diff options
author | Wladimir J. van der Laan <laanwj@gmail.com> | 2014-06-26 22:15:48 +0200 |
---|---|---|
committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2014-06-26 22:15:48 +0200 |
commit | b4fe2d5650d9979408eaba2a41441e55c693b6e6 (patch) | |
tree | 707e126aa4de3a10c8596873cade7d41fd8461c6 /bip-0038.mediawiki | |
parent | 27bfe7f28e03f7c1bd22e8501c10bdb7efa72d29 (diff) | |
parent | 989916fa2f08608d9f3c449939f36b90c4a79865 (diff) |
Merge pull request #78 from voisine/patch-1
unicode normalization of password
Diffstat (limited to 'bip-0038.mediawiki')
-rw-r--r-- | bip-0038.mediawiki | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/bip-0038.mediawiki b/bip-0038.mediawiki index 29fe21e..e48a085 100644 --- a/bip-0038.mediawiki +++ b/bip-0038.mediawiki @@ -88,7 +88,7 @@ Encrypting a private key without the EC multiplication offers the advantage that Encryption steps: # Compute the Bitcoin address (ASCII), and take the first four bytes of SHA256(SHA256()) of it. Let's call this "addresshash". # Derive a key from the passphrase using scrypt -#*Parameters: ''passphrase'' is the passphrase itself encoded in UTF-8. salt is ''addresshash'' from the earlier step, n=16384, r=8, p=8, length=64 (n, r, p are provisional and subject to consensus) +#*Parameters: ''passphrase'' is the passphrase itself encoded in UTF-8 and normalized using Unicode Normalization Form C (NFC). salt is ''addresshash'' from the earlier step, n=16384, r=8, p=8, length=64 (n, r, p are provisional and subject to consensus) #*Let's split the resulting 64 bytes in half, and call them ''derivedhalf1'' and ''derivedhalf2''. # Do AES256Encrypt(bitcoinprivkey[0...15] xor derivedhalf1[0...15], derivedhalf2), call the 16-byte result ''encryptedhalf1'' # Do AES256Encrypt(bitcoinprivkey[16...31] xor derivedhalf1[16...31], derivedhalf2), call the 16-byte result ''encryptedhalf2'' @@ -119,7 +119,7 @@ Steps performed by ''owner'' to generate a single intermediate code, if lot and # Encode the lot and sequence numbers as a 4 byte quantity (big-endian): lotnumber * 4096 + sequencenumber. Call these four bytes ''lotsequence''. # Concatenate ''ownersalt'' + ''lotsequence'' and call this ''ownerentropy''. # Derive a key from the passphrase using scrypt -#* Parameters: ''passphrase'' is the passphrase itself encoded in UTF-8. salt is ''ownersalt''. n=16384, r=8, p=8, length=32. +#* Parameters: ''passphrase'' is the passphrase itself encoded in UTF-8 and normalized using Unicode Normalization Form C (NFC). salt is ''ownersalt''. n=16384, r=8, p=8, length=32. #* Call the resulting 32 bytes ''prefactor''. #* Take SHA256(SHA256(''prefactor'' + ''ownerentropy'')) and call this ''passfactor''. The "+" operator is concatenation. # Compute the elliptic curve point G * ''passfactor'', and convert the result to compressed notation (33 bytes). Call this ''passpoint''. Compressed notation is used for this purpose regardless of whether the intent is to create Bitcoin addresses with or without compressed public keys. |