Obfuscation - only to be used by wizards in magic spells, not cryptography

[The Avenger]

I've been reading up on bitcoin wallet security recently and there is no clear winner. It seems to me that there are a whole lot of complex solutions that involve encrypting volumes, memorising long passwords etc. There are many points of failure.

It seems to me that a much simpler method has been overlooked. I see this as a lo-tech solution, that can be widely used by everyone. You only have to memorise 4 or 5 steps to entirely encrypt/decrypt your private key.

You could call it "hiding in plain sight with obfuscation".

Instead of complex software encryption, you can simply take your private key and obscure it with a few personal, easy-to-remember obfuscation rules. Then, simply save the obscured data as a text file, email it to yourself or print it out and you don't have to worry whether anyone steals it or not, as it would be garbage and undecipherable to them.

a).
Take this private key:

5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF

Encrypt:
1. Add/Subtract x to each number (e.g. +5)
0Kb3kLf4zgWQnogidDA21MzPL1TsZZY81hWXMssSzNydYXYB4KF
2. Shift characters along x places (e.g. +7)
YXYB4KF0Kb3kLf4zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
3. Take a memorable name and swop first with last letter and add symbol to the first letter. So if your cat is called fluffy, you could replace every "F" with "y$". You could mix it up by having a personal rule to alternate the symbol with case, so F->y$ and f->y#
YXYB4Ky$0Kb3kLy#4zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd

4. Replace a number with a line break (e.g. 4).
YXYB
Ky$0Kb3kLy#
zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd

5. Transpose lines (e.g. 3 and 2)
YXYB
zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
Ky$0Kb3kLy#


Now you have a totally obscured private key that is IMPOSSIBLE to hack without the hacker knowing your obsfucation steps/rules.

If you memorise the obsfucation steps, you now have a totally secure private key, that you can store in plain sight.

The amount of steps you choose is up to you and you can make up your own rules. Maybe you will add another step where you always replace the 10th character with an "M".  It's up to you.

b).
If you feel you HAVE to write the steps down (try not to!), they need to be obfuscated to.

The above could be coded as
5_7cat4

Save it in a text file, write it on a piece of paper, carve it in a tree.

Then you keep the calculations in a separate place, which could be written as
----
++$#
3trans2
----

Save it in a different text file, write it on a different piece of paper, carve it in a different tree.

I highly suggest you create your own shorthand notation, which will obfuscate further. There are many ways you can do this, but Google translate is your friend here Obviously use words you understand. kurang, מינוס

Decrypt with rules in reverse:
YXYB
zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
Ky$0Kb3kLy#
>
YXYB
Ky$0Kb3kLy#
zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
>
YXYB4Ky$0Kb3kLy#4zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
>
YXYB4KF0Kb3kLf4zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
>
0Kb3kLf4zgWQnogidDA21MzPL1TsZZY81hWXMssSzNydYXYB4KF
>
5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF


The Avenger

[1714951626]

1714951626

[1714951626]

1714951626

[1714951626]

1714951626

[1714951626]

1714951626

[The Avenger]

I suppose the main question about this approach is whether it can be brute forced in some way? Could you take the encrypted data and somehow brute force it backwards to the original unencrypted key? I don't think it could be, but I'd be glad to hear what others have to say.

[markm]

There are too many possibilities.

Many many years ago HP put out a calculator, the HP-25, which was programmable, but had no card-reader type of thing for recording "programs", which were basically up to 25 stored keystrokes.

They had an example pseudorandom number generator that I typed in so many times for playing tabletop roleplaying games that to this day I still remember it: start with a random number less than one (zero point a bunch of digits), add it to pi, raise it to the fifth power, and take the fractional part.

You could probably do that with some chosen number of digits of accuracy yourself with any of a number of arbitrary accuracy calculators such as 'bc'.

But why do exactly that? Why not use root two instead of pi? Or the golden ratio? Or any other famous number easy to look up on the internet? Why the fifth power? Wouldn't the seventh, or thirteenth, or whatever number you would find easy to remember, work just as well?

This does not even use any of the steps involved in the original post so merely bruteforcing using the original post's repertoire of steps ought not stumble upon it...

Plus what number less than one did you even start with? The genesis block hash with a decimal point in front of it? The date in the headline in the genesis block, expressed in seconds since the purported birthtime of some prophet (with a decimal point in front of it) or what? Etc.

And how many digits accuracy, exactly, did you tell your arbitrary accuracy calculator to use? How does that version of it on that architecture "round" or "truncate" extra digits? Etc.

-MarkM-

[The Avenger]

-MarkM, your answer is confusing. This bit I understand and think is the bottom line:

There are too many possibilities.

The rest of your post I don't really understand what you are saying.

[MatthewLM]

The simplest method? Encrypting the wallet is the simplest method. Just type in a password and done.

[DannyHamilton]

It seems to me that there are a whole lot of complex solutions

So you figured another complex solution was a great idea?

