Author: Thy Shizzle 2015-03-12 05:58:12
Published on: 2015-03-12T05:58:12+00:00
The context discusses the effectiveness of PBKDF2 in securing wallet seeds. The purpose of PBKDF2 is to slow down anyone attempting to attack through an interface such as a web service or a TREZOR, but in a real-world brute force attack, an attacker would not even be performing PBKDF2 and would just brute force the raw bytes and force them into the BIP32 wallet. This means that PBKDF2 doesn't really add any security to the seed in a brute force attack. The 2048 iteration count is sufficient for its purpose because even if it only forces an extra 1ms per seed generation through the API, it is still slower than just brute forcing the 64 bytes straight up, and so they would have no reason to abuse your API. However, the fact that you can't derive the seed phrase from the wallet seed, and that the password key stretching is weak, feels like a compromise to work on current generation low power embedded devices when the next generation will be more than capable. Aaron Voisine, co-founder and CEO of breadwallet.com, shared his thoughts on the matter.
Updated on: 2023-06-09T18:11:45.968038+00:00