Published on: 2014-06-09T18:23:17+00:00
Richard Moore, a developer, is proposing the inclusion of an extra byte in BIP38 wallets to enhance their security. Currently, the scrypt pbkdf used for (N, r, p) is (16384, 8, 8). However, with the emergence of more powerful scrypt mining ASICs, there is a growing concern about potential hacking attacks on wallets. By encoding the parameters used in an additional byte in the address, the security of important master keys can be significantly enhanced. For instance, this could safeguard a key that holds millions of dollars in cold storage for several years.Moore's proposal, which can be found on bitcointalk.org, is highly regarded as well thought out compared to BIP38. The proposal is currently undergoing revisions to support secret sharing. To implement the extra byte, Moore suggests using one byte, denoted as 'c', and employing a formula: N = 2 ** (c + 11), r = 2 ** c, and p = r. While using a full byte may seem excessive, the available space can be utilized for other purposes. For example, by using five bits, different parameter combinations can be achieved. When c = 0, the parameters would be (1024, 1, 1), which is the same as scrypt mining but requires twice the dkLength. With c = 3, the current specifications of (16384, 8, 8) are maintained. At the highest difficulty level, c = 31, the parameters become (2199023255552, 2147483648, 2147483648), which would require an immense amount of memory per hash.However, one major concern is ensuring backwards compatibility. The author suggests keeping the 6P the same, as it already requires an additional passphrase. To indicate that the address is adaptive, one of the reserved bits could be used. Nevertheless, this would result in a change in the decoded length of the address, potentially causing issues if bounds checks are not implemented. Alternatively, "6A" or "6p" could be used to denote an adaptive address, but the author is hesitant to introduce unnecessary variations in the namespace for a minor adjustment.In conclusion, Richard Moore's proposal to include an extra byte in BIP38 wallets aims to enhance their security against potential hacking attacks. By encoding the parameters used in the address, important master keys can be better protected. However, ensuring backwards compatibility and addressing changes in the decoded length of the address remain key considerations in implementing this proposal.
Updated on: 2023-08-01T09:29:40.501110+00:00