Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Wu4E8-0006a6-W3 for bitcoin-development@lists.sourceforge.net; Mon, 09 Jun 2014 18:23:25 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.217.170 as permitted sender) client-ip=209.85.217.170; envelope-from=gmaxwell@gmail.com; helo=mail-lb0-f170.google.com; Received: from mail-lb0-f170.google.com ([209.85.217.170]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Wu4E7-0002wL-RC for bitcoin-development@lists.sourceforge.net; Mon, 09 Jun 2014 18:23:24 +0000 Received: by mail-lb0-f170.google.com with SMTP id w7so3296725lbi.29 for ; Mon, 09 Jun 2014 11:23:17 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.152.205.106 with SMTP id lf10mr18791155lac.21.1402338197230; Mon, 09 Jun 2014 11:23:17 -0700 (PDT) Received: by 10.112.235.72 with HTTP; Mon, 9 Jun 2014 11:23:17 -0700 (PDT) In-Reply-To: References: Date: Mon, 9 Jun 2014 11:23:17 -0700 Message-ID: From: Gregory Maxwell To: Richard Moore Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gmaxwell[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1Wu4E7-0002wL-RC Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] BIP38 Encrypted Address Discussion X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jun 2014 18:23:25 -0000 On Mon, Jun 9, 2014 at 11:13 AM, Richard Moore wrote: > Hey all again, > > I am implementing BIP38 wallets right now, and had another idea I would l= ike to put out there for discussion. > > Right now the scrypt pbkdf is (16384, 8, 8) for (N, r, p), but I was wond= ering if it would make sense to include an extra byte in the address which = would encode the parameters used? For now, they are fine, as it takes over = 3 minutes to to hash once in my pure-Python implementation in CPython (3 se= conds in pypy). But with all the latest scrypt mining ASICS hitting the mar= ket, and the difficulty rising of the scrypt alt coins, it may become more = profitable in the future to try hacking wallets to gobble up their funds. C= urrently all the hardware is tuned for (1024, 1, 1) and with adaptive-N, it= only targets upgrading the N value, so having p =3Dr =3D 8 certainly means= that hardware won=E2=80=99t affect BIP 38=E2=80=A6 But who knows in the fu= ture if they start making Adaptive-N-r-p ASICS. > > It also provides a way to vastly secure more important master keys=E2=80= =A6 Maybe for a key that is cold storage of millions of dollars that won=E2= =80=99t be touched for multiple years, I don=E2=80=99t mind waiting an hour= on commodity hardware to decrypt it. See the not yet finished proposal at https://bitcointalk.org/index.php?topic=3D258678.0 It's generally a lot more sound and well thought out than BIP38. Though right now I believe it's being revised to support secret sharing.