Topic: Safer Brainwallet with Multi-Hash - page 2. (Read 2681 times)
Warpwallet uses 2^18 rounds of scrypt and 2^16 rounds of pbkdf2 (takes a few seconds in the browser). It makes brute forcing very difficult: an 8-character alphanumeric (47.6 bit) password has a 20 BTC bounty on it, expires over two years after it was created, and is still not expected to be cracked (via brute force).
I suggest an option to hash the passphrase multiple times.
This will be barely noticeable for the user but will make bruteforcing much more expensive.
This tiny code, added at brainwallet.org's HTML at line 9086, does the trick:
This will be barely noticeable for the user but will make bruteforcing much more expensive.
This tiny code, added at brainwallet.org's HTML at line 9086, does the trick:
Code:
for (var i = 0; i < 100000; i++) {
key = Crypto.SHA256(key, { asBytes: false });
}Jump to: