Author: Gregory Maxwell 2016-07-27 20:59:54
Published on: 2016-07-27T20:59:54+00:00
On a bitcoin-dev discussion, Jonas Schnelli raised concerns about the security of Bip39's use of PBKDF2 with 2048 iterations to protect large amounts of funds. Jochen Hoenicke responded by asking for alternative methods of protection and questioned how many iterations are secure. Two alternatives were proposed in public discussion: the use of a scheme that supports delegatable hardening or eschewing pretextual 'hardening' that serves no purpose but to make users think the scheme is more secure than it is. However, both alternatives were rejected by the authors of the Bip39 spec. Hoenicke concluded by saying that Bip39 is not a brainwallet that is only protected by the passphrase after all, which ignores the history of the spec and widespread use as a brainwallet.
Updated on: 2023-05-19T23:38:17.862635+00:00