- snip -
1. Add/Subtract
- snip -
2. Shift characters
- snip -
3. Take a memorable name
- snip -
swap first with last letter
- snip -
add symbol to the first letter.
- snip -
4. Replace a number
- snip -
5. Transpose lines
- snip -
memorise the obsfucation steps,
- snip -
 you now have a totally secure private key, that you can store in plain sight.
- snip
always replace the 10th character with an "M".
- snip -
The above could be coded as
5_7cat4
- snip -
Save it in a text file, write it on a piece of paper, carve it in a tree.
- snip -
keep the calculations in a separate place, which could be written as
----
++$#
3trans2
----
- snip -
Save it in a different text file, write it on a different piece of paper, carve it in a different tree.
- snip -
create your own shorthand notation
- snip -
Decrypt with rules in reverse:
- snip -

And this is somehow less complex than:

• type password
• remember password

[The Avenger]

And this is somehow less complex than:

• type password
• remember password

So everyone just uses a password to encrypt their wallet. That's it? That's all the security people use to protect their bitcoin? That may be enough if you only have 1 bitcoin, but it falls a bit short of secure if you have 100 or 500BTC.

If a keylogger is installed, your bitcoin are gone. If someone steals your password protected wallet, they can run a brute force attack on it for weeks/months until they crack it. If you haven't used a massive password, your bitcoin will eventually be gone. And if you forget that massive, unwieldy password of letters, numbers and punctuation, your bitcoin are gone.

I'm suggesting an approach that is simple and personal to the person that uses it.

So you figured another complex solution was a great idea?

Memorising "five seven cat four" is not difficult. And as I said, you can write it down if you really want to. All you've got to do is come up with a fairly simple shorthand *you* understand, using names and numbers that have a relevance to *you* (which are fundamentally BAD to use in a traditional password) and *you* have uncrackable wallet security.

[DannyHamilton]

If a keylogger is installed, your bitcoin are gone.

If you are generating your private key on a compromised computer that is connected to the internet, it won't mater what method of obfuscation you use, your bitcoin are gone.

If you are using an uncompromised computer that is not connected to the internet to generate your private key, then why wouldn't you use the exact same computer (at the exact same time) to encrypt it.

If someone steals your password protected wallet, they can run a brute force attack on it for weeks/months until they crack it.

And they can run a brute force attack on your obfuscation for weeks/months until they crack that too.  Since a private key has a specific structure to it, they'll have some substantial hints as to what steps you've taken.  If they have access to your "five seven cat four", they'll have even more to help them along.  You really think that a few character manipulations are more secure against brute force than a reasonable passphrase?

And if you forget that massive, unwieldy password of letters, numbers and punctuation, your bitcoin are gone.

Sure, but that's true if you forget what the acronym means for your obfuscation as well.

I'm suggesting an approach that is simple and personal to the person that uses it.

You are welcome to your opinion in the matter.

Memorising "five seven cat four" is not difficult.

Perhaps.  Perhaps not.  But memorizing what each of those things are supposed to mean to you a few years from now:

Was that a carriage return for the fifth letter of the alphabet, or am I swapping the position of every 5th and seventh character?  Wait, no, I think I was replacing every fifth letter with the letter that occurs 7 places later.  No that's not it.  I think I was using my cat's name for part of it, but I've owned a few cats.  Was it my first cat?  No, I think it was my favorite cat.  Darn it.  If I can memorize a 19 character set of instructions "five seven cat four", why didn't I just memorize a 19 character passphrase instead.  Heck, I could have written it down and stored it somewhere secure (like a safe or safety deposit box).  That way my family would still have access if something should happen to me.

[The Avenger]

And they can run a brute force attack on your obfuscation for weeks/months until they crack that too.

Please prove this statement and then I'll read the rest of the stuff you've written. Thanks

[grue]

Your "password" is now a series of steps to decipher the key, which you'll need to memorize.

bravo

[Meni Rosenfeld]

There's not a lot of entropy in your obfuscation process, so it can be brute-forced.

[The Avenger]

There's not a lot of entropy in your obfuscation process, so it can be brute-forced.

Okay. Can you explain in a few more sentences exactly what this means? I am genuinely interested to know if this system can be broken easily.

Do bear in mind that I'm not saying you have to follow the 5 steps in my example above. You can take any approach that shifts and replaces the characters/numbers, in any order, as many times are you like (within reason).

[knowitnothing]

What you have done: presented an example of a custom cryptographic function. What you are asking others to do: create your own cryptographic function. This is closest to the worst thing to do here.

[Gavin Andresen]

There's not a lot of entropy in your obfuscation process, so it can be brute-forced.

Okay. Can you explain in a few more sentences exactly what this means? I am genuinely interested to know if this system can be broken easily.

We all think we're very clever at coming up with unique ways to obscure our data.

We are wrong.

We tend to think alike, so pretty much any process you can think up is likely very similar to a process somebody else will think up.

In short: humans are really bad at creating randomness (aka entropy). And we're even meta-bad, because we THINK we're good at it.

[The Avenger]

In short: humans are really bad at creating randomness (aka entropy). And we're even meta-bad, because we THINK we're good at it.

lol, okay, fair enough. My thought is that many people are trying to crack passwords, no doubt many people do it for a living. I figured that a custom solution like this would be harder to crack, for the reason that no one would spend there time trying to crack a custom solution. They could never be sure how many people use it, would it be worth their time?

