[PeerKeeper security] Switch to Argon2?

As highlighted here (https://www.peercointalk.org/index.php?topic=4583.msg44989#msg44989) PeerKeeper’s base key + password mechanism is more secure than brain wallets.
To generate the BIP32 root key, PeerKeeper currently uses the scrypt hashing function, with the N-factor encoded in the base key so that brute force resistance can be increased at any time.
This brute force resistance assumes that an attacker has your base key and tries to brute force your password. Without the base key there is nothing to brute force but the entire BIP32 root key.

I recently came across the Argon2 password hashing algorithm that has won the “Password Hashing Competition” recently, it has a bit more handles to future proof the algorithm.

Do you guys think it is worth considering switching PeerKeeper to it?


  • It will make current base keys unusable (but AFAIK no-one is currently using PeerKeeper generated keys, and you kan export the private keys easily)
  • It is not yet battle tested like scrypt (and scrypt’s N-factor might be future proof enough)


  • It might be a nice marketing feature
  • More future proof ???

To be clear, PeerKeeper does not store passwords or full password hashes.
It optionally encodes the first byte of the password’s hash in the base key so that the UI can check with 1/256 certainty that a password is matching the base key to prevent users from panicking when finding an empty wallet after entering a faulty password.

(BTW litecoin-scrypt ASICs are of no use to brute force the current implementation as they assume a fixed N-factor)

I’m leaning towards keeping the current implementation.
I’m leaning towards switching to Argon2, see 2 posts down (https://www.peercointalk.org/index.php?topic=4765.msg44994#msg44994)
But I’d like to hear the community’s opinion.

Some useful info:

Any option to do both and create a Toyota / Lexus relationship?

yes, we can do both.

However, there can be only one default (users aren’t bothered with algo and settings).

Currently, the keys are generated with scrypt N=4 which is quite low, but good enough for testing.
Unfortunately high N-factors are quite slow in browser with the scrypt implementation I’m using.
I’ve found a faster one (using asm.js) but that isn’t async and freezes the UI.

Maybe I should just investigate the performance and usability of argon2-browser (https://github.com/antelle/argon2-browser) and base my decision on the results.
It seems to be fast (asm.js) and async, so it might just be the better option.

I say go for it. It can only help with marketing and will probably end up being as secure as any other once they test it sufficiently.