> ENCRYPTION_KEY = SHA256(SHA256(TOKEN))This scheme might be vulnerable to rainbow table attack.
The following scheme might be more secure:DESCRIPTION = ASCII description provided by userNONCE = 256-bit random numberENCRYPTION_KEY = hmac-sha256(key=NONCE, msg=DESCRIPTION)Coordinator distributes DESCRIPTION (fka TOKEN) together with NONCE to the signers.
Also, is there any reason why you'd want to disable encryption? Why not keep that as mandatory?
On Tue, 9 Feb 2021 at 12:39, Hugo Nguyen via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:_______________________________________________On Tue, Feb 9, 2021 at 2:19 AM Christopher Allen <ChristopherA@lifewithalacrity.com> wrote:On Tue, Feb 9, 2021 at 2:06 AM Hugo Nguyen <hugo@nunchuk.io> wrote:
I don't think reusing XPUBs inside different multisig wallets is a good idea... For starters, loss of privacy in one wallet will immediately affect privacy of other wallets. I think multisig wallets should be completely firewalled from each other. That means one unique XPUB per wallet. This is what we have been doing with the Nunchuk wallet.To be clear, I have stated repeatedly that xpub reuse into multisig is a poor practice. However, finding a trustless solution when a wallet is airgapped with no network, or is stateless like Trezor, is quite hard.The challenge also includes how does an airgapped or stateless wallet know that it is talking to the same process on the other side that that it gave the xpub to in the first place. Without state to allow for a commitment, or at least a TOFU, a cosigner who thought he was part of a 3 of 5 could discover that he instead is in a 2 of 3, or in a script with an OR, as some form of scam.The shared secret approach that I mentioned in the proposal actually can help you here. The TOKEN doubles as a session ID - thereby establishing a common state on both sides.
Best,
Hugo— Christopher Allen
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
--Best Regards / S pozdravom,Pavol "stick" RusnakCTO, SatoshiLabs