Kouye (OP)
Sr. Member
 Offline
Activity: 336
Merit: 250
Cuddling, censored, unicorn-shaped troll.
|
 |
November 03, 2013, 01:23:40 PM
Last edit: November 03, 2013, 01:49:55 PM by Kouye |
|
After the last seizures of "wallets" from authorities, I have been wondering about how to prevent them from extracting the passphrase through chemicals and/or torture.
I know there are already a nice set of solutions, which include at least:
- Multi-signing
- Hidden cold wallets
- Pre-signed transaction "bombs" that an accomplice can trigger on a "jailed man switch".
But I recently watched the latest BBC Sherlock series (which I found surprisingly good, btw), and in one of the episodes, [Spoiler]Sherlock gets his hands on an encrypted device. Problem is that device can react to 2 keys : one that will unlock and let you access the data, one that will destroy the data. So even if they torture the device owner, he still has the possibility to give out the "self-destruct" key. [/Spoiler]
I liked that idea.
So I understand this is technically impossible to acheive today, because it would require some encrypted code to be executed within the wallet itself, because if in a client (like a walletpassphrase method), they can just design their own without any risk to trigger the self-destruct actions.
I also understand they would probably not be connected to the internet while trying out the passphrase.
Just corrupting the wallet file would obviously not be enough either, as it's just a copy anyway and the real data is out there in the blockchain.
Any idea about that?
|
[OVER] RIDDLES 2nd edition --- this was claimed. Look out for 3rd edition! I won't ever ask for a loan nor offer any escrow service. If I do, please consider my account as hacked. |
|
|
|
|
|
|
|
|
|
"There should not be any signed int. If you've found a signed int
somewhere, please tell me (within the next 25 years please) and I'll
change it to unsigned int." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
Seccour
Legendary
Offline
Activity: 1619
Merit: 1004
Bitcoiner, Crypto-anarchist and Cypherpunk.
|
|
November 03, 2013, 01:28:44 PM |
|
The 2nd key can maybe send the BTC to an another wallet ? So they can't acces to the coins anymore...
|
|
|
|
Kouye (OP)
Sr. Member
Offline
Activity: 336
Merit: 250
Cuddling, censored, unicorn-shaped troll.
|
|
November 03, 2013, 01:30:21 PM |
|
The 2nd key can maybe send the BTC to an another wallet ? So they can't acces to the coins anymore...
That would be great, but how do you achieve that without internet connection, and without any code being executed from inside the wallet? EDIT : Not mentioning people like FBI could easily setup a sandbox network looking like the internet, and just capture all the streams to check what your wallet is trying to attempt before letting it go live. |
[OVER] RIDDLES 2nd edition --- this was claimed. Look out for 3rd edition! I won't ever ask for a loan nor offer any escrow service. If I do, please consider my account as hacked. |
|
|
JoelKatz
Legendary
Offline
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
|
|
November 03, 2013, 01:35:15 PM |
|
This requires secure hardware. Insecure hardware, or hardware of the attacker's choice, can always be "rewound" to a prior state.
|
I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
|
|
|
Kouye (OP)
Sr. Member
Offline
Activity: 336
Merit: 250
Cuddling, censored, unicorn-shaped troll.
|
|
November 03, 2013, 01:46:13 PM |
|
This requires secure hardware. Insecure hardware, or hardware of the attacker's choice, can always be "rewound" to a prior state.
This is interesting. Although they could (and would) store/manipulate such a device in a faraday/scrambled secured environment (in case it would have 4G/satellite connection ability), they would have to let it go out to check for the result of the passphrase you gave them. But then, couldn't they just sandbox the network and check what the device is trying before letting it go live? EDIT : english is not my native langage, sandbag is a term I used a lot from playing online go, which explains the lapsus with sandbox, sorry  |
[OVER] RIDDLES 2nd edition --- this was claimed. Look out for 3rd edition! I won't ever ask for a loan nor offer any escrow service. If I do, please consider my account as hacked. |
|
|
Seccour
Legendary
Offline
Activity: 1619
Merit: 1004
Bitcoiner, Crypto-anarchist and Cypherpunk.
|
|
November 03, 2013, 01:47:44 PM |
|
The 2nd key can maybe send the BTC to an another wallet ? So they can't acces to the coins anymore...
That would be great, but how do you achieve that without internet connection, and without any code being executed from inside the wallet? EDIT : Not mentioning people like FBI could easily setup a sandbox network looking like the internet, and just capture all the streams to check what your wallet is trying to attempt before letting it go live. If, for exemple i'm with Bitcoin-qt and i send 1 btc to an adress. If i'm not connect to the internet, bitcoin-qt will wait the connection to synchro with the network, but no more option for cancel the sending no ? And for someone took the btc or use the wallet after he acces to it he have to connect to the internet so... |
|
|
|
JoelKatz
Legendary
Offline
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
|
|
November 03, 2013, 01:54:48 PM |
|
This requires secure hardware. Insecure hardware, or hardware of the attacker's choice, can always be "rewound" to a prior state.
