|
Title: Do electrum wallets actually have 148 bits of security? Post by: jonald_fyookball on July 15, 2014, 05:02:53 AM The seed has 128 bits of entropy, so that's a 128 bit
of security against a collision. But against a brute-force attack, the 100,000 round hashing key-stretch gives additional security. But, what I just realized is that every address in the wallet needs to run through that algorithm. So, if an attack wants to check, say 5 receive addresses and 5 change addresses, that's a million rounds of hashing, or roughly 20 bits. (and still doesn't guarantee they will find all the addresses of a wallet). So you add 20 bits on top of the 128 bits, and you're really talking about 148 bits of security against brute force attacks against the seed. Title: Re: Do electrum wallets actually have 148 bits of security? Post by: Abdussamad on July 15, 2014, 06:39:44 AM You only need to compute the stretched seed and master private key once. Then you can create address specific private keys at will.
Title: Re: Do electrum wallets actually have 148 bits of security? Post by: jonald_fyookball on July 16, 2014, 03:21:47 AM You only need to compute the stretched seed and master private key once. Then you can create address specific private keys at will. i guess so, although doesn't appear to be the way electrum does it. You still need to run ECDSA code though, which could still slow things down to give similar result. |