Author: Jean-Paul Kogelman 2014-03-12 21:08:33
Published on: 2014-03-12T21:08:33+00:00
In an email exchange between Pavol Rusnak and William Yager on March 12, 2014, the two discussed the implementation of semi-trusted devices in Bitcoin wallets. The idea behind this implementation is to allow desktop PCs to do all the "heavy lifting" when it comes to key stretching work, without compromising the wallet's security. However, Yager expressed concern about disclosing "preH" to a compromised computer between steps 4 and 5, which could potentially make later steps less important and compromise the password. Rusnak agreed that this was a valid concern, but pointed out that exposing the password would not grant access to any key material. If users are concerned about this vulnerability, step 4 can be revisited and adjusted to make password recovery more expensive.
Updated on: 2023-06-08T14:42:58.414584+00:00