1675 sats \ 5 replies \ @deletedd 27 Dec 2023 freebie \ on: How safe is Sparrow's wallet encryption? bitcoin
deleted by author
Thanks. From what I understand, this is not what is used to encrypt the wallet, but rather the hashing algorithm used on the wallet password. It's definitely an important part of the security scheme, but it's not exactly what I'm looking for.
In any case, thanks for sharing.
reply
From what I understand, this is not what is used to encrypt the wallet, but rather the hashing algorithm used on the wallet password.
That's a very good find by @radentor but you're right, the quoted docs don't mention how the derived key is used to encrypt the wallet afaict.
Btw, I wouldn't call Argon2 a hashing algorithm (at least in this context here) even though it can be seen as one. All key derivation functions (KDFs) are very similar to hashing algorithms since they try to output something very random in a deterministic way - like hashing algorithms do. Afaik, KDFs only additionally guarantee certain properties, unlike hashing algorithms. A hashing algorithm does not have to be as secure as a KDF.
So basically, Sparrow uses Argon2 to derive a key from your password. And this key is used to encrypt the wallet. However, as you mentioned, the quoted docs don't mention which algorithm is used for encryption, that's right.
See this and this question on StackExchange for more info regarding KDFs vs hashing algorithms.
reply
reply
deleted by author
Strong Encryption Many wallets use relatively weak password hashing in order to support a wide range of devices, such as PBKDF2 or similar. Sparrow is desktop focussed and uses a configuration of Argon2 (winner of the Password Hashing Competition in 2015) configured to take at least 500ms on modern hardware to derive the key from your password in order to unlock your wallet. Even if it only contains public keys, that data is still worth protecting properly.
reply