[messaging] Peerio

zaki at manian.org zaki at manian.org
Wed Jan 14 15:17:28 PST 2015

Minilock salts the passphrase with your email address or phone number. Runs
the combo through 18? rounds of scrypt and then seeds a key. I think there
is a sha256 at the end of scrypt rounds.

Nadim has very well defined goals for client portability in the minilock
project that are not compatible with the client side state that would be
necessary for Forward Secrecy or a stronger salt.

On Wed, Jan 14, 2015 at 3:02 PM, Mike Hearn <mike at plan99.net> wrote:

> My big question (sorry Nadim, if this has been addressed before as part of
> the MiniLock discussions) is what stops passphrases being brute forced. It
> seems from the spec that the passphrase == private key and public key is
> then derived from that, in the usual ECC manner.
> The Bitcoin community has learned the hard way that there are no secure
> passphrases. Example:
> https://www.reddit.com/r/Bitcoin/comments/1ptuf3/brain_wallet_disaster/
> Just lost 4 BTC out of a hacked brain wallet. The pass phrase was a line
> from an obscure poem in *Afrikaans*. Somebody out there has a *really* comprehensive
> dictionary attack program running.
> Fuck. I thought I had my big-boy pants on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150114/b05a33c4/attachment.html>

More information about the Messaging mailing list