Re: Seeing output of 40 BTC when i'm trying to send 1 coin
It isn't standard PBKDF2 but it is injecting entropy back into the process. Generally I think it is a good idea to stick with standards but I dont' see anything wrong with the way it was implemented.
Yup that is the whole point. Imagine you have a GPU rig (8 GPUs) which can has 1 billion passwords per second. Using a key derivation function with 100,000 iterations chops that throughput to 100K passwords per second. Another way to look at is say for a given hardware using a single hash per password you could brute force it is 1 minute. It would not take 100,000 minutes (or ~70 days).
Quote
But each of those 2^128 (or 2^160) "operations" would actually be 100,000 rounds of hashing if I understand correctly.
Yup that is the whole point. Imagine you have a GPU rig (8 GPUs) which can has 1 billion passwords per second. Using a key derivation function with 100,000 iterations chops that throughput to 100K passwords per second. Another way to look at is say for a given hardware using a single hash per password you could brute force it is 1 minute. It would not take 100,000 minutes (or ~70 days).
I get it... However, bitcoin already has key stretching. Why stretch again in electrum (unless we are simply trying increase the 12 word seed entropy from 128 bits up to 160)?
edit: actually i dont think it would increase the entropy, just add more stretching, since the seed has less entropy than a 160 bit "normal" priv key
hmmm......
lol