Author: William Yager 2014-03-12 20:37:35
Published on: 2014-03-12T20:37:35+00:00
In an email thread discussing key stretching for wallets, William Yager suggests allowing semi-trusted devices to do the heavy lifting, but Pavol Rusnak points out that a compromised computer would remove most of the security offered by key stretching. However, they reach a compromise with the inclusion of PBKDF2-HMAC-SHA512 based KDFs, which are easy to implement even on memory-constrained devices and can still run in reasonable time on slow embedded ARM processors despite aggressive rounds.
Updated on: 2023-06-08T14:45:31.647110+00:00