Pavol Rusnak [ARCHIVE] on Nostr: 📅 Original date posted:2014-03-12 📝 Original message:On 03/12/2014 09:10 PM, ...
📅 Original date posted:2014-03-12
📝 Original message:On 03/12/2014 09:10 PM, William Yager wrote:
> implement this is to allow semi-trusted devices (like desktop PCs) to do
> all the "heavy lifting". The way the spec is defined, it is easy to have a
> more powerful device do all the tough key stretching work without
> significantly compromising the security of the wallet.
By disclosing "preH" to compromised computer (between steps 4 and 5) you
make further steps 5-9 quite less important.
Too bad you started to work on spec just recently. :-/
--
Best Regards / S pozdravom,
Pavol Rusnak <stick at gk2.sk>
📝 Original message:On 03/12/2014 09:10 PM, William Yager wrote:
> implement this is to allow semi-trusted devices (like desktop PCs) to do
> all the "heavy lifting". The way the spec is defined, it is easy to have a
> more powerful device do all the tough key stretching work without
> significantly compromising the security of the wallet.
By disclosing "preH" to compromised computer (between steps 4 and 5) you
make further steps 5-9 quite less important.
Too bad you started to work on spec just recently. :-/
--
Best Regards / S pozdravom,
Pavol Rusnak <stick at gk2.sk>