|
Title: SHA256 password hashing? Post by: shogodz89 on May 09, 2014, 11:27:40 PM Someone used this as a counter argument to Bitcoins security on encrypted wallets.
http://forums.udacity.com/questions/6016855/hashing-passwords-using-sha256-is-not-enough-today How does this apply to bitcoin (besides using ASICs for hashing) and does his argument hold any merit? I'm ignorant as to how Bitcoin Core encrypts wallets to prevent unauthorized usage so can someone please enlighten me? Title: Re: SHA256 password hashing? Post by: gmaxwell on May 10, 2014, 01:41:19 AM Bitcoin core wallet encryption uses a salted KDF and 100ms (on your computer) worth of SHA512, with a hard minimum of 25,000 iterations (though on normal computers its well in excess of 100k iterations). There is only so much you can do for a really bad key, but Bitcoin core does the prudent thing and makes very fast searches infeasible.
Title: Re: SHA256 password hashing? Post by: grue on May 10, 2014, 02:22:27 AM the post in question talks about password hashing, as in comparing the entered password to a stored hash for authentication. bitcoin does not work this way. instead, it uses a key stretching function described in gmaxwell's post above to derive the AES decryption key.
Title: Re: SHA256 password hashing? Post by: shogodz89 on May 10, 2014, 01:21:12 PM Thank you for the quick replies. I figured that the wallet encryption process wasn't as simple as hashing the password but I just didn't actually know how it actually worked.
Are there any links or documentation on wallet encryption I can look into? |