Two tips:
Don't put all your eggs in one basket.
Plausible deniability -- A $5 wrench is too damn cheap.
Hey man, spot on on your last security comments
Can you please point me out something good to read on the plausible deniability topic? Thanks!
Hi, I would point you to
Wikipedia, but I just checked it and it's too general, too long (as if this isn't...), not an easy read.
Plausible deniability, as it applies here, is the ability to plausibly deny ownership of your Bitcoin when required to reveal your stash (legally, or by force).
Case 1 (legally): You cross the border to another country, and, upon inspection, customs find your Trezor in your briefcase, or find a wallet s/w on your phone. They may force you to reveal information about your stash. In fact, there are laws that make it a punishable crime not to reveal your passwords in such cases, and if you don't, you may be arrested and detained. What do you do? Can you just say "guys, it's empty!"? They will say "OK, show us!" How can you circumvent this?
Case 2 (by force): You are a coiner. You tell about your coins to friends and relatives. All in good faith. They are impressed by your newfound wealth. They are so excited that they tell their friends about you and how smart you are. Word spreads. You end up being kidnapped and forced (by torture) to reveal your stash. Can you just say "guys, it's empty!"? I don't think so. How can you circumvent this?
Deniability won't help you in such cases, unless it's paired with plausibility. With Trezor (and Ledger, etc.), in addition to the 24 words that make up your seed, you are allowed to enter another (25th) passphrase (word, sentence, any alphanumeric string). This will result in a wallet (key) that is totally different to the one without the 25th passphrase. In fact, when you connect your Trezor and are asked for the 25th passphrase, you can type anything you want, and it will lead to different valid wallets, depending on what you typed. In this way, you can have (in fact, you
already have) an infinite number of wallets, all of which have your seed in common, but are cryptographically unrelated, in the sense that access to one such wallet is completely isolated from any other wallet.
The central idea that you must understand, is that you
already have all these wallets, whether you want them or not. There is no switch that you can use to enable or disable a wallet. It's already there. Think of this as driving on the highway, and there are infinite number of exits. Your 24-word seed is the highway, and the 25th passphrase determines the exit you want to take. The exits are all there, an infinite number of them, and they all lead to valid wallets. Of course, all these wallets will be empty when you visit them (well, not necessarily, but that's another discussion). The highway itself is also a wallet (no passphrase entered). This is why it's not advisable to use a seed without a 25th passphrase. Because, in this case, if someone finds your seed, he can enter your highway, and if your coins are on that highway, he can steal them from you. But if you use a 25th passphrase, the highway will be empty, and containing an infinite number of exits. Which exit to take? He needs to know the 25th passphrase, which he won't. Your coins are safe.
How is all this related to plausible deniability? You can use the 25th passphrase to
plausibly deny ownership of your coins. You set up your Trezor as normal, writing down and backing up your 24 seed words. What you then do, is transfer a very small amount of Bitcoin (say, 0.1 BTC) to the wallet without a 25th passphrase (the highway). You put that 0.1 BTC there. Then, you reconnect your Trezor, but this time you enter a 25th passphrase, let's call it {normal_pass}. You end up on a different, empty wallet. In there, you transfer a bigger amount of Bitcoin, large enough to persuade someone that it's everything you've got, let's say, 10 BTC. You don't transfer all your stash there, just that 10 BTC. You then reconnect your Trezor, but this time you enter a very strong 25th passphrase, let's call it {really_strong_pass}. You end up on yet another empty wallet. In that wallet you transfer the remaining of your stash, say, 100 BTC.
What have you achieved by doing the above? With just one seed (written on paper and backed up) and 2 passphrases in your head, you have spread your stash in the following three different, cryptographically unrelated wallets (i.e., having access to one of the wallets does not grant access to any of the other wallets, and does not prove that you are using any other wallet):
No passphrase: 0.1 BTC
{normal_pass}: 10 BTC
{really_strong_pass}: 100 BTC
Case 1: "Sir, can you please unlock your wallet for us?" -- "Why?" -- "We want to see how many coins you have." -- "But, isn't this private information?" -- "Yes, but Law XYZ, that was passed after 9/11, to combat terrorist activities, gives us authority to do whatever we want!" -- "Oh, hmmm, I'm not comfortable with this..." You play difficult, you ask to see the law, trying to stall them. After a while, and when the pressure on you becomes too much, you say "OK, I don't like this at all, but here you are." You connect your Trezor to your laptop, and just enter the PIN (no 25th passphrase). You have just entered the "highway" wallet, which contains 0.1 BTC. "There you go, motherfuckers! Fuck you!", you scream! They say, "Sir, I'm afraid we'll have to confiscate your wallet and the coins." -- "Sure," you reply, "take it and stick it up your bum, you fucks!" You hand them your Trezor and they let you pass. When you arrive safely at your destination, you simply enter your seed to any wallet you want (Trezor, Ledger, Mycelium), and you log-in with the two "25th" passphrases, confirming what mathematics have guaranteed for you, which is that your 110 BTC are there, untouched, waiting for you.
Case 2: You are tied to a chair, and a big guy asks you for your Trezor PIN, "or else I'm going to cut your fingers one by one!" You try to resist at first, but quickly reveal the PIN. They see the 0.1 BTC. But they're smart. They know you have more! They begin to torture you, at which point you have to be prepared to take some beating and even lose a finger! You have to resist as much as you can. When you can't take it anymore, and you're screaming and crying like a little girl, all humiliated and seemingly completely wrecked, you reveal {normal_pass} to them. They enter the 25th passphrase and see your shiny 10 BTC in there. "Gotcha!" they shout! They transfer the funds, destroy (or take with them) your Trezor, and leave. The next day, you enter your seed in another wallet, enter {really_strong_pass} and confirm that your 100 BTC are there, untouched, waiting for you.
The above are idealized scenarios. You can be sure that, if you go out and about boasting to colleagues, friends and family that you own 100+ BTC, the thieves will cut your fingers, arms, legs, and even your dick (if you have one), before they get your entire stash! Plausible deniability is a great tool to protect us and our Bitcoin, but we also need to exercise common sense and maximise our opsec. No need to go out boasting about how much Bitcoin we have. A fool and his BTC are soon parted. Don't be a fool.
That's the best way I can describe plausible deniability, while keeping my typing and word count to reasonable levels. I think I can compete with JJG on this one! Anyway, I hope it helps you, Karartma1, or anyone else out there.
Stay safe!
Edit: Corrected some typos.
Great post! Just want to add that it's not uncommon for kidnappers to kill their victims after they find out the passwords as they're afraid you'll be able to identify them and testify against them later.
Poll
