From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id AC61AEFD for ; Fri, 12 Jan 2018 09:51:05 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from outmail148110.authsmtp.com (outmail148110.authsmtp.com [62.13.148.110]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 03222124 for ; Fri, 12 Jan 2018 09:51:04 +0000 (UTC) Received: from mail-c245.authsmtp.com (mail-c245.authsmtp.com [62.13.128.245]) by punt20.authsmtp.com. (8.15.2/8.15.2) with ESMTP id w0C9p2uH037981; Fri, 12 Jan 2018 09:51:02 GMT (envelope-from pete@petertodd.org) Received: from petertodd.org (ec2-52-5-185-120.compute-1.amazonaws.com [52.5.185.120]) (authenticated bits=0) by mail.authsmtp.com (8.15.2/8.15.2) with ESMTPSA id w0C9oxfK063267 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 12 Jan 2018 09:51:01 GMT (envelope-from pete@petertodd.org) Received: from [127.0.0.1] (localhost [127.0.0.1]) by petertodd.org (Postfix) with ESMTPSA id 792A140089; Fri, 12 Jan 2018 09:50:59 +0000 (UTC) Received: by localhost (Postfix, from userid 1000) id DADE820734; Fri, 12 Jan 2018 04:50:58 -0500 (EST) Date: Fri, 12 Jan 2018 04:50:58 -0500 From: Peter Todd To: Perry Gibson Message-ID: <20180112095058.GA9175@savin.petertodd.org> References: <20180109011335.GA22039@savin.petertodd.org> <274aad5c-4573-2fdd-f8b0-c6c2d662ab7c@gibsonic.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="y0ulUmNC+osPPQO6" Content-Disposition: inline In-Reply-To: <274aad5c-4573-2fdd-f8b0-c6c2d662ab7c@gibsonic.org> User-Agent: Mutt/1.5.23 (2014-03-12) X-Server-Quench: 18e22ca6-f77e-11e7-9f3b-9cb654bb2504 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aQdMdwAUElQaAgsB Am4bW11eVVx7WWI7 bghPaBtcak9QXgdq T0pMXVMcUwUbCENJ UGUeVBpwcQIIeX9z ZEYsX3gOXkYpJEBg FElTQHAHZDJndWlJ UxJFflAGdgZOLE1H b1B7GhFYa3VsNCMk FAgyOXU9MCtqYB9c XgYWLVMWSEwQViUx TAoPAX00HUQfSil7 NwYnNFcAEQ4SP1R6 KlAhVFcVWwCB X-Authentic-SMTP: 61633532353630.1039:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 52.5.185.120/25 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Satoshilabs secret shared private key scheme X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jan 2018 09:51:05 -0000 --y0ulUmNC+osPPQO6 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 09, 2018 at 12:43:48PM +0000, Perry Gibson wrote: > >Trezor's "plausible deniability" scheme could very well result in you go= ing to > >jail for lying to border security, because it's so easy for them to simp= ly > >brute force alternate passwords based on your seeds. With that, they hav= e proof > >that you lied to customs, a serious offense. > The passphrase scheme as I understand it allows a maximum of 50 characters > to be used.=C2=A0 Surely even with the HD seed, that search space is too = large to > brute force.=C2=A0 Or is there a weakness in the scheme I haven't clocked? While passphrases *can* be long, most user's aren't going to understand the risk. For example, Trezors blog(1) doesn't make it clear that the passphras= es could be bruteforced and used as evidence against you, and even suggests the contrary: Since the passphrase is never saved on the device, this means that ther= e is no wrong passphrase. The device does not know which one you have chosen, a= nd therefore all of them are correct! Given the same seed, for each and ev= ery letter combination used as a passphrase, a different wallet will be gen= erated. and: Since there is no way to prove that there is any wallet beyond the ones that you have admitted to, the =E2=80=9Cattacker=E2=80=9D will have to = be satisfied with the revealed ones. Also note how this blog doesn't mention anti-forensics: the wallet software itself may leave traces of the other wallets on the computer. Have they rea= lly audited it sufficiently to be sure this isn't the case? 1) https://blog.trezor.io/hide-your-trezor-wallets-with-multiple-passphrase= s-f2e0834026eb --=20 https://petertodd.org 'peter'[:-1]@petertodd.org --y0ulUmNC+osPPQO6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJaWIT/AAoJECSBQD2l8JH7KnsH/2+UTkEG7AahZoKToyvWWnOj W1QzjP5nINYy86qTaqB51llkqr8eR0W6/SWiwU0aE8cHSc2t7k0N4H4gJd1JaTQ0 0KqgEJO4dtujeW8ITpOMVYTBu/UO6KSDAMcWFwRB+7Gl9HpM0uDkhTKlzsqn2chm qb/IK3cBc14qM8F7MYhiSjpByrqgkqVtjOrZ4KgfmYgWqWsCuk5Ke85N5A525GKb vtCEuMtg3R9hnPzgCLRfuQr0XB1YzJ2VQPPh4sTqxiLaXhQ6RZBtDJ9FHU3sQfce 67CvU44w6NyZk47iMZVFVD4oZutf3bDOnHdMAFpcjEblVfMfLQPNZBIfizNPRPM= =bJV/ -----END PGP SIGNATURE----- --y0ulUmNC+osPPQO6--