Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 3D2008D7 for ; Wed, 27 Jul 2016 10:39:48 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-wm0-f43.google.com (mail-wm0-f43.google.com [74.125.82.43]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A069716F for ; Wed, 27 Jul 2016 10:39:47 +0000 (UTC) Received: by mail-wm0-f43.google.com with SMTP id q128so206871295wma.1 for ; Wed, 27 Jul 2016 03:39:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=/zXC+SXka1qGvojD79TqHlpXb4he5d8bL/LwmvlmxTg=; b=VmXROPVtsTmGNezSbLi3MK70bpk5sOFBqqX0yHvUfzIurgNfttbeet5Qb4NsxI/Jq+ MkisNa4vSWlysXhyWWnQ232et1MlfJmoUT3nFyHjTF0vKA4RRW7VaqI8l8lrUYx/qTV6 gYKwKoeDZJ3ZnclZ4sTVZ62H6UvtmU1893m8rFzNk/7Kom7pMq6KNm9R8UpgkhueDodX TpWNuqAdwZoNotv64WyPUYps8eoSBcjAMwqmQ7288vzjr/0jKKzVCspa8eKAlyxAhX0T y04xQkKlR1Yt7CbWQj5ptXf0/hzplMY9vyMqv2fiknKV1x4RRPdlBtkvXTF+5gDxSeje 6oaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=/zXC+SXka1qGvojD79TqHlpXb4he5d8bL/LwmvlmxTg=; b=R8YF/mzhSpLVpXGG8aKYvncxGOrK7cNuZ/9IU51rvkLAqZEwXSjASTn122d8GXhhR5 lNSvHkeh0n1+B1969LGAl50t8XtGWtR+F7JPXRMhESCBygNmKYCLj/uIqpUUPG5PPyru C4BCb/lqBfrwxeBah1sqKYA0cpPTCHDuL1bTrXmfCqMyGSFAFwOojz7i6rP4cFrMkls3 63/kaIwiMMCrRE0AE7sHKOqKZ8qpN0VG9OUWGumhVYRNMd9iyFFD6Gpo0DeT715pY8dK ThtBkeX0TPGWlIPN0OOD+dtBwkQjERTMfrE5NmzLEx9HkG82fF3p5JO4JBuvdN/d/T3F fr2Q== X-Gm-Message-State: AEkoouujKkGOSKBbZTK2nTcYuisjgsTWKqWXOtpCo2Se8gBrOQA5yeywwA3krZGSvCp0oxvVgXwIfbhd9H9qxw== X-Received: by 10.194.58.112 with SMTP id p16mr27285683wjq.24.1469615986068; Wed, 27 Jul 2016 03:39:46 -0700 (PDT) MIME-Version: 1.0 References: <5797AC88.8030507@gmail.com> <5797C3A7.5030600@jonasschnelli.ch> In-Reply-To: <5797C3A7.5030600@jonasschnelli.ch> From: Jochen Hoenicke Date: Wed, 27 Jul 2016 10:39:36 +0000 Message-ID: To: Jonas Schnelli , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary=047d7ba97076ce52c405389ba272 X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] BIP proposal: derived mnemonics X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jul 2016 10:39:48 -0000 --047d7ba97076ce52c405389ba272 Content-Type: text/plain; charset=UTF-8 Jonas Schnelli via bitcoin-dev schrieb am Di., 26. Juli 2016 um 22:10 Uhr: > Side-note: Bip39 does still use PBKDF2 with 2048 iterations which I > personally consider "not enough" to protect a serious amount of funds. > > But what are the alternatives? Put an expensive processor and a decent amount of memory in every hardware wallet to support scrypt? Use a million iterations and just wait 10 minutes after entering you passphrase? Or compute the secret key on your online computer instead? Also, how many iterations are secure? A million? Then just add two random lower-case letters to the end of your passphrase and you have a better protection with 2048 iterations. If you want to be able to use your passphrase with cheap hardware and be protected against a high-end computer with multiple GPUs that is almost a mllion times faster, then you have to choose a good passphrase. Or just make sure nobody steals your seed; it is not a brainwallet that is only protected by the passphrase after all. Regards, Jochen --047d7ba97076ce52c405389ba272 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Jonas Schnelli= via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> schrieb am Di., 26. Juli 2= 016 um 22:10=C2=A0Uhr:
Side-note: B= ip39 does still use PBKDF2 with 2048 iterations which I
personally consider "not enough" to protect a serious amount of f= unds.


But what are the alternatives?=C2=A0 Put an expensive processor and a de= cent amount of memory in every hardware wallet to support scrypt?=C2=A0 Use= a million iterations and just wait 10 minutes after entering you passphras= e?=C2=A0 Or compute the secret key on your online computer instead?<= br>

Also, how many iterations are secure?=C2= =A0 A million?=C2=A0 Then just add two random lower-case letters to the end= of your passphrase and you have a better protection with 2048 iterations.= =C2=A0If you want to be able to use your pa= ssphrase with cheap hardware and be protected against a high-end computer w= ith multiple GPUs that is almost a mllion times faster, then you have to ch= oose a good passphrase.=C2=A0 Or just make sure nobody steals your seed; it= is not a brainwallet that is only protected by the passphrase after all.

Regards,
=C2=A0 Jochen
=

--047d7ba97076ce52c405389ba272--