1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
Return-Path: <hoenicke@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 3D2008D7
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 27 Jul 2016 10:39:48 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wm0-f43.google.com (mail-wm0-f43.google.com [74.125.82.43])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A069716F
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 27 Jul 2016 10:39:47 +0000 (UTC)
Received: by mail-wm0-f43.google.com with SMTP id q128so206871295wma.1
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 27 Jul 2016 03:39:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
bh=/zXC+SXka1qGvojD79TqHlpXb4he5d8bL/LwmvlmxTg=;
b=VmXROPVtsTmGNezSbLi3MK70bpk5sOFBqqX0yHvUfzIurgNfttbeet5Qb4NsxI/Jq+
MkisNa4vSWlysXhyWWnQ232et1MlfJmoUT3nFyHjTF0vKA4RRW7VaqI8l8lrUYx/qTV6
gYKwKoeDZJ3ZnclZ4sTVZ62H6UvtmU1893m8rFzNk/7Kom7pMq6KNm9R8UpgkhueDodX
TpWNuqAdwZoNotv64WyPUYps8eoSBcjAMwqmQ7288vzjr/0jKKzVCspa8eKAlyxAhX0T
y04xQkKlR1Yt7CbWQj5ptXf0/hzplMY9vyMqv2fiknKV1x4RRPdlBtkvXTF+5gDxSeje
6oaA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to;
bh=/zXC+SXka1qGvojD79TqHlpXb4he5d8bL/LwmvlmxTg=;
b=R8YF/mzhSpLVpXGG8aKYvncxGOrK7cNuZ/9IU51rvkLAqZEwXSjASTn122d8GXhhR5
lNSvHkeh0n1+B1969LGAl50t8XtGWtR+F7JPXRMhESCBygNmKYCLj/uIqpUUPG5PPyru
C4BCb/lqBfrwxeBah1sqKYA0cpPTCHDuL1bTrXmfCqMyGSFAFwOojz7i6rP4cFrMkls3
63/kaIwiMMCrRE0AE7sHKOqKZ8qpN0VG9OUWGumhVYRNMd9iyFFD6Gpo0DeT715pY8dK
ThtBkeX0TPGWlIPN0OOD+dtBwkQjERTMfrE5NmzLEx9HkG82fF3p5JO4JBuvdN/d/T3F
fr2Q==
X-Gm-Message-State: AEkoouujKkGOSKBbZTK2nTcYuisjgsTWKqWXOtpCo2Se8gBrOQA5yeywwA3krZGSvCp0oxvVgXwIfbhd9H9qxw==
X-Received: by 10.194.58.112 with SMTP id p16mr27285683wjq.24.1469615986068;
Wed, 27 Jul 2016 03:39:46 -0700 (PDT)
MIME-Version: 1.0
References: <5797AC88.8030507@gmail.com> <5797C3A7.5030600@jonasschnelli.ch>
In-Reply-To: <5797C3A7.5030600@jonasschnelli.ch>
From: Jochen Hoenicke <hoenicke@gmail.com>
Date: Wed, 27 Jul 2016 10:39:36 +0000
Message-ID: <CANYHNmLot1+-LbisfrPRtgDPnofD7bnQ3By_pgT2RFvLHRm7Hg@mail.gmail.com>
To: Jonas Schnelli <dev@jonasschnelli.ch>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary=047d7ba97076ce52c405389ba272
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev] BIP proposal: derived mnemonics
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jul 2016 10:39:48 -0000
--047d7ba97076ce52c405389ba272
Content-Type: text/plain; charset=UTF-8
Jonas Schnelli via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>
schrieb am Di., 26. Juli 2016 um 22:10 Uhr:
> Side-note: Bip39 does still use PBKDF2 with 2048 iterations which I
> personally consider "not enough" to protect a serious amount of funds.
>
>
But what are the alternatives? Put an expensive processor and a decent
amount of memory in every hardware wallet to support scrypt? Use a million
iterations and just wait 10 minutes after entering you passphrase? Or
compute the secret key on your online computer instead?
Also, how many iterations are secure? A million? Then just add two random
lower-case letters to the end of your passphrase and you have a better
protection with 2048 iterations. If you want to be able to use your
passphrase with cheap hardware and be protected against a high-end computer
with multiple GPUs that is almost a mllion times faster, then you have to
choose a good passphrase. Or just make sure nobody steals your seed; it is
not a brainwallet that is only protected by the passphrase after all.
Regards,
Jochen
--047d7ba97076ce52c405389ba272
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_quote"><div dir=3D"ltr">Jonas Schnelli=
via bitcoin-dev <<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.or=
g">bitcoin-dev@lists.linuxfoundation.org</a>> schrieb am Di., 26. Juli 2=
016 um 22:10=C2=A0Uhr:<br></div><blockquote class=3D"gmail_quote" style=3D"=
margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Side-note: B=
ip39 does still use PBKDF2 with 2048 iterations which I<br>
personally consider "not enough" to protect a serious amount of f=
unds.<br><br></blockquote><div><br></div><div><span style=3D"line-height:1.=
5">But what are the alternatives?=C2=A0 Put an expensive processor and a de=
cent amount of memory in every hardware wallet to support scrypt?=C2=A0 Use=
a million iterations and just wait 10 minutes after entering you passphras=
e?=C2=A0 Or compute the secret key on your online computer instead?</span><=
br></div><div><br></div><div><div>Also, how many iterations are secure?=C2=
=A0 A million?=C2=A0 Then just add two random lower-case letters to the end=
of your passphrase and you have a better protection with 2048 iterations.=
=C2=A0<span style=3D"line-height:1.5">If you want to be able to use your pa=
ssphrase with cheap hardware and be protected against a high-end computer w=
ith multiple GPUs that is almost a mllion times faster, then you have to ch=
oose a good passphrase.=C2=A0 Or just make sure nobody steals your seed; it=
is not a brainwallet that is only protected by the passphrase after all.</=
span></div></div><div><br></div><div>Regards,</div><div>=C2=A0 Jochen</div>=
<div><br></div></div></div>
--047d7ba97076ce52c405389ba272--
|
