# Gavin Andresen
# 2011-06-20 12:35:39
# https://bitcointalk.org/index.php?topic=8728.msg249860#msg249860

RE: making it harder to brute-force: @p{par}

I have a couple of thoughts.  First, if users choose passwords like 'abc123' or 'password' or any of the other top-1,000 passwords it doesn't matter if we're scrypt'ing; they're toast. I'd rather see work on either giving users feedback on how strong or weak their password is rather than adding a tiny-little-bit-more security by scrypting. @p{par}

That said, changing the 'ekey' data so that ONLY the 256-bit private key is encrypted should increase security with very little extra code. Consider what you'd have to do to brute-force: @p{par}

1000 x SHA256(password_text) @p{par}

Now you have a 256-bit number.  Is it the right private key?  To check: @p{brk}
ECC multiply to get candidate public key @p{brk}
RIPEMD160(SHA256(candidate public key)), and check to see if it matches public key. @p{par}

Anybody know how easy it is to GPU parallelize ECC multiplies?  A quick google search gives me the impression that is an area of active research. @p{par}

 @p{brk}
RE: pre-computing wallet keys:  @s{huh}??  wallet private keys are 256-bit random numbers.  Am I misunderstanding you gmaxwell? @p{brk}