It's more valuable to be able to crack passwords, as they are currently the key to everything we use in modern day society - email, online banking, bitcoin wallets etc.

Obfuscation is a bit different. The idea was also that you *could* use memorable names (like fluffy in my example), which are total no-no's in password selection. You just keep the rules to yourself, which are also a lot easier to remember than strings of random data.

I'll read through the links knowitnothing has provided, as they probably will explain the problems in my logic entropy  

P.S. My approach was also supposed to be user friendly, accessible to non-technical people.

[MatthewLM]

If you are worried about keyloggers, then why not worry about malware which simply steals your bitcoins as soon as you use the software? You will also need to decrypt the keys by a chosen method which would then leave the keys vulnerable.

And Gavin is right, I know that when people are asked to pick a "random" number between 1 and 10, a large number of people will choose 7. Watch these:

http://www.youtube.com/watch?v=SxP30euw3-0
http://www.youtube.com/watch?v=H2lJLXS3AYM

[The Avenger]

Just one more example why I think this is different to passwords and possible a lot more user friendly:

Let's say the pin number for your credit card is 3879. Let's just say you've used the same number for years, you know it and will not forget it.

And your cat is still called fluffy

We all know the password "fluffy3879" is weak.

However, depending on how you use them, these are not such a bad thing in obfuscation.

Let's use this memorable number one time:

Alternate shifting 3 from the end to the start, 8 from start to the end, 7 from the end to the start, 9 from start to the end
5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF
9KF5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB
Lf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF5Kb8k
KF5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9
9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF5Kb8kLf

Now let's use this memorable number a second time:
9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF5Kb8kLf
let's add 3 to each number
2zgWQnogidDA09MzPL9TsZZY69hWXMssSzNydYXYB2KF5Kb1kLf
subtract 8 from each number, add 7, subtract 9

Okay, some of that is a bit redundant. You could have more complex rules. But it remains reversible, if you know the steps you used and you know basic adding and subtracting. You can work it all out on paper if you want.

Then use the fluffy word replacing again (step 3 in my first example). But this time perhaps you also replace the second character with the second last l > f. Or l > f%, L > f"

You know your pin number and your cats name, so it's just a matter of remembering the rules.

At the end you have a really wacky string of letters, numbers and strings. It seems to me if the hacker doesn't get the first step backwards to decrypt, then they won't be able to follow through the rest of the steps. It seems that brute forcing would be as random as generating random private keys and hoping one will give you entry to someone's wallet.

These are just my thoughts and I'm definitely no encryption expert. Indeed everyone might decide to subtract 7 from the numbers in their private key and then consider that secure. But I suppose I'm suggesting if we gave people guidance on how to make at least 4 or 5 steps (the same way we explain how to create a strong password), things get quite hard to reverse without knowing the steps. I was only trying to find out how hard or easy people think this would be, given it was very different to a regular password.

[wtfvanity]

We all think we're very clever at coming up with unique ways to obscure our data.

We are wrong.

We tend to think alike, so pretty much any process you can think up is likely very similar to a process somebody else will think up.

In short: humans are really bad at creating randomness (aka entropy). And we're even meta-bad, because we THINK we're good at it.

Gavin is the man. If you like your super secret ninja password protection method, here is one additional step that you have forgotten that goes right with Obfuscation. Obscurity. Don't tell everyone what you're doing. Of course, that's about as good as Obfuscation, but why not combine them? And not bother everyone else?

[The Avenger]

Gavin is the man. If you like your super secret ninja password protection method, here is one additional step that you have forgotten that goes right with Obfuscation. Obscurity. Don't tell everyone what you're doing. Of course, that's about as good as Obfuscation, but why not combine them? And not bother everyone else?

Gavin is the man, because he's pretty much the only one who replied without being aggressive or condescending. Why does it "bother" you I asked a question on the forum? That just seems weird on a forum for "discussing" bitcoin related matters.

[behindtext]

Gavin is the man. If you like your super secret ninja password protection method, here is one additional step that you have forgotten that goes right with Obfuscation. Obscurity. Don't tell everyone what you're doing. Of course, that's about as good as Obfuscation, but why not combine them? And not bother everyone else?

Gavin is the man, because he's pretty much the only one who replied without being aggressive or condescending. Why does it "bother" you I asked a question on the forum? That just seems weird on a forum for "discussing" bitcoin related matters.

gavin does an excellent job of not being rude to people.

i, however, am not as buddha-like. your suggestion to use some obfuscated process to 'protect' your wallet is a classic example of 'security through obscurity'. it is vulnerable to the same threat model as any other method of protecting your wallet short of carefully-implemented multifactor auth:

your machine gets compromised because you clicked on some poisoned link, ran a trojaned executable, etc, and then a keylogger sits on your computer, silently recording all your keystrokes. when you enter your super-obscurely-generated and stored password, it is keylogged just like any other password and your coins are gone.

to suggest that this is in any way better than a normal password, especially from an entropy standpoint, is downright misleading.