1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <eric@voskuil.org>) id 1YIY3d-0001sF-DZ
for bitcoin-development@lists.sourceforge.net;
Tue, 03 Feb 2015 07:38:01 +0000
X-ACL-Warn:
Received: from mail-pa0-f42.google.com ([209.85.220.42])
by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1YIY3c-0002On-DC
for bitcoin-development@lists.sourceforge.net;
Tue, 03 Feb 2015 07:38:01 +0000
Received: by mail-pa0-f42.google.com with SMTP id bj1so93058392pad.1
for <bitcoin-development@lists.sourceforge.net>;
Mon, 02 Feb 2015 23:37:54 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to
:cc:subject:references:in-reply-to:content-type;
bh=Aw7PChStORaRtALKvf02EsEAJqQ2aqQD70bEPZR4Ll8=;
b=hBMY4zUURq9ARkYHFnJZ6Ee+UlEXO6HMx2IvwupJRXC1RQC3VSp+bB5NzWBYCNnCLT
to52CzwfPqUvvQWB/ePQ4EAxM1iku3B124Oev05zSyPdsVQ1qtZ49mBAgNiQqrTimsny
MyICaPlbgiQgnDmMPY2qXlmVs/fE8msjCJwxPmhWyCO825GbNePPA0nvoF3IZLZMLsaL
y4CmJor4W43eWf1L60fdsDBMalHuFG5FWEk7xomseQiCXJHm11Sldyz6q9inChY9CCk+
T7lcnE4avVa0byprzA73HxoBbFH3nqIdBCQcpj2PJId7ZyAfleHF1IBtWnAqMBxMQvSD
UPxw==
X-Gm-Message-State: ALoCoQkZe/PmE2iji+uQXrDXaXBzRamSO9mL0kTHH45W562B95P33S0Ko5rzawc15dW7LSeGE8GR
X-Received: by 10.66.157.67 with SMTP id wk3mr35727120pab.95.1422949074701;
Mon, 02 Feb 2015 23:37:54 -0800 (PST)
Received: from [10.0.1.3] (c-50-135-46-157.hsd1.wa.comcast.net.
[50.135.46.157])
by mx.google.com with ESMTPSA id se7sm1157591pbc.84.2015.02.02.23.37.53
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Mon, 02 Feb 2015 23:37:53 -0800 (PST)
Message-ID: <54D07ADF.8060809@voskuil.org>
Date: Mon, 02 Feb 2015 23:38:07 -0800
From: Eric Voskuil <eric@voskuil.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Brian Erdelyi <brian.erdelyi@gmail.com>
References: <27395C55-CF59-4E65-83CA-73F903272C5F@gmail.com>
<54CE3816.6020505@bitwatch.co>
<68C03646-02E7-43C6-9B73-E4697F3AA5FD@gmail.com>
<CALkkCJbk0czFj5mdMB6_0+Umw5V-fo-4tdBHgvg92zhyRZWiYQ@mail.gmail.com>
<CANEZrP0QjPm+TTgV9Fh84vt2zLaGp0R2Wt2ZL2ZXYhxzOFPHVA@mail.gmail.com>
<CALkkCJYuM_T=_nfBOCF4S8XhVecUZA0ug==Y_n+qdFpb-F628g@mail.gmail.com>
<CANEZrP1QZqP6wSxcNJt81c4=xXLJsEsPF-CN71NZzwdOFSpB2A@mail.gmail.com>
<57186618-F010-42E6-A757-B617C4001B5B@gmail.com>
<F4C9E954-6A29-4A31-B09B-7F0B62270EF8@voskuil.org>
<4B53C1B0-A677-4460-8A69-C45506424D7F@gmail.com>
In-Reply-To: <4B53C1B0-A677-4460-8A69-C45506424D7F@gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="OePMnpOnUnTbefN7g2jiaeXFFiEBo2gKA"
X-Spam-Score: 0.0 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
X-Headers-End: 1YIY3c-0002On-DC
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Proposal to address Bitcoin malware
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 03 Feb 2015 07:38:01 -0000
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--OePMnpOnUnTbefN7g2jiaeXFFiEBo2gKA
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
On 02/02/2015 11:58 AM, Brian Erdelyi wrote:>
>>Confusing or not, the reliance on multiple signatures as offering
>>greater security than single relies on the independence of multiple
>secrets. If the secrets cannot be shown to retain independence in the
>>envisioned threat scenario (e.g. a user's compromised operating
>>system) then the benefit reduces to making the exploit more difficult
>>to write, which, once written, reduces to no benefit. Yet the user
>>still suffers the reduced utility arising from greater complexity,
>>while being led to believe in a false promise.
