Important notes about how account encryption works

[axic]

I've created a library (called ethereumjs-wallet) for handling Ethereum keys and converting between different formats. It is almost affected by the NIH-syndrome, but it aims to be really small and only address generation & conversion.

While doing so I've added support for MyEtherWallet (ethereumjs-accounts) keys. See the code here: https://github.com/axic/ethereumjs-wallet/blob/master/thirdparty.js#L83-L129

You might not be aware which crypto methods are used (as it is hidden in AESJS), but it is the following:

• uses the horrible OpenSSL EVP KDF
• uses OpenSSL salting
• and then AES-256-CBC

The important bit I want to raise is this line:

// NOTE: yes, they've run it through UTF8
privKey = new Buffer(utf8.decode(privKey.toString()), 'hex')

It is due to .toString(CryptoJS.enc.Utf8);. I think it should have been CryptoJS.enc.Binary to not transform the seed with UTF8.

Just keep in mind changing that could produce different keys :)

cc @SilentCicero @tayvano @kvhnuke

[kvhnuke]

what do you think about AES CTR with random iv? need a fast enough but secure encryption to get the private key encryted

[axic]

@kvhnuke you could even use the standard V3 keystore format with lower scrypt settings (or even PBKDF2 and still be better than EVP). It uses aes-128-ctr as default.

These are two settings proposed by geth:

    // n,r,p = 2^18, 8, 1 uses 256MB memory and approx 1s CPU time on a modern CPU.
    StandardScryptN = 1 << 18
    StandardScryptP = 1

    // n,r,p = 2^12, 8, 6 uses 4MB memory and approx 100ms CPU time on a modern CPU.
    LightScryptN = 1 << 12
    LightScryptP = 6

    scryptR     = 8
    scryptDKLen = 32

You can play around with the toV3() method in ethereumjs-wallet to see the speed.