Ethers.js: Add to Docs: Why is encryption intentionally slow

What version are you running? What platform? Is it node or a browser?

version： 3.0.25。
run the example On the browser（\ethers.js-masterexamples\wallet\index.html ），it takes 20-30 seconds ；
i also run the followint scripts on phone，it takes several minutes:
var ethers = require('../libs/ethers.min.js'); var Wallet = ethers.Wallet; var utils = ethers.utils; var providers = ethers.providers; Wallet.fromBrainWallet(username, password).then(function (wallet) { console.log("Address: ", wallet.address); var privateKey = wallet.privateKey; var encryptPromise = wallet.encrypt(password, function callback(percent) { }); encryptPromise.then(function (json) { console.log(json) }); });

Oh, both brain wallets and encrypting is intentionally slow.

A brain wallet should take about 5-15 seconds and encrypting should take about 5-15 seconds, so the time you are seeing makes sense.

Generally you will want to store the decrypts private key somewhere safe, such as a Secure Enclave once computed.

The reason for this is to make brute force attacks. If it takes the legitimate owner, who knows the password, 5 seconds to decrypt, it means if you need to guess the 1 million passwords, it will take 5 million seconds. This is how the security is provided, by a system similar to proof of work.

If it only took 10ms to attempt unlocking an account, it could be easily brute force attached in a couple of hours, especially since most people’s passwords are not secure.

Also, brain wallets are going away in version 4, but I will include a code snippet for people who require the backwards compatibility.

thanks a lot

I'm leaving this open as a reminded to myself to add an explanation to the documentation.

Thanks! :)

Added to the documentation. It can probably be expanded to be more clear, but there is something now. :)