pull down to refresh

Interesting question. We knew that Sparrow used Argon2 (and that it's OWASP recommended) but beyond that it's an interesting thing to verify.
We've reached out to @SparrowWallet on Twitter to see if they can come on in here and help clear things up 🙂
FWIW, we wouldn't ever consider giving Sparrow (or any other software based wallet) access to your Private Keys. Instead they should be stored on a well vetted Hardware Wallet if we're talking about any amount of funds you don't want to lose. That way even if an attacker breaks your password, all they'll get is the wallet file. They'll be able to see your coins... but not spend / steal them.