Bitcoin Forum
November 12, 2024, 10:29:36 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Do electrum wallets actually have 148 bits of security?  (Read 1060 times)
jonald_fyookball (OP)
Legendary
*
Offline Offline

Activity: 1302
Merit: 1008


Core dev leaves me neg feedback #abuse #political


View Profile
July 15, 2014, 05:02:53 AM
 #1

The seed has 128 bits of entropy, so that's a 128 bit
of security against a collision.

But against a brute-force attack, the 100,000 round
hashing key-stretch gives additional security.   But,
what I just realized is that every address in the wallet
needs to run through that algorithm.  So, if an attack
wants to check, say 5 receive addresses and 5
change addresses, that's a million rounds of hashing,
or roughly 20 bits.  (and still doesn't guarantee they
will find all the addresses of a wallet). 

So you add 20 bits on top of the 128 bits, and
you're really talking about 148 bits of security
against brute force attacks against the seed.


Abdussamad
Legendary
*
Offline Offline

Activity: 3682
Merit: 1580



View Profile
July 15, 2014, 06:39:44 AM
 #2

You only need to compute the stretched seed and master private key once. Then you can create address specific private keys at will.
jonald_fyookball (OP)
Legendary
*
Offline Offline

Activity: 1302
Merit: 1008


Core dev leaves me neg feedback #abuse #political


View Profile
July 16, 2014, 03:21:47 AM
 #3

You only need to compute the stretched seed and master private key once. Then you can create address specific private keys at will.

i guess so, although doesn't appear to be the way electrum does it.
You still need to run ECDSA code though, which could still slow
things down to give similar result.

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!