2
Using pycoin.
ku <ext_pri_key> -s 1/4/6/2/8/4/2/5.......
How many levels deep into the tree would I need to go (using only single digits) before it would be infeasible for an attacker to find it using a systematic search.
Twenty levels deep I thought would be adequate:
10**20 = 100000000000000000000
I know there are more effictive ways to obscure your address but I'm interested in this particular use case.
Thanks.
20 single-digit levels is around log(10^20)/log(2) = about 66 bits of entropy. That seems way too low to me. – Pieter Wuille – 2016-07-07T08:59:13.033
It probably is given future optimizations. My calculations are based on current hardware and that SHA512 is random enough. – Jimmy Song – 2016-07-07T22:06:18.437
The Bitcoin network as a whole does more than 2^66 hashes per minute. Sure, hashing is not EC operations and the existing hashing hardware can't be used for it. But you're not protecting against a known attacker. You want to be sure nobody currently or in the medium tine future has the ability to crack your keys. Given that operations of this magnitude already happen every minute, you should really look for a much larger safety margin. 2^128 is usually the minimum recommendation these days. – Pieter Wuille – 2016-07-08T01:13:20.217
I agree. And certainly, if the attacker had the entire bitcoin network's worth of equipment, that wouldn't be secure. I did say "more machines mean faster cracking". This wasn't meant to be a future-proof answer, just an estimate based on current hashing rates and a reasonably cost-efficient crack. – Jimmy Song – 2016-07-08T13:31:48.480