This is interesting. Although they could (and would) store/manipulate such a device in a faraday/scrambled secured environment (in case it would have 4G/satellite connection ability), they would have to let it go out to check for the result of the passphrase you gave them. But then, couldn't they just sandbox the network and check what the device is trying before letting it go live? EDIT : english is not my native langage, sandbag is a term I used a lot from playing online go, which explains the lapsus with sandbox, sorry If the device received the destruct code, it would simply destroy the only copy of the key. The information then only exists in the same sense all the works of fiction man will ever create "exist" in the digits of Pi. |
I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
|
|
|
Kouye (OP)
Sr. Member
Offline
Activity: 336
Merit: 250
Cuddling, censored, unicorn-shaped troll.
|
|
November 03, 2013, 02:01:14 PM |
|
If the device received the destruct code, it would simply destroy the only copy of the key. The information then only exists in the same sense all the works of fiction man will ever create "exist" in the digits of Pi.
That seems good enough, you then just need a hard/paper copy of the p-key hidden somewhere safe. This implies the device content cannot be duplicated, but that looks acheivable. Now we just need a device accepting a "self-destruct" passphrase, I guess.  |
[OVER] RIDDLES 2nd edition --- this was claimed. Look out for 3rd edition! I won't ever ask for a loan nor offer any escrow service. If I do, please consider my account as hacked. |
|
|
JoelKatz
Legendary
Offline
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
|
|
November 03, 2013, 02:18:38 PM |
|
Now we just need a device accepting a "self-destruct" passphrase, I guess. This is close. It will self-destruct on too many incorrect PIN entries. But you really want something with a self-destruct code. And, for a wallet, you want something that can sign Bitcoin transactions. Otherwise, you have to extract your key from it every time you use it, which would make it good only for one-time use. |
I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1009
|
|
November 03, 2013, 02:41:38 PM |
|
After the last seizures of "wallets" from authorities, I have been wondering about how to prevent them from extracting the passphrase through chemicals and/or torture. Keep the bulk of your savings in multisig outputs, where the other private key holders are friends you can trust who live on other continents. |
|
|
|
|
Kouye (OP)
Sr. Member
Offline
Activity: 336
Merit: 250
Cuddling, censored, unicorn-shaped troll.
|
|
November 03, 2013, 03:28:41 PM |
|
After the last seizures of "wallets" from authorities, I have been wondering about how to prevent them from extracting the passphrase through chemicals and/or torture. Keep the bulk of your savings in multisig outputs, where the other private key holders are friends you can trust who live on other continents. I understood those were the best options now, this (which requires trust - how tempting would it be for a "friend" to blackmail you once you need his signature?) and keeping hidden cold wallets (which implies bitcoins being frozen) - already listed, btw I'm focusing more on the seizure of a "hot_wallet.dat", now. Facts: - They can list all the unspent outputs from such a wallet, with the associated public key. - The wallet.dat file also hosts all the private keys for those, and they are only protected by a passphrase buried in your brain. Given those circumstances, I currently see no way how torture could fail, apart maybe from hosting the hot wallet on a specific, non-replicable device such as discussed with Joel, accepting a self-destruct key in addition to the real passphrase. |
[OVER] RIDDLES 2nd edition --- this was claimed. Look out for 3rd edition! I won't ever ask for a loan nor offer any escrow service. If I do, please consider my account as hacked. |
|
|
JoelKatz
Legendary
Offline
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
|
|
November 03, 2013, 03:36:48 PM |
|
I understood those were the best options now, this (which requires trust - how tempting would it be for a "friend" to blackmail you once you need his signature?) and keeping hidden cold wallets (which implies bitcoins being frozen) - already listed, btw You can always keep a copy of the key your friend holds somewhere. |
I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
|
|
|
|
eoJ
|
|
November 03, 2013, 04:24:24 PM |
|
The 2nd key can maybe send the BTC to an another wallet ? So they can't acces to the coins anymore...
That would be great, but how do you achieve that without internet connection, and without any code being executed from inside the wallet? Easy, something like twilio to grab all SMS messages, and react on either any message being sent, or a specific message being sent. I guarantee you someone in jail can find a way for someone to send a text. |
|
|
|
|
Kouye (OP)
Sr. Member
Offline
Activity: 336
Merit: 250
Cuddling, censored, unicorn-shaped troll.
|
|
November 03, 2013, 05:40:42 PM |
|
Easy, something like twilio to grab all SMS messages, and react on either any message being sent, or a specific message being sent. I guarantee you someone in jail can find a way for someone to send a text.
Looks like you didn't read OP carefully. I know there are already a nice set of solutions, which include at least:
[...]
- Pre-signed transaction "bombs" that an accomplice can trigger on a "jailed man switch".
