The spec has been updated a bit.

Even if the bulk of the key-stretching work has been outsourced to another
device, and that device is compromised, the passphrase is now protected by
minimum 8192 rounds of salted PBKDF2-HMAC-SHA512.

The idea is that more powerful devices (mobile phones, laptops, etc.) can
do all the key-stretching on their own, whereas weaker devices with access
to another device with more computing power (like Trezors) do a fair amount
of key-stretching on their own, but can safely export the rest of the
key-stretching to the other device.

Will

On Tue, Mar 11, 2014 at 10:17 PM, Jean-Paul Kogelman <
jeanpaulkogelman@me.com> wrote:

> Hi everyone,
>
> We've been hard at work updating the spec to include features that were
> requested. We've removed the Scrypt dependency that was present in the
> initial drafts, added new KDFs, added plausible deniability and have a
> reference implementation.
>
>
> Kind regards,
>
>
> Jean-Paul Kogelman
>