21 sats \ 3 replies \ @pillar OP 27 Dec 2023 \ parent \ on: How safe is Sparrow's wallet encryption? bitcoin
Thanks. From what I understand, this is not what is used to encrypt the wallet, but rather the hashing algorithm used on the wallet password. It's definitely an important part of the security scheme, but it's not exactly what I'm looking for.
In any case, thanks for sharing.
write
preview
789 sats \ 0 replies \ @ek 27 Dec 2023
From what I understand, this is not what is used to encrypt the wallet, but rather the hashing algorithm used on the wallet password.
That's a very good find by @radentor but you're right, the quoted docs don't mention how the derived key is used to encrypt the wallet afaict.
Btw, I wouldn't call Argon2 a hashing algorithm (at least in this context here) even though it can be seen as one. All key derivation functions (KDFs) are very similar to hashing algorithms since they try to output something very random in a deterministic way - like hashing algorithms do. Afaik, KDFs only additionally guarantee certain properties, unlike hashing algorithms. A hashing algorithm does not have to be as secure as a KDF.
So basically, Sparrow uses Argon2 to derive a key from your password. And this key is used to encrypt the wallet. However, as you mentioned, the quoted docs don't mention which algorithm is used for encryption, that's right.
See this and this question on StackExchange for more info regarding KDFs vs hashing algorithms.
reply
1 sat \ 0 replies \ @rijndael 28 Dec 2023
Looks like it uses ECIES: https://github.com/sparrowwallet/sparrow/blob/4feb4a3a79a3bbe69178fbefa38cd530fe963240/src/main/java/com/sparrowwallet/sparrow/io/JsonPersistence.java#L167
reply
0 sats \ 0 replies \ @deletedd 27 Dec 2023
deleted by author
reply