Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WTAgf-0007u2-JG for bitcoin-development@lists.sourceforge.net; Thu, 27 Mar 2014 13:49:41 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmx.de designates 212.227.17.20 as permitted sender) client-ip=212.227.17.20; envelope-from=thomasv1@gmx.de; helo=mout.gmx.net; Received: from mout.gmx.net ([212.227.17.20]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1WTAge-0001ln-24 for bitcoin-development@lists.sourceforge.net; Thu, 27 Mar 2014 13:49:41 +0000 Received: from [192.168.1.27] ([84.101.32.222]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0MKIEQ-1WScSB1DaY-001lL5 for ; Thu, 27 Mar 2014 14:49:33 +0100 Message-ID: <53342C6C.2060006@gmx.de> Date: Thu, 27 Mar 2014 14:49:32 +0100 From: Thomas Voegtlin User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 CC: Bitcoin Development References: <53340999.807@gmx.de> <5334144A.9040600@gmx.de> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K0:HdWAM5HnHalxgDZDAerXX/VpK600T0PJuXFa/f1PxgZRA3J+TLG gAjnMCxLdI9ZXA2i2XaC4QYVwX0FfvCwLEgK0zZ7XloELI+SYKihloxThAS2zfhdZNVJ7QA lxbbHEz5UmPLSERZTNHkTJCZthGMDPGFHCeHgLsP/2QTFXurAbxQtSYqw6D2htVJVf2lRyR lMdy8uzjP/dtGEPGzwSLA== X-Spam-Score: -0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [212.227.17.20 listed in list.dnswl.org] -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (thomasv1[at]gmx.de) -0.0 SPF_PASS SPF: sender matches SPF record 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (thomasv1[at]gmx.de) 1.2 MISSING_HEADERS Missing To: header X-Headers-End: 1WTAge-0001ln-24 Subject: Re: [Bitcoin-development] New BIP32 structure X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Mar 2014 13:49:41 -0000 Le 27/03/2014 13:49, Mike Hearn a écrit : > Ah, BIP32 allows for a range of entropy sizes and it so happens that > they picked 256 bits instead of 128 bits. > > I'd have thought that there is a right answer for this. 2^128 should not > be brute forceable, and longer sizes have a cost in terms of making the > seeds harder to write down on paper. So should this be a degree of freedom? > Here is what I understand: 2^128 iterations is not brute forcable today, and will not be for the foreseeable future. An EC pubkey of length n can be forced in approximately 2^(n/2) iterations (see http://ecc-challenge.info/) Thus, Bitcoin pubkeys, which are 256 bits, would require 2^128 iterations. This is why unused addresses (160 bits hash) are better protected than already used ones. However, people tend to believe that a public key of size n requires 2^n iterations. This belief might have been spread by this popular image: https://bitcointalk.org/index.php?topic=508880.msg5616146#msg5616146