On Wed, Mar 12, 2014 at 3:42 PM, Pavol Rusnak <st...@gk2.sk> wrote:
> On 03/12/2014 09:37 PM, William Yager wrote:
> > (that group of people includes me), PBKDF2-HMAC-SHA512 is very easy to
> > implement even on devices that only have a few kB of RAM, and even though
> > our number of rounds is very aggressive (2^16 and 2^21), it will still
> run
> > in reasonable time even on very slow embedded ARM processors.
>
> To give you some numbers: TREZOR (120MHz ARM) does 1024 rounds of
> PBKDF2-HMAC-SHA512 in around 1 second.
>
> So 2^16 is around one minute, 2^21 is around half an hour.
>
>
Precisely. And since the target of this BIP is generally storage wallets
(just like BIP 0038), we figured these were reasonable time scales for
encryption/decryption on slow devices.
Let's say you're implementing a Raspberry Pi based cold wallet printer.
Having the user wait 10 seconds to several minutes is not unreasonable for
a one-time activity, especially when at least this much time is used to
generate entropy, print the wallet, etc.
The same goes for phones. If you're importing a heavily encrypted wallet
into your device, the user won't mind waiting a few seconds or even a few
minutes.
Plus, as an added bonus, the amount of time it will take to encrypt/decrypt
is highly deterministic, so it's easy to add a nice progress bar to a UI.
Will
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