Any idea that does not implicate a "trusted 3rd party", now ? Just you, your fat wallet, and some people determined to gain access to said wallet. |
[OVER] RIDDLES 2nd edition --- this was claimed. Look out for 3rd edition! I won't ever ask for a loan nor offer any escrow service. If I do, please consider my account as hacked. |
|
|
agent007
Newbie
Offline
Activity: 13
Merit: 0
|
|
November 03, 2013, 08:26:34 PM |
|
After the last seizures of "wallets" from authorities, I have been wondering about how to prevent them from extracting the passphrase through chemicals and/or torture.
I know there are already a nice set of solutions, which include at least:
- Multi-signing
- Hidden cold wallets
- Pre-signed transaction "bombs" that an accomplice can trigger on a "jailed man switch".
Can you explain me more detailed ? My boss wants to know more about this methods. |
|
|
|
|
FUEPA
Newbie
Offline
Activity: 12
Merit: 0
|
|
November 03, 2013, 08:46:31 PM |
|
create an offline TX ready to broadcast to an address you already own, and give it to a trusted friend. I don't understand the particulars, but it shouldn't involve private keys, but public information - correct?
If the authorities wish to seize, your friend broadcasts the tx while you claim you gave the private key to officer Smith while in custody.
|
|
|
|
|
Kouye (OP)
Sr. Member
Offline
Activity: 336
Merit: 250
Cuddling, censored, unicorn-shaped troll.
|
|
November 03, 2013, 09:03:32 PM |
|
create an offline TX ready to broadcast to an address you already own, and give it to a trusted friend. I don't understand the particulars, but it shouldn't involve private keys, but public information - correct?
If the authorities wish to seize, your friend broadcasts the tx while you claim you gave the private key to officer Smith while in custody.
... Easy, something like twilio to grab all SMS messages, and react on either any message being sent, or a specific message being sent. I guarantee you someone in jail can find a way for someone to send a text.
Looks like you didn't read OP carefully. I know there are already a nice set of solutions, which include at least:
[...]
- Pre-signed transaction "bombs" that an accomplice can trigger on a "jailed man switch".
Any idea that does not implicate a " trusted 3rd party", now ? Just you, your fat wallet, and some people determined to gain access to said wallet. After the last seizures of "wallets" from authorities, I have been wondering about how to prevent them from extracting the passphrase through chemicals and/or torture.
I know there are already a nice set of solutions, which include at least:
- Multi-signing
- Hidden cold wallets
- Pre-signed transaction "bombs" that an accomplice can trigger on a "jailed man switch".
Can you explain me more detailed ? My boss wants to know more about this methods. Lurk more, this is supposed to be a serious thread. |
[OVER] RIDDLES 2nd edition --- this was claimed. Look out for 3rd edition! I won't ever ask for a loan nor offer any escrow service. If I do, please consider my account as hacked. |
|
|
|
eoJ
|
|
November 04, 2013, 12:34:34 PM |
|
Easy, something like twilio to grab all SMS messages, and react on either any message being sent, or a specific message being sent. I guarantee you someone in jail can find a way for someone to send a text.
Looks like you didn't read OP carefully. Any idea that does not implicate a "trusted 3rd party", now ? Just you, your fat wallet, and some people determined to gain access to said wallet. A trusted 3rd party? Wut? Firstly, how is anyone gonna know you used twilio, and secondly, why do you have to borrow someones phone? The gang heads can get cell phones in jail, why can't someone with millions of dollars in Bitcoin? |
|
|
|
|
|
joeyjoe
|
|
November 04, 2013, 12:55:38 PM |
|
OR just use true crypt. It has the ability to work with another encryption key that shows different information, and it is impossible for someone to tell if it is the actual key or not.
(You use it to create a 1GB file on your hard drive, when you unlock it, it maps to a drive. If you unlock with a different key, it shows different files that you can still upload to.)
|
Bitcoin PHP programmer for hire! (HTML / CSS / JQuery / AJAX / .NET).
|
|
|
|
maz
|
|
November 04, 2013, 01:15:24 PM |
|
This would have to be a facility of a hardware wallet like Trezor. As mentioned by JoelKatz, most forms of storage which people use for bitcoin can be 'rewound' to give another try.
Even then I think this would be difficult to pull off, as the attacker could always duplicate the contents of any memory device and reflash it to the same type of memory device for a second shot.
I think the best idea would be to have something like the structure of electrum, multiple peer 2 peer servers which act as banks, they store the encrypted data of peoples wallets but cant view them. When someone trys to log into a persons peer to peer 'bank' with the wrong (pre-determined emergency fake password) then the server corrupts the data and alerts all other 'bank' peers to corrupt it also.
This could work similar to the program 'last pass'. Client side software encrypts all data before uploading it to your p2p bank account on a server, of which there are thousands of.
|
|
|
|
|
|
