Bruteforce Password Protection

He Guys,

Is there some mechanism in Yoroi/Daedalus to protect agains bruteforce password guessing?

ie if you entered 5 times the wrong spending password then you can’t login for a x amount of time?

Just like many websites have?

This is probably a support question, not sure if I can move it to that topic.

I have to say that I don’t know if Daedalus or Yoroi do have protection like this, but please note that it would require physical access to the machine to do this.

However, if you have already physical access to the machine, you could always attack the wallet file directly - brute-forcing the spending password way more comfortable and with higher performance than through the UI of the wallet. (that is slow and may have protection as you said)


There isn’t really a need for this because attempting to brute force a spending password on Yoroi would basically take you forever. You can find out exactly how Yoroi passwords are used to encrypt your mnemonic here:

1 Like

I think he is referring to the spending password.

Edited my post since I notice now it was confusing. My post refers to the spending password also.

Ok guys thanks for your answer…

Since we might become our own bank with daedalus/Yoroi I thought this might be a security improvement. But I was wrong apparently :slight_smile:

Hi @SebastienGllmt Please can you shed more light on this one? Is it that the encryption and decryption method internally requires many iterations so it’s a slow process and does not allow a high throughput brute force attack or is it something else? Cheers :beers:

Yes, that’s correct

Thanks. Do you know what’s the estimated throughput for some commonly used hardware… Just curious what the roughly estimated ranges are, something like 10-50/s or something like 2-5/s ?