📅 Original date posted:2018-01-08
📝 Original message:> This sounds very dangerous. As Gregory Maxwell pointed out, the key
derivation
> function is weak enough that passphrases could be easily brute forced
So you are essentially imagining that a perpetrator will combine the
crypto-nerd fantasy (brute forcing the passphrase) *with* the 5-dollar
wrench attack, merging both panes of Randall Munroe's comic? Seems
vanishingly unlikely to me - attackers are generally either the wrench
type, or the crypto-nerd type.
This thread started by you asking Pavol to give an example of a real-life
scenario in which this functionality would be used, and your rebuttal is a
scenario that is even less likely to occur. "Very dangerous" is a huge
stretch.
When living in Brazil I often carried two (IRL) wallets - one a decoy to
give to muggers, the other with more value stored in it. I heard of plenty
of people getting mugged, but I never heard of anyone who gave a decoy
wallet getting more thoroughly searched and the second wallet found,
despite the relative ease with which a mugger could do this. I'm sure it
has happened, probably many times, but point is there is rarely time for
contemplation in a shakedown, and most perpetrators will take things at
face value and be satisfied with getting something. And searching a
physical person's body is a hell of a lot simpler than cracking a
passphrase.
Moreover, there's no limit to the number of passphrases you can use. If you
were an atttacker, at what point would you stop, satisfied? After the
first, second, third, fourth wallet that you find/they admit to owning?
Going beyond two is already Bond-supervillain level implausible.
*Ben Kloester*
On 9 January 2018 at 06:37, Peter Todd via bitcoin-dev <
bitcoin-dev at lists.linuxfoundation.org> wrote:
> On Mon, Jan 08, 2018 at 02:00:17PM +0100, Pavol Rusnak wrote:
> > On 08/01/18 13:45, Peter Todd wrote:
> > > Can you explain _exactly_ what scenario the "plausible deniability"
> feature
> > > refers to?
> >
> >
> > https://doc.satoshilabs.com/trezor-user/advanced_settings.
> html#multi-passphrase-encryption-hidden-wallets
>
> This sounds very dangerous. As Gregory Maxwell pointed out, the key
> derivation
> function is weak enough that passphrases could be easily brute forced, at
> which
> point the bad guys have cryptographic proof that you tried to lie to them
> and
> cover up funds.
>
>
> What model of human memory are you assuming here? What specifically are you
> assuming is easy to remember, and hard to remember? What psychology
> research
> backs up your assumptions?
>
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180109/4701a311/attachment.html>;
Ben Kloester [ARCHIVE] /
npub1hz…ug52u
2023-06-07 20:09:27
in reply to nevent1q…jqmh
Author Public Key
npub1hzpahez9uhvlsfge4xvu3tkz492dwdwhpznykp455s6fg5x5thpqeug52uPublished at
2023-06-07 20:09:27Event JSON
{
"id": "5899f8e272223fa5b5fb9fd84bceb11e7e5c9866129a42df78772b035fb4fa97",
"pubkey": "b883dbe445e5d9f82519a999c8aec2a954d735d708a64b06b4a4349450d45dc2",
"created_at": 1686161367,
"kind": 1,
"tags": [
[
"e",
"ac3c87f148ca764c85262d935c0d26818cde51a790aa045223a08240c1ff8e91",
"",
"root"
],
[
"e",
"cee4f622023bb1a3bf46870e5a09487ec8443768f3d318f36f508e79ee5a59d3",
"",
"reply"
],
[
"p",
"daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa"
]
],
"content": "📅 Original date posted:2018-01-08\n📝 Original message:\u003e This sounds very dangerous. As Gregory Maxwell pointed out, the key\nderivation\n\u003e function is weak enough that passphrases could be easily brute forced\n\nSo you are essentially imagining that a perpetrator will combine the\ncrypto-nerd fantasy (brute forcing the passphrase) *with* the 5-dollar\nwrench attack, merging both panes of Randall Munroe's comic? Seems\nvanishingly unlikely to me - attackers are generally either the wrench\ntype, or the crypto-nerd type.\n\nThis thread started by you asking Pavol to give an example of a real-life\nscenario in which this functionality would be used, and your rebuttal is a\nscenario that is even less likely to occur. \"Very dangerous\" is a huge\nstretch.\n\nWhen living in Brazil I often carried two (IRL) wallets - one a decoy to\ngive to muggers, the other with more value stored in it. I heard of plenty\nof people getting mugged, but I never heard of anyone who gave a decoy\nwallet getting more thoroughly searched and the second wallet found,\ndespite the relative ease with which a mugger could do this. I'm sure it\nhas happened, probably many times, but point is there is rarely time for\ncontemplation in a shakedown, and most perpetrators will take things at\nface value and be satisfied with getting something. And searching a\nphysical person's body is a hell of a lot simpler than cracking a\npassphrase.\n\nMoreover, there's no limit to the number of passphrases you can use. If you\nwere an atttacker, at what point would you stop, satisfied? After the\nfirst, second, third, fourth wallet that you find/they admit to owning?\nGoing beyond two is already Bond-supervillain level implausible.\n\n*Ben Kloester*\n\nOn 9 January 2018 at 06:37, Peter Todd via bitcoin-dev \u003c\nbitcoin-dev at lists.linuxfoundation.org\u003e wrote:\n\n\u003e On Mon, Jan 08, 2018 at 02:00:17PM +0100, Pavol Rusnak wrote:\n\u003e \u003e On 08/01/18 13:45, Peter Todd wrote:\n\u003e \u003e \u003e Can you explain _exactly_ what scenario the \"plausible deniability\"\n\u003e feature\n\u003e \u003e \u003e refers to?\n\u003e \u003e\n\u003e \u003e\n\u003e \u003e https://doc.satoshilabs.com/trezor-user/advanced_settings.\n\u003e html#multi-passphrase-encryption-hidden-wallets\n\u003e\n\u003e This sounds very dangerous. As Gregory Maxwell pointed out, the key\n\u003e derivation\n\u003e function is weak enough that passphrases could be easily brute forced, at\n\u003e which\n\u003e point the bad guys have cryptographic proof that you tried to lie to them\n\u003e and\n\u003e cover up funds.\n\u003e\n\u003e\n\u003e What model of human memory are you assuming here? What specifically are you\n\u003e assuming is easy to remember, and hard to remember? What psychology\n\u003e research\n\u003e backs up your assumptions?\n\u003e\n\u003e --\n\u003e https://petertodd.org 'peter'[:-1]@petertodd.org\n\u003e\n\u003e _______________________________________________\n\u003e bitcoin-dev mailing list\n\u003e bitcoin-dev at lists.linuxfoundation.org\n\u003e https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev\n\u003e\n\u003e\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180109/4701a311/attachment.html\u003e",
"sig": "d016c659393986c9701244384882f260a316a2adcbb423b0c59ac7d1ba68ed9fe6258753d576490a24df35b4e0e7dd682aeca06b1987d649c67a6f2f24f99bcf"
}