Author

Topic: [INFO - DISCUSSION] Mnemonic Code Words (BIP39) (Read 171 times)

newbie
Activity: 1
Merit: 0
Really effective support services. Enjoyable to research and update information sources. Lots of support to approach and understand the profession. Each job has different professional requirements. Participate coreball and continuously learn knowledge.
legendary
Activity: 2268
Merit: 18748
Aren't the 2048 rounds of HMAC-SHA-512 as PBKDF2 there to also make the derivation from the initial seed computationally expensive so that brute-forcing is rendered considerably slower?
It's certainly slower, but it definitely isn't slow and it definitely isn't considerably slower either. PBKDF2 is already pretty weak, and 2048 rounds is nothing. This is why tools like btcrecover can still check tens of thousand possible seed phrase combinations a second (even once you exclude those with an invalid checksum).

If you wanted actual protection against brute-force attacks, then you would need to up the iteration count to the millions or switch to an algorithm which is actually computational expensive. BIP39 survives without these things due to the initial entropy being at least 2128, not because it is difficult to attack.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Aren't the 2048 rounds of HMAC-SHA-512 as PBKDF2 there to also make the derivation from the initial seed computationally expensive so that brute-forcing is rendered considerably slower?

While it makes brute-force slower, BIP 39 only state "The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function."[1].

I don't know much about SHA-512 compared to SHA-256 in terms of computational complexity and expense, though.

Theoretically SHA-512 is computationally more complex. Although depending on the hardware and OS, SHA-512 might run faster[1-2].

[1] https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#from-mnemonic-to-seed
[2] https://crypto.stackexchange.com/a/26340
[3] https://crypto.stackexchange.com/a/52646
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
Aren't the 2048 rounds of HMAC-SHA-512 as PBKDF2 there to also make the derivation from the initial seed computationally expensive so that brute-forcing is rendered considerably slower? I don't know much about SHA-512 compared to SHA-256 in terms of computational complexity and expense, though.
legendary
Activity: 3472
Merit: 10611
In the slide before last it is misleading to call PBKDF2 a "key stretching" function because although it is how PBKDF2 is categorized but key stretching algorithms are used to make a weak key more secure against brute force attacks.
In case of BIP39, the key (ie. the initial entropy) is not weak at all and it doesn't need to be secured. In other words PBKDF2 in this context is only used as a key derivation function not a key stretching function.
legendary
Activity: 3304
Merit: 8633
icarus-cards.eu
@BlackHatCoiner you are absolutely right. i was writing too fast again and already had other thoughts in my head before i wanted to finish the actual sentence/topic
have of course now improved - shame on me Lips sealed
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
and how the wallet converts them into a binary 'seed'
It doesn't convert the mnemonics into a seed. It converts the seed into mnemonic. As you demonstrate in the slides, the computer firstly generates 128 + 4 bits, and converts these to mnemonic phrase.

that is used to create encryption keys that are then used to execute cryptocurrency transactions.
The seed isn't used to create encryption keys, it is used to derive extended keys, which can be used to derive Bitcoin private keys.
legendary
Activity: 3304
Merit: 8633
icarus-cards.eu
bip39 is a design implementation that lays out how cryptocurrency wallets create the set of words (mnemonic codes) that make up a mnemonic set, and how the wallet converts the seed into mnemonic codes that are used to derive extended keys that can be used to derive private bitcoin keys. with these 4 foils i would like to bring you closer to this important topic. there are also numerous threads about it but to continue working on my 'slide threads' i decided to create a new one Grin
i hope that this topic will be well received by you and will appeal to more users

Quote
BIP: 39
  Layer: Applications
  Title: Mnemonic code for generating deterministic keys
  Author: Marek Palatinus <[email protected]>
          Pavol Rusnak <[email protected]>
          Aaron Voisine <[email protected]>
          Sean Bowe <[email protected]>
  Comments-Summary: Unanimously Discourage for implementation
  Comments-URI: https://github.com/bitcoin/bips/wiki/Comments:BIP-0039
  Status: Proposed
  Type: Standards Track
  Created: 2013-09-10
https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki



https://twitter.com/BTCillustrated
Jump to: