Author: Dmitry Petukhov 2021-02-11 16:29:10
Published on: 2021-02-11T16:29:10+00:00
In a recent discussion on the bitcoin-dev mailing list, a member brought up concerns about the encryption key scheme being used. The proposed method of using SHA256(SHA256(TOKEN)) was pointed out to be potentially vulnerable to a rainbow table attack. Another member suggested using a key derivation function designed for passwords, such as PBKDF2. However, this would add another code dependency for vendors who do not already have the required function in their device firmware.One possible solution could be to make the token longer and use a mnemonic. However, entering long data manually into a device can be difficult for users. Vendors that allow custom keys to be entered into their devices already face this issue. Another possibility is to enter the shared key for multisig setup in the same way, possibly with an additional visual check via fingerprint. These approaches could be combined by specifying a key derivation function suitable for passwords and sharing a password or derived key via a secure channel. If the hardware wallet supports the derivation function, it can derive the key from the password. If it only supports keys, the key can be entered raw or via mnemonic. However, precautions must be taken to prevent confusion between the two procedures.
Updated on: 2023-06-14T17:36:51.973612+00:00