summaryrefslogtreecommitdiff
path: root/e0/e6f0ea29affca4023ac2ffdd99d5ba6ad5056d
blob: d3dfa6c57001488f6eae198b8e61abde3f5d2628 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
Return-Path: <pete@petertodd.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id EFA31E7E
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue,  9 Jan 2018 00:37:31 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from outmail149101.authsmtp.com (outmail149101.authsmtp.com
	[62.13.149.101])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 5E970A3
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue,  9 Jan 2018 00:37:31 +0000 (UTC)
Received: from mail-c245.authsmtp.com (mail-c245.authsmtp.com [62.13.128.245])
	by punt22.authsmtp.com. (8.15.2/8.15.2) with ESMTP id w090bSKH084547;
	Tue, 9 Jan 2018 00:37:28 GMT (envelope-from pete@petertodd.org)
Received: from petertodd.org (ec2-52-5-185-120.compute-1.amazonaws.com
	[52.5.185.120]) (authenticated bits=0)
	by mail.authsmtp.com (8.15.2/8.15.2) with ESMTPSA id w090bRPq006714
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); 
	Tue, 9 Jan 2018 00:37:28 GMT (envelope-from pete@petertodd.org)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by petertodd.org (Postfix) with ESMTPSA id C2AA140110;
	Tue,  9 Jan 2018 00:37:26 +0000 (UTC)
Received: by localhost (Postfix, from userid 1000)
	id C8315208A8; Mon,  8 Jan 2018 19:37:25 -0500 (EST)
Date: Mon, 8 Jan 2018 19:37:25 -0500
From: Peter Todd <pete@petertodd.org>
To: Ben Kloester <benkloester@gmail.com>
Message-ID: <20180109003725.GA21800@savin.petertodd.org>
References: <CAAS2fgR-or=zksQ929Muvgr=sgzNSugGp669ZWYC6YkvEG=H5w@mail.gmail.com>
	<ae570ccf-3a2c-a11c-57fa-6dad78cfb1a5@satoshilabs.com>
	<20180108124506.GA13858@savin.petertodd.org>
	<5c229def-760a-69eb-e646-bd3c77482b00@satoshilabs.com>
	<20180108193714.GA15359@savin.petertodd.org>
	<CANgJ=T-CNrzLCtS2PdjCXNq+6LzQ=aM9_Fxw-yF5t3vARXwcuQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="+QahgC5+KEYLbs62"
Content-Disposition: inline
In-Reply-To: <CANgJ=T-CNrzLCtS2PdjCXNq+6LzQ=aM9_Fxw-yF5t3vARXwcuQ@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Server-Quench: 4548eb0c-f4d5-11e7-9f3b-9cb654bb2504
X-AuthReport-Spam: If SPAM / abuse - report it at:
	http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
	aQdMdgsUElQaAgsB Am4bW1ReU1p7W2s7 bghPaBtcak9QXgdq
	T0pMXVMcUwVhAU5j Zl8eUh91dgEIcXdx YAhmW3RTCRZ6Jlsr
	RhpRCGwHMGB9YTYc Al1RJFFSdQcYLB1A alQxNiYHcQ5VPz4z
	GA41ejw8IwAXEy1J RRoNLFYbS11DBTM3 XR0eVS4vFFcIS20r
	NR04I0IRVEUcIw0p OlssXF9w
X-Authentic-SMTP: 61633532353630.1039:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 52.5.185.120/25
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
	anti-virus system.
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
	autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Satoshilabs secret shared private key scheme
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jan 2018 00:37:32 -0000


--+QahgC5+KEYLbs62
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jan 09, 2018 at 09:26:17AM +1100, Ben Kloester wrote:
> > This sounds very dangerous. As Gregory Maxwell pointed out, the key
> derivation
> > function is weak enough that passphrases could be easily brute forced
>=20
> So you are essentially imagining that a perpetrator will combine the
> crypto-nerd fantasy (brute forcing the passphrase) *with* the 5-dollar
> wrench attack, merging both panes of Randall Munroe's comic? Seems
> vanishingly unlikely to me - attackers are generally either the wrench
> type, or the crypto-nerd type.

We're talking about seeds here, not hardware wallets.

For a hardware wallet theft scenario, if you're worried about muggers you c=
an
make the hardware have secret accounts with different seeds, *without* risk=
ing
user funds getting lost - a much more likely scenario - due to mistyped
passwords.

In any case, even if you were to do this type of design, a much better idea=
 is
to use a checksum by default to reject invalid passwords, while having an
advanced-use-only option to override that checksum. The virtual file encryp=
tion
filesystem encfs does exactly this with its --anykey flag. This allows adva=
nced
users to do their thing, while protecting the majority of users for whome t=
his
feature is dangerous.

--=20
https://petertodd.org 'peter'[:-1]@petertodd.org

--+QahgC5+KEYLbs62
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQEcBAEBCAAGBQJaVA7CAAoJECSBQD2l8JH7QvYH/27q6znMSZCnR7HlHrOMSLTk
cR42uFegAWISOSXtIxZdInmQ+vz/okKzkcJ9DlaVVwxUDKcxlGu5810tgTP8YSag
Q0ggzPHIv/VRP3+fXZiu1D+beUkmUXLtslnjqII4hON3Vrt0HB5LIgqK6atGjwtq
DMa2C8l4J5Z5dh3ve5gzA9PElCfIkv+AJnJUipAlCMzjRG8JEF6uKxAUk97NYp0I
xRkK/X21WNbdSttVk0ADspzR6iBp1jI2ojaSmoMYDBt0pDbeuy9sowHzkqelRjTJ
acYK5fJbXBiTL6erzhsesAQ/D10a/XibzySj95IkT54adesDNm+lm13tlQLH0GQ=
=mnaQ
-----END PGP SIGNATURE-----

--+QahgC5+KEYLbs62--