From: Jean-Paul Kogelman <jeanpaulkogelman@me•com>
To: Pavol Rusnak <stick@gk2•sk>
Cc: Bitcoin Dev <bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] [RFC] Proposal: Base58 encoded HD Wallet root key with optional encryption
Date: Wed, 12 Mar 2014 21:08:33 +0000 (GMT) [thread overview]
Message-ID: <994afcd1-798d-452a-850c-02b5ce393dd3@me.com> (raw)
In-Reply-To: <5320C27B.8090205@gk2.sk>
[-- Attachment #1: Type: text/plain, Size: 884 bytes --]
On Mar 12, 2014, at 01:24 PM, Pavol Rusnak <stick@gk2•sk> wrote:
On 03/12/2014 09:10 PM, William Yager wrote:
implement this is to allow semi-trusted devices (like desktop PCs) to do
all the "heavy lifting". The way the spec is defined, it is easy to have a
more powerful device do all the tough key stretching work without
significantly compromising the security of the wallet.
By disclosing "preH" to compromised computer (between steps 4 and 5) you
make further steps 5-9 quite less important.
Agreed, this is a valid concern. This could possibly allow a 3rd party to crack the password, but then again, they would not gain access to any key material. So yes, you could expose your password, but your key would still be safe.
If people feel strongly about this vulnerability, we can revisit step 4 and adjust it to make password recovery more expensive.
jp
[-- Attachment #2.1: Type: text/html, Size: 1517 bytes --]
next prev parent reply other threads:[~2014-03-12 21:08 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <op.w0hd2nthyldrnw@laptop-air>
2013-07-19 18:15 ` [Bitcoin-development] [RFC] Proposal: Base58 encoded HD Wallet master seed " Jean-Paul Kogelman
2013-07-22 13:14 ` Mike Hearn
2013-07-22 14:33 ` Jean-Paul Kogelman
2013-07-22 21:37 ` Jean-Paul Kogelman
2013-11-16 2:47 ` Gregory Maxwell
2013-11-16 3:09 ` Jean-Paul Kogelman
2013-12-26 11:48 ` Jean-Paul Kogelman
2014-03-12 3:17 ` [Bitcoin-development] [RFC] Proposal: Base58 encoded HD Wallet root key " Jean-Paul Kogelman
2014-03-12 13:11 ` Pavol Rusnak
2014-03-12 15:45 ` Jean-Paul Kogelman
2014-03-12 15:55 ` Pavol Rusnak
2014-03-12 16:49 ` Gary Rowe
2014-03-12 18:00 ` William Yager
2014-03-12 19:35 ` Jean-Paul Kogelman
2014-03-12 19:41 ` Gary Rowe
2014-03-12 19:26 ` Jean-Paul Kogelman
2014-03-12 19:39 ` Pavol Rusnak
2014-03-12 19:55 ` William Yager
2014-03-12 20:04 ` Pavol Rusnak
2014-03-12 20:10 ` William Yager
2014-03-12 20:24 ` Pavol Rusnak
2014-03-12 20:37 ` William Yager
2014-03-12 20:42 ` Pavol Rusnak
2014-03-12 20:49 ` William Yager
2014-03-12 21:08 ` Jean-Paul Kogelman [this message]
2014-03-12 21:15 ` William Yager
2014-04-22 0:05 William Yager
2014-04-24 19:39 ` William Yager
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=994afcd1-798d-452a-850c-02b5ce393dd3@me.com \
--to=jeanpaulkogelman@me$(echo .)com \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
--cc=stick@gk2$(echo .)sk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox