[Suggestion] PBKDF2 iterations

[Macha-orange]

Hello,

In this project we have PBKDF2 iterations equals to 2048.

First of all, do we need to increase them ?

For PBKDF2, the cost factor is an iteration count: the more times the PBKDF2 function is iterated, the longer it takes to compute the password hash. Therefore, the iteration count SHOULD be as large as verification server performance will allow, typically at least 10,000 iterations. (https://pages.nist.gov/800-63-3/sp800-63b.html#sec5)

Secondly, will it be a good security practice to add a DropDown selector on HTML file so you can choose between 2048, 4096, 8192, 16394... iterations ?

[iancoleman]

I've considered this in the past and would like to add it, but it makes those mnemonics not work with any other bip39 implementation so it's not really a good option to have. If nerds want to do this and limit themselves to only using this tool, they can modify the parameter in the source code.

Do you know of any other bip39 implementation that allows custom pbkdf2 rounds?

2048 rounds has been contentious - eg from this mailing list email: "Side-note: Bip39 does still use PBKDF2 with 2048 iterations which I personally consider "not enough" to protect a serious amount of funds."

[Macha-orange]

A lot of wallet use 2048 PBFDF2 rounds but I don't know any of them that allow you to customize it... But 2048 rounds is quite weak nowadays !

I'm using your project to get private keys when wallet don't support BIP39 so I'm interested into changing rounds. I plan to add this feature (in "advanced entropy" settings) on a forked repo.

The only thing that worry me is "Is it good practice?" because you have to remember another parameter. But if you don't lose your passphrase you can still "mine" into big PBKFD2 iterations to search for all address and check them manually...

[Macha-orange]

Done ! https://github.com/iancoleman/bip39/pull/510

[iancoleman]

Closed by #510, thanks.