summaryrefslogtreecommitdiff
path: root/ea/fbeb52fe10f435dbcdf28948b5b25a941dd946
blob: 1fbdccba57d89eb76bb0fa2d16797113b6790cdc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
Return-Path: <pete@petertodd.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id AC61AEFD
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Fri, 12 Jan 2018 09:51:05 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from outmail148110.authsmtp.com (outmail148110.authsmtp.com
	[62.13.148.110])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 03222124
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Fri, 12 Jan 2018 09:51:04 +0000 (UTC)
Received: from mail-c245.authsmtp.com (mail-c245.authsmtp.com [62.13.128.245])
	by punt20.authsmtp.com. (8.15.2/8.15.2) with ESMTP id w0C9p2uH037981;
	Fri, 12 Jan 2018 09:51:02 GMT (envelope-from pete@petertodd.org)
Received: from petertodd.org (ec2-52-5-185-120.compute-1.amazonaws.com
	[52.5.185.120]) (authenticated bits=0)
	by mail.authsmtp.com (8.15.2/8.15.2) with ESMTPSA id w0C9oxfK063267
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); 
	Fri, 12 Jan 2018 09:51:01 GMT (envelope-from pete@petertodd.org)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by petertodd.org (Postfix) with ESMTPSA id 792A140089;
	Fri, 12 Jan 2018 09:50:59 +0000 (UTC)
Received: by localhost (Postfix, from userid 1000)
	id DADE820734; Fri, 12 Jan 2018 04:50:58 -0500 (EST)
Date: Fri, 12 Jan 2018 04:50:58 -0500
From: Peter Todd <pete@petertodd.org>
To: Perry Gibson <perry@gibsonic.org>
Message-ID: <20180112095058.GA9175@savin.petertodd.org>
References: <CAAS2fgR-or=zksQ929Muvgr=sgzNSugGp669ZWYC6YkvEG=H5w@mail.gmail.com>
	<ae570ccf-3a2c-a11c-57fa-6dad78cfb1a5@satoshilabs.com>
	<CAAS2fgRQvpa8VXE8YAYSfugDvCu=1+5ANsGk1V_OXtHPGD=Ltw@mail.gmail.com>
	<vJsDz9YdeNQQ_PZRf5HP1W0FmcWyKHIuwN9QeNgN-WXCdQcRmXLtkQ3wfTO7YUCgG6AFgOkKeU6fdsGTKkGcnk-_OOY_jyNlfWkFQ31d2ZU=@protonmail.com>
	<20180109011335.GA22039@savin.petertodd.org>
	<274aad5c-4573-2fdd-f8b0-c6c2d662ab7c@gibsonic.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="y0ulUmNC+osPPQO6"
Content-Disposition: inline
In-Reply-To: <274aad5c-4573-2fdd-f8b0-c6c2d662ab7c@gibsonic.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Server-Quench: 18e22ca6-f77e-11e7-9f3b-9cb654bb2504
X-AuthReport-Spam: If SPAM / abuse - report it at:
	http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
	aQdMdwAUElQaAgsB Am4bW11eVVx7WWI7 bghPaBtcak9QXgdq
	T0pMXVMcUwUbCENJ UGUeVBpwcQIIeX9z ZEYsX3gOXkYpJEBg
	FElTQHAHZDJndWlJ UxJFflAGdgZOLE1H b1B7GhFYa3VsNCMk
	FAgyOXU9MCtqYB9c XgYWLVMWSEwQViUx TAoPAX00HUQfSil7
	NwYnNFcAEQ4SP1R6 KlAhVFcVWwCB
X-Authentic-SMTP: 61633532353630.1039:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 52.5.185.120/25
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
	anti-virus system.
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
	autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Satoshilabs secret shared private key scheme
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jan 2018 09:51:05 -0000


--y0ulUmNC+osPPQO6
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jan 09, 2018 at 12:43:48PM +0000, Perry Gibson wrote:
> >Trezor's "plausible deniability" scheme could very well result in you go=
ing to
> >jail for lying to border security, because it's so easy for them to simp=
ly
> >brute force alternate passwords based on your seeds. With that, they hav=
e proof
> >that you lied to customs, a serious offense.
> The passphrase scheme as I understand it allows a maximum of 50 characters
> to be used.=C2=A0 Surely even with the HD seed, that search space is too =
large to
> brute force.=C2=A0 Or is there a weakness in the scheme I haven't clocked?

While passphrases *can* be long, most user's aren't going to understand the
risk. For example, Trezors blog(1) doesn't make it clear that the passphras=
es
could be bruteforced and used as evidence against you, and even suggests the
contrary:

    Since the passphrase is never saved on the device, this means that ther=
e is no
    wrong passphrase. The device does not know which one you have chosen, a=
nd
    therefore all of them are correct! Given the same seed, for each and ev=
ery
    letter combination used as a passphrase, a different wallet will be gen=
erated.

and:

    Since there is no way to prove that there is any wallet beyond the ones
    that you have admitted to, the =E2=80=9Cattacker=E2=80=9D will have to =
be satisfied with
    the revealed ones.


Also note how this blog doesn't mention anti-forensics: the wallet software
itself may leave traces of the other wallets on the computer. Have they rea=
lly
audited it sufficiently to be sure this isn't the case?

1) https://blog.trezor.io/hide-your-trezor-wallets-with-multiple-passphrase=
s-f2e0834026eb

--=20
https://petertodd.org 'peter'[:-1]@petertodd.org

--y0ulUmNC+osPPQO6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQEcBAEBCAAGBQJaWIT/AAoJECSBQD2l8JH7KnsH/2+UTkEG7AahZoKToyvWWnOj
W1QzjP5nINYy86qTaqB51llkqr8eR0W6/SWiwU0aE8cHSc2t7k0N4H4gJd1JaTQ0
0KqgEJO4dtujeW8ITpOMVYTBu/UO6KSDAMcWFwRB+7Gl9HpM0uDkhTKlzsqn2chm
qb/IK3cBc14qM8F7MYhiSjpByrqgkqVtjOrZ4KgfmYgWqWsCuk5Ke85N5A525GKb
vtCEuMtg3R9hnPzgCLRfuQr0XB1YzJ2VQPPh4sTqxiLaXhQ6RZBtDJ9FHU3sQfce
67CvU44w6NyZk47iMZVFVD4oZutf3bDOnHdMAFpcjEblVfMfLQPNZBIfizNPRPM=
=bJV/
-----END PGP SIGNATURE-----

--y0ulUmNC+osPPQO6--