1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <will.yager@gmail.com>) id 1WNq61-0001YZ-G1
for bitcoin-development@lists.sourceforge.net;
Wed, 12 Mar 2014 20:49:49 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.216.175 as permitted sender)
client-ip=209.85.216.175; envelope-from=will.yager@gmail.com;
helo=mail-qc0-f175.google.com;
Received: from mail-qc0-f175.google.com ([209.85.216.175])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1WNq60-0002Ea-H0
for bitcoin-development@lists.sourceforge.net;
Wed, 12 Mar 2014 20:49:49 +0000
Received: by mail-qc0-f175.google.com with SMTP id e16so101093qcx.6
for <bitcoin-development@lists.sourceforge.net>;
Wed, 12 Mar 2014 13:49:43 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.140.29.38 with SMTP id a35mr55890656qga.55.1394657383138;
Wed, 12 Mar 2014 13:49:43 -0700 (PDT)
Received: by 10.140.31.135 with HTTP; Wed, 12 Mar 2014 13:49:43 -0700 (PDT)
In-Reply-To: <5320C6C7.9040602@gk2.sk>
References: <44fcb02b-3784-45a6-816a-312c78d940cd@me.com>
<5320B7F1.8060701@gk2.sk>
<CAG8oi1M_jnn9vzHjN5h+0x-dYEKudgJ-DEqOKrdv-sCDaFV3NA@mail.gmail.com>
<5320BDD1.50001@gk2.sk>
<CAG8oi1PhrmCqciECGKNa+DPp3Q_NrHP=79xxzOTkCJ655b4HXg@mail.gmail.com>
<5320C27B.8090205@gk2.sk>
<CAG8oi1OAYRgaMtoT8pMGNrcLomz9+dgi-7WKN285F0U4=LJSmQ@mail.gmail.com>
<5320C6C7.9040602@gk2.sk>
Date: Wed, 12 Mar 2014 15:49:43 -0500
Message-ID: <CAG8oi1Mac8TozHaVQF_BWLFp_EdA_VF3aEs1aALhA3Wpvmfusw@mail.gmail.com>
From: William Yager <will.yager@gmail.com>
To: Pavol Rusnak <stick@gk2.sk>
Content-Type: multipart/alternative; boundary=001a113b40fae7c95404f46ef9ae
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(will.yager[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WNq60-0002Ea-H0
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] [RFC] Proposal: Base58 encoded HD Wallet
root key with optional encryption
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 12 Mar 2014 20:49:49 -0000
--001a113b40fae7c95404f46ef9ae
Content-Type: text/plain; charset=ISO-8859-1
On Wed, Mar 12, 2014 at 3:42 PM, Pavol Rusnak <stick@gk2.sk> wrote:
> On 03/12/2014 09:37 PM, William Yager wrote:
> > (that group of people includes me), PBKDF2-HMAC-SHA512 is very easy to
> > implement even on devices that only have a few kB of RAM, and even though
> > our number of rounds is very aggressive (2^16 and 2^21), it will still
> run
> > in reasonable time even on very slow embedded ARM processors.
>
> To give you some numbers: TREZOR (120MHz ARM) does 1024 rounds of
> PBKDF2-HMAC-SHA512 in around 1 second.
>
> So 2^16 is around one minute, 2^21 is around half an hour.
>
>
Precisely. And since the target of this BIP is generally storage wallets
(just like BIP 0038), we figured these were reasonable time scales for
encryption/decryption on slow devices.
Let's say you're implementing a Raspberry Pi based cold wallet printer.
Having the user wait 10 seconds to several minutes is not unreasonable for
a one-time activity, especially when at least this much time is used to
generate entropy, print the wallet, etc.
The same goes for phones. If you're importing a heavily encrypted wallet
into your device, the user won't mind waiting a few seconds or even a few
minutes.
Plus, as an added bonus, the amount of time it will take to encrypt/decrypt
is highly deterministic, so it's easy to add a nice progress bar to a UI.
Will
--001a113b40fae7c95404f46ef9ae
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">On Wed, Mar 12, 2014 at 3:42 PM, Pavol Rusnak <span dir=3D=
"ltr"><<a href=3D"mailto:stick@gk2.sk" target=3D"_blank">stick@gk2.sk</a=
>></span> wrote:<br><div class=3D"gmail_extra"><div class=3D"gmail_quote=
"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:=
1px #ccc solid;padding-left:1ex">
<div class=3D"">On 03/12/2014 09:37 PM, William Yager wrote:<br>
> (that group of people includes me), PBKDF2-HMAC-SHA512 is very easy to=
<br>
> implement even on devices that only have a few kB of RAM, and even tho=
ugh<br>
> our number of rounds is very aggressive (2^16 and 2^21), it will still=
run<br>
> in reasonable time even on very slow embedded ARM processors.<br>
<br>
</div>To give you some numbers: TREZOR (120MHz ARM) does 1024 rounds of<br>
PBKDF2-HMAC-SHA512 in around 1 second.<br>
<br>
So 2^16 is around one minute, 2^21 is around half an hour.<br>
<div class=3D"HOEnZb"><div class=3D"h5"><br></div></div></blockquote><div><=
br></div><div>Precisely. And since the target of this BIP is generally stor=
age wallets (just like BIP 0038), we figured these were reasonable time sca=
les for encryption/decryption on slow devices.</div>
<div><br></div><div>Let's say you're implementing a Raspberry Pi ba=
sed cold wallet printer. Having the user wait 10 seconds to several minutes=
is not unreasonable for a one-time activity, especially when at least this=
much time is used to generate entropy, print the wallet, etc.</div>
<div><br></div><div>The same goes for phones. If you're importing a hea=
vily encrypted wallet into your device, the user won't mind waiting a f=
ew seconds or even a few minutes.</div><div><br></div><div>Plus, as an adde=
d bonus, the amount of time it will take to encrypt/decrypt is highly deter=
ministic, so it's easy to add a nice progress bar to a UI.</div>
<div><br></div><div>Will</div></div></div></div>
--001a113b40fae7c95404f46ef9ae--
|
