[bitcoin-dev] BIP proposal: derived mnemonics

Jochen Hoenicke hoenicke at gmail.com
Wed Jul 27 10:39:36 UTC 2016

Jonas Schnelli via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org>
schrieb am Di., 26. Juli 2016 um 22:10 Uhr:

> Side-note: Bip39 does still use PBKDF2 with 2048 iterations which I
> personally consider "not enough" to protect a serious amount of funds.
But what are the alternatives?  Put an expensive processor and a decent
amount of memory in every hardware wallet to support scrypt?  Use a million
iterations and just wait 10 minutes after entering you passphrase?  Or
compute the secret key on your online computer instead?

Also, how many iterations are secure?  A million?  Then just add two random
lower-case letters to the end of your passphrase and you have a better
protection with 2048 iterations. If you want to be able to use your
passphrase with cheap hardware and be protected against a high-end computer
with multiple GPUs that is almost a mllion times faster, then you have to
choose a good passphrase.  Or just make sure nobody steals your seed; it is
not a brainwallet that is only protected by the passphrase after all.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20160727/6744055a/attachment.html>

More information about the bitcoin-dev mailing list