Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WTxig-0006rd-1j for bitcoin-development@lists.sourceforge.net; Sat, 29 Mar 2014 18:11:02 +0000 X-ACL-Warn: Received: from qmta06.westchester.pa.mail.comcast.net ([76.96.62.56]) by sog-mx-3.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1WTxif-0001vy-6X for bitcoin-development@lists.sourceforge.net; Sat, 29 Mar 2014 18:11:02 +0000 Received: from omta16.westchester.pa.mail.comcast.net ([76.96.62.88]) by qmta06.westchester.pa.mail.comcast.net with comcast id jVwq1n0041uE5Es56WAwBZ; Sat, 29 Mar 2014 18:10:56 +0000 Received: from crushinator.localnet ([IPv6:2601:6:4800:47f:219:d1ff:fe75:dc2f]) by omta16.westchester.pa.mail.comcast.net with comcast id jWAv1n00F4VnV2P3cWAv26; Sat, 29 Mar 2014 18:10:55 +0000 From: Matt Whitlock To: Alan Reiner Date: Sat, 29 Mar 2014 14:10:54 -0400 Message-ID: <1701822.mCYDUGhe8d@crushinator> User-Agent: KMail/4.12.3 (Linux/3.12.13-gentoo; KDE/4.12.3; x86_64; ; ) In-Reply-To: <53370C11.7040109@gmail.com> References: <2135731.4HGHfZWzo5@crushinator> <53370C11.7040109@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Spam-Score: 0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [76.96.62.56 listed in list.dnswl.org] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1WTxif-0001vy-6X Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] Presenting a BIP for Shamir's Secret Sharing of Bitcoin private keys X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Mar 2014 18:11:02 -0000 On Saturday, 29 March 2014, at 2:08 pm, Alan Reiner wrote: > Regardless of how SSSS does it, I believe that obfuscating that > information is bad news from a usability perspective. Undoubtedly, > users will make lots of backups of lots of wallets and think they > remember the M-parameter but don't. They will accidentally mix in some > 3-of-5 fragments with their 2-of-4 not realizing they are incompatible, > or not able to distinguish them. Or they'll distribute too many > thinking the threshold is higher and end up insecure, or possibly not > have enough fragments to restore their wallet thinking the M-value was > lower than it actually was. > > I just don't see the value in adding such complexity for the benefit of > obfuscating information an attacker might be able to figure out anyway > (most backups will be 2-of-N or 3-of-N) and can't act on anyway (because > he doesn't know where the other frags are and they are actually in > safe-deposit boxes) Okay, you've convinced me. However, it looks like the consensus here is that my BIP is unneeded, so I'm not sure it would be worth the effort for me to improve it with your suggestions.