-world consequences that would have affected users. The projects implementing BIP 85 did not make changes, nothing happened, except for the modification of a technical document. It even went back to removing the change immediately after public backlash against the nature of the change and the lack of communication between the developers and the projects actually implementing BIP.

People need to stop blowing up communication failures like this, which have no real consequences, as cases of nefarious intent or a profound failure of competence. It was simply a mistake, one that can be learned from by improving communication between developers and project maintainers in the future, that caused no real harm to anyone.

Throwing moles into mountains like this serves no one in this space and does nothing to improve the real problems of communication and coordination in space. Properly contextualizing it in a civilly productive way so that people can learn is how to deal with these things.

Related Articles

Back to top button