📅 Original date posted:2018-01-08
📝 Original message:On Tue, Jan 09, 2018 at 09:26:17AM +1100, Ben Kloester wrote:
> > This sounds very dangerous. As Gregory Maxwell pointed out, the key
> derivation
> > function is weak enough that passphrases could be easily brute forced
>
> So you are essentially imagining that a perpetrator will combine the
> crypto-nerd fantasy (brute forcing the passphrase) *with* the 5-dollar
> wrench attack, merging both panes of Randall Munroe's comic? Seems
> vanishingly unlikely to me - attackers are generally either the wrench
> type, or the crypto-nerd type.
We're talking about seeds here, not hardware wallets.
For a hardware wallet theft scenario, if you're worried about muggers you can
make the hardware have secret accounts with different seeds, *without* risking
user funds getting lost - a much more likely scenario - due to mistyped
passwords.
In any case, even if you were to do this type of design, a much better idea is
to use a checksum by default to reject invalid passwords, while having an
advanced-use-only option to override that checksum. The virtual file encryption
filesystem encfs does exactly this with its --anykey flag. This allows advanced
users to do their thing, while protecting the majority of users for whome this
feature is dangerous.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180108/32a295b0/attachment-0001.sig>;
Peter Todd [ARCHIVE] /
npub1m2…a2np2
2023-06-07 18:09:27
in reply to nevent1q…kr23
Author Public Key
npub1m230cem2yh3mtdzkg32qhj73uytgkyg5ylxsu083n3tpjnajxx4qqa2np2Published at
2023-06-07 18:09:27Event JSON
{
"id": "8baf24bc36f2f816baba221729746c7c19b46c2e3a19d88031b21da3650e0a0a",
"pubkey": "daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa",
"created_at": 1686161367,
"kind": 1,
"tags": [
[
"e",
"ac3c87f148ca764c85262d935c0d26818cde51a790aa045223a08240c1ff8e91",
"",
"root"
],
[
"e",
"5899f8e272223fa5b5fb9fd84bceb11e7e5c9866129a42df78772b035fb4fa97",
"",
"reply"
],
[
"p",
"b883dbe445e5d9f82519a999c8aec2a954d735d708a64b06b4a4349450d45dc2"
]
],
"content": "📅 Original date posted:2018-01-08\n📝 Original message:On Tue, Jan 09, 2018 at 09:26:17AM +1100, Ben Kloester wrote:\n\u003e \u003e This sounds very dangerous. As Gregory Maxwell pointed out, the key\n\u003e derivation\n\u003e \u003e function is weak enough that passphrases could be easily brute forced\n\u003e \n\u003e So you are essentially imagining that a perpetrator will combine the\n\u003e crypto-nerd fantasy (brute forcing the passphrase) *with* the 5-dollar\n\u003e wrench attack, merging both panes of Randall Munroe's comic? Seems\n\u003e vanishingly unlikely to me - attackers are generally either the wrench\n\u003e type, or the crypto-nerd type.\n\nWe're talking about seeds here, not hardware wallets.\n\nFor a hardware wallet theft scenario, if you're worried about muggers you can\nmake the hardware have secret accounts with different seeds, *without* risking\nuser funds getting lost - a much more likely scenario - due to mistyped\npasswords.\n\nIn any case, even if you were to do this type of design, a much better idea is\nto use a checksum by default to reject invalid passwords, while having an\nadvanced-use-only option to override that checksum. The virtual file encryption\nfilesystem encfs does exactly this with its --anykey flag. This allows advanced\nusers to do their thing, while protecting the majority of users for whome this\nfeature is dangerous.\n\n-- \nhttps://petertodd.org 'peter'[:-1]@petertodd.org\n-------------- next part --------------\nA non-text attachment was scrubbed...\nName: signature.asc\nType: application/pgp-signature\nSize: 455 bytes\nDesc: Digital signature\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180108/32a295b0/attachment-0001.sig\u003e",
"sig": "275efa9ecf6c9a91c292630f5893c1a09d7f6c217d4cd73ff51d96966e7356ba90a3e9e322515a2921b7f4aa4a5c3299c6dcde53f3f4c015d3774dee45378179"
}