As highlighted here (https://www.peercointalk.org/index.php?topic=4583.msg44989#msg44989) PeerKeeper’s base key + password mechanism is more secure than brain wallets.
To generate the BIP32 root key, PeerKeeper currently uses the scrypt hashing function, with the N-factor encoded in the base key so that brute force resistance can be increased at any time.
This brute force resistance assumes that an attacker has your base key and tries to brute force your password. Without the base key there is nothing to brute force but the entire BIP32 root key.
I recently came across the Argon2 password hashing algorithm that has won the “Password Hashing Competition” recently, it has a bit more handles to future proof the algorithm.
https://password-hashing.net/
Do you guys think it is worth considering switching PeerKeeper to it?
Cons
- It will make current base keys unusable (but AFAIK no-one is currently using PeerKeeper generated keys, and you kan export the private keys easily)
- It is not yet battle tested like scrypt (and scrypt’s N-factor might be future proof enough)
…
Pros
- It might be a nice marketing feature
- More future proof ???
…
To be clear, PeerKeeper does not store passwords or full password hashes.
It optionally encodes the first byte of the password’s hash in the base key so that the UI can check with 1/256 certainty that a password is matching the base key to prevent users from panicking when finding an empty wallet after entering a faulty password.
(BTW litecoin-scrypt ASICs are of no use to brute force the current implementation as they assume a fixed N-factor)