Jonas Schnelli via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> schrieb am Di., 26. Juli 2016 um 22:10 Uhr:
Side-note: Bip39 does still use PBKDF2 with 2048 iterations which I
personally consider "not enough" to protect a serious amount of funds.


But what are the alternatives?  Put an expensive processor and a decent amount of memory in every hardware wallet to support scrypt?  Use a million iterations and just wait 10 minutes after entering you passphrase?  Or compute the secret key on your online computer instead?

Also, how many iterations are secure?  A million?  Then just add two random lower-case letters to the end of your passphrase and you have a better protection with 2048 iterations. If you want to be able to use your passphrase with cheap hardware and be protected against a high-end computer with multiple GPUs that is almost a mllion times faster, then you have to choose a good passphrase.  Or just make sure nobody steals your seed; it is not a brainwallet that is only protected by the passphrase after all.

Regards,
  Jochen