Why on earth would you want to derive the mnemonic from the wallet seed? Ever?
Remembering that as an attacker doesn't actually have to do any key stretching,
they can just keep trying (what is it 64 bytes from memory?) at a time without
any PBKDF2 to attack a seed, it seems that the PBKDF2 is just to slow down
anyone attempting to attack through an interface such as a web service or to a
TREZOR or whatever, in a real world attack you would not even be performing
PBKDF2 you would just brute force the raw bytes and force them into the BIP32
wallet as there is no Authentication scheme that hashes and compares against
the result. It purely limits abuse through an online wallet provider or
something like that by slowing down seed generation attempts THROUGH that API,
it doesn't really add any security to the seed in a real world brute force
attack! So yea I think the 2048 iteration count is sufficient for it's purpose
because even if it only forces an extra 1ms per seed generation through the
API, it is still slower than just brute forcing the 64 bytes straight up, and
so they would have no reason to abuse your API that is all :)
"meh... the fact that you can't derive the seed phrase from the wallet seed,
and that the password key stretching is so weak as to be ineffectual security
theater bugs me. Feels like a pretty big compromise to work on current
generation low power embedded devices when the next generation will be more
than capable. But I understand the motivation for the compromise.
Aaron Voisine
co-founder and CEO
breadwallet.com"
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