>
>Just trying to make sure I understand what you=E2=80=99re saying. Are y=
ou
>eluding to that if two of the three private keys get compromised there
>is no gain in security? Although the likelihood of this occurring is
>lower, it is possible.
No, that's not it. Sorry for not being clear. Independence of control is
the central issue in the analysis of a multiple factor system. If an
attack compromises one factor there must be no way for that attack to
reduce the difficulty of obtaining the other factors.
Some factors (secrets), like a fingerprint, aren't very secret at all.
But getting someone's fingerprint doesn't also help the attacker get a
PIN. That factor must be attacked independently. But if the PIN is
encrypted with the fingerprint in a public store, then the PIN is not
independent of the fingerprint and there is really only one secret.
If multiple factors are coincident (located within the same security
perimeter) they are compromized coincidentally. Coincidence has the same
effect as dependence. Consider a credit card with a "security code"
printed on the back. A successful attack on the leather wallet yields
both secrets.
Individual environments can be compromised with some difficulty (e.g.
desktop malware, fingerprint lift, dictionary attack, brute force PIN,
etc.). For the sake of simplicity, let that chance of successful
independent attack on any factor be 1 in 2 and the resulting probability
of successful concurrent attack on any n factors be 1 in 2^n. If m
factors are dependent/coincident on others the relation becomes 1 in
2^(n-m).
Any multi-factor web wallet that handles the user's keys in the browser
and authenticates the user in the browser to authorize service signing
is effectively single factor. One attack may be launched by an insider,
or externally, against the web app, executing in the browser, gaining
coincident access to two secrets. Browser/desktop malware can accomplish
the same. The difficulty is 1 in 2 vs. the expected 1 in 4.
>As more malware targets bitcoins I think the utility is evident.
>Given how final Bitcoin transactions are, I think it=E2=80=99s worth try=
ing to
>find methods to help verify those transactions (if a user deems it to
>be high-risk enough) before the transaction is completed. The balance
>is trying to devise something that users do not find too burdensome.
I'm not questioning the motive, I agree it's worth trying. But trying is
not succeeding. Increasing user (and/or system) complexity without
increasing integrity or privacy is a poor trade, and worse if the user
is misled.
e
--OePMnpOnUnTbefN7g2jiaeXFFiEBo2gKA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJU0HrfAAoJEDzYwH8LXOFOm7wH/3Le7NkDCCuw740bIdxLQWjg
Vk1eMXJSFaChc1cfpwTNqFJwbU+um5ZZtB6JRQMtrQnP85lwQoy1SQxEsbq/QUj/
AGLFw4sdFlhCQRW6qr8TLdS0KnZoKYUCbFbJ/6Q4Q+6DWpXELm5mUpTYH2l5Dk4o
yVA3sMEZNU8vtTmghM/4c46zm1w3NvMM9XanVS9xFh9/BMkNCvhdq2dbtt/ioXEj
gPM7Jqtv1GPUFbkWiB+0yUmmUKhNlKjh3J9RcPzDa/UXjBJGMqNcEEhnBEjkDNfI
jh4MImTSkux5qrXZ35C8f+aCE0M12BXSXyfWOLlMofChUb2d4pX1Wy8pi30oY64=
=xRqh
-----END PGP SIGNATURE-----
--OePMnpOnUnTbefN7g2jiaeXFFiEBo2gKA--
|