Author: Jonas Schnelli 2016-07-27 10:53:24
Published on: 2016-07-27T10:53:24+00:00
The Digital Bitbox team uses PBKDF2 to secure user-entered passphrases for their hardware wallet by performing over 20,000 iterations on the computer and an additional 2048 rounds on-chip. This makes it more difficult for a potential thief to derive the key from a stolen backup file or SD card. While it's unclear how many iterations are truly considered secure, users can add two random lowercase letters to their passphrase to increase security. However, relying solely on the user to choose a strong passphrase is not recommended as it may lead to lost funds due to forgotten or lost passphrases. In order to protect against high-end computers with multiple GPUs, it's important to choose a good passphrase and take measures to ensure the seed is not stolen. Despite this, reducing iterations during KDF should not be an excuse to compromise security.
Updated on: 2023-06-11T19:13:10.381266+00:00