1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
Return-Path: <dev@jonasschnelli.ch>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 5DE7B94E
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 27 Jul 2016 10:53:30 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from server3 (server3.include7.ch [144.76.194.38])
by smtp1.linuxfoundation.org (Postfix) with ESMTP id 942531EA
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 27 Jul 2016 10:53:29 +0000 (UTC)
Received: by server3 (Postfix, from userid 115)
id B4BDA2E6064F; Wed, 27 Jul 2016 12:53:28 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Spam-Level:
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, FSL_HELO_NON_FQDN_1
autolearn=ham version=3.3.1
Received: from Jonass-MacBook-Pro-2.local (84-73-208-41.dclient.hispeed.ch
[84.73.208.41]) by server3 (Postfix) with ESMTPSA id C0B282D00697;
Wed, 27 Jul 2016 12:53:27 +0200 (CEST)
To: Jochen Hoenicke <hoenicke@gmail.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
References: <5797AC88.8030507@gmail.com> <5797C3A7.5030600@jonasschnelli.ch>
<CANYHNmLot1+-LbisfrPRtgDPnofD7bnQ3By_pgT2RFvLHRm7Hg@mail.gmail.com>
From: Jonas Schnelli <dev@jonasschnelli.ch>
Message-ID: <579892A4.6030505@jonasschnelli.ch>
Date: Wed, 27 Jul 2016 12:53:24 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0)
Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <CANYHNmLot1+-LbisfrPRtgDPnofD7bnQ3By_pgT2RFvLHRm7Hg@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="rj5VxNhNOEhdK0qgsbuMUg8Tj6BwlFiVt"
Subject: Re: [bitcoin-dev] BIP proposal: derived mnemonics
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jul 2016 10:53:30 -0000
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--rj5VxNhNOEhdK0qgsbuMUg8Tj6BwlFiVt
Content-Type: multipart/mixed; boundary="mmtHtDkgGfQNM7Ln58LAheSAIBqhOWwKU"
From: Jonas Schnelli <dev@jonasschnelli.ch>
To: Jochen Hoenicke <hoenicke@gmail.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <579892A4.6030505@jonasschnelli.ch>
Subject: Re: [bitcoin-dev] BIP proposal: derived mnemonics
References: <5797AC88.8030507@gmail.com> <5797C3A7.5030600@jonasschnelli.ch>
<CANYHNmLot1+-LbisfrPRtgDPnofD7bnQ3By_pgT2RFvLHRm7Hg@mail.gmail.com>
In-Reply-To: <CANYHNmLot1+-LbisfrPRtgDPnofD7bnQ3By_pgT2RFvLHRm7Hg@mail.gmail.com>
--mmtHtDkgGfQNM7Ln58LAheSAIBqhOWwKU
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
> But what are the alternatives? Put an expensive processor and a decent=
> amount of memory in every hardware wallet to support scrypt? Use a
> million iterations and just wait 10 minutes after entering you
> passphrase? Or compute the secret key on your online computer instead?=
What the Digital Bitbox team does, is, PBKDF2 the user entered
passphrase on the computer with >20'000 iterations, then PBKDF2 again
onchip with the 2048 rounds.
If somebody manages to steal your backup (in that case a file/SDCard or
printed PDF), it would at least required > 22'048 iterations to derive
the key from a passphrase which I consider "stronger" then just using
2048 iterations.
> Also, how many iterations are secure? A million? Then just add two
> random lower-case letters to the end of your passphrase and you have a
> better protection with 2048 iterations.
I guess you shouldn't delegate KDF security to the user. But sure, this
could help as well. This is part of the UI.
On the other hand, forcing the user to select a long/more-secure
passphrase will very likely lead to many funds get lost behind
encryption because of lost/forgotten passphrases.
> If you want to be able to use
> your passphrase with cheap hardware and be protected against a high-end=
> computer with multiple GPUs that is almost a mllion times faster, then
> you have to choose a good passphrase. Or just make sure nobody steals
> your seed; it is not a brainwallet that is only protected by the
> passphrase after all.
Agree.
But IMO this fact should not be an excuse to reduce/use low iterations
during KDF (especially SHA2 based KDFs).
</jonas>
--mmtHtDkgGfQNM7Ln58LAheSAIBqhOWwKU--
--rj5VxNhNOEhdK0qgsbuMUg8Tj6BwlFiVt
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXmJKkAAoJECnUvLZBb1PsNcMQAI3R9sfil/ImCp4DPIO5+5ih
PfK+mRwIXfHgN/f0PBurvR2ULeMJ+46whZajBbrkMvoOkWtbJsCeYEe5pVWrEZF/
QUG5qM5+VnztVvLG4Rpb7XmwE+QOGBDJbR1vlTpCmLiQ8fZIcsCg9zkqMzW7pVtk
hgVWXZVuoT6cYES+VqDZoRr2KU1D3m7o6Uv0R4JPVa8dcdBGK5oE5JpsTD8kV0lr
TQfc18LiC2nyXxfPWBLEes6BgRMNDo6uwgKH+c6zCgGAN2QZi/RF+8cir1OsVzFg
oHTu1qw0kPx8dsSO3sjM3EO1r6GOs+dHNDf4ORS171eZtaAwVBBNnFolyzr73/a9
aytJx1KqsbWEq2pfJ/sTLF3be9lbE1ZICjHu/lpZ/v53o/vhlqeRElBt5IfmaT6n
nRAQ58IVI+rOMu2vpbmm5rgd9XnYtdqWravHYWKSjWwgM23xx6J72WYXU5d6whWG
hAMYa8nOUrBtHZCHRQdFq/LVGx0iPksDS4wHWo9rE/RIGSx6mq0ITaGh0itLHHWA
rNDVojUE+GMbOuuXOoBpZVC+CH+Pcs0RXxTMEkwGh7zx9Ew3ANHVOwE1LSiRhKZ8
/212TLi61AlUwrit+ap4s3hiyDZMqrK+Q9Yrqpq3G6HCJWqU8sB96JtiGGoSuTqw
20y+KlvVsZPEiXsn9STo
=Ap4C
-----END PGP SIGNATURE-----
--rj5VxNhNOEhdK0qgsbuMUg8Tj6BwlFiVt--
|