Return-Path: <pete@petertodd.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id AA6C7E54
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Mon,  8 Jan 2018 19:37:20 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from outmail149077.authsmtp.com (outmail149077.authsmtp.com
	[62.13.149.77])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id DB669557
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Mon,  8 Jan 2018 19:37:19 +0000 (UTC)
Received: from mail-c247.authsmtp.com (mail-c247.authsmtp.com [62.13.128.247])
	by punt22.authsmtp.com. (8.15.2/8.15.2) with ESMTP id w08JbIdx033444;
	Mon, 8 Jan 2018 19:37:18 GMT (envelope-from pete@petertodd.org)
Received: from petertodd.org (ec2-52-5-185-120.compute-1.amazonaws.com
	[52.5.185.120]) (authenticated bits=0)
	by mail.authsmtp.com (8.15.2/8.15.2) with ESMTPSA id w08JbFJs035767
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); 
	Mon, 8 Jan 2018 19:37:16 GMT (envelope-from pete@petertodd.org)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by petertodd.org (Postfix) with ESMTPSA id 1B3064008C;
	Mon,  8 Jan 2018 19:37:15 +0000 (UTC)
Received: by localhost (Postfix, from userid 1000)
	id 2C603202FC; Mon,  8 Jan 2018 14:37:14 -0500 (EST)
Date: Mon, 8 Jan 2018 14:37:14 -0500
From: Peter Todd <pete@petertodd.org>
To: Pavol Rusnak <stick@satoshilabs.com>
Message-ID: <20180108193714.GA15359@savin.petertodd.org>
References: <CAAS2fgR-or=zksQ929Muvgr=sgzNSugGp669ZWYC6YkvEG=H5w@mail.gmail.com>
	<ae570ccf-3a2c-a11c-57fa-6dad78cfb1a5@satoshilabs.com>
	<20180108124506.GA13858@savin.petertodd.org>
	<5c229def-760a-69eb-e646-bd3c77482b00@satoshilabs.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="WIyZ46R2i8wDzkSu"
Content-Disposition: inline
In-Reply-To: <5c229def-760a-69eb-e646-bd3c77482b00@satoshilabs.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Server-Quench: 55884f2b-f4ab-11e7-8106-0015176ca198
X-AuthReport-Spam: If SPAM / abuse - report it at:
	http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
	aQdMdgoUElQaAgsB Am4bWl1eU1p7WGU7 bghPaBtcak9QXgdq
	T0pMXVMcUwVge053 fF0eURx1cQIIf3d4 YwhnW3hTWBJ4J1sr
	Rh8GCGwHMGB9YGEf Vl1YdwJRcQRMLU5E Y1gxNiYHcQ5VPz4z
	GA41ejw8IwAXEy1J RRoNLFYbS11DBTM3 XR0eVS4vFFcIS20r
	NR04I0IRVEUcIw0p OlssXF9w
X-Authentic-SMTP: 61633532353630.1038:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 52.5.185.120/25
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
	anti-virus system.
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
	autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Satoshilabs secret shared private key scheme
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jan 2018 19:37:20 -0000


--WIyZ46R2i8wDzkSu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Jan 08, 2018 at 02:00:17PM +0100, Pavol Rusnak wrote:
> On 08/01/18 13:45, Peter Todd wrote:
> > Can you explain _exactly_ what scenario the "plausible deniability" fea=
ture
> > refers to?
>=20
>=20
> https://doc.satoshilabs.com/trezor-user/advanced_settings.html#multi-pass=
phrase-encryption-hidden-wallets

This sounds very dangerous. As Gregory Maxwell pointed out, the key derivat=
ion
function is weak enough that passphrases could be easily brute forced, at w=
hich
point the bad guys have cryptographic proof that you tried to lie to them a=
nd
cover up funds.


What model of human memory are you assuming here? What specifically are you
assuming is easy to remember, and hard to remember? What psychology research
backs up your assumptions?

--=20
https://petertodd.org 'peter'[:-1]@petertodd.org

--WIyZ46R2i8wDzkSu
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQEcBAEBCAAGBQJaU8hmAAoJECSBQD2l8JH7swwH/0DaTpaOqIYwcTrb2BxqxqE0
SNdQiPlxJcRuQ54xunYvgh8DDEByOLLTmWorP5WdXDDy8W0rTG3Y0Ohz6pM4LsGv
/DSNl2Ye1BDrrt5H1H8QllcNhUFPC3ezVRK5eMwO5uUZJSRbCLgTuoK1dsC+2fmN
VMrhXcjBCvoMfyGncHsNBxKU5jWA/u91zDcgDrap6N43R1oUj5h5eaHRkZDhRBVb
KAEq8XUjga3IeM4CqS78APwSlfUj77LZI2KCjMBMh5UqLzQLMBychRYUzVG1NJq5
zN0eoprH9Z0C4VP5Jd+oBcDbrCfOK+BewQBJee7th8dOodUNVf64d9nvFHUTfQw=
=6Ut/
-----END PGP SIGNATURE-----

--WIyZ46R2i8wDzkSu--