Secret wallet

[Gareth Nelson]

1 - Generate a set of private keys with high quality entropy
2 - Hash your password+a numeric string to an SHA256 hash
3 - XOR the hash from step 2 with each of the keys from step 1 to get your new private keys
4 - Repeat steps 2-4 an arbitary number of times to create multiple hidden wallets
5 - Pay small amounts into all your addresses
6 - If cooerced, give the password for a secret wallet with hardly any coins in it

Anyone got plausible attacks against this scheme?

[1713867672]

1713867672

[fornit]

yeah, step-4-infinite-loop-attack.
 + none-of-the-wallets-look-like-a-plausible-real-wallet-so-i-continue-to-hit-you-with-a-$5-wrench-until-you-give-me-more-wallets-attack.
btw:
how exactly to you give them a secret wallet without doing the xor operation in your head? i mean you cant really tell them "my key is sha256(helloworld12345) xor privatekey" without revealing your method.

[payb.tc]

1 - Generate a set of private keys with high quality entropy
2 - Hash your password+a numeric string to an SHA256 hash
3 - XOR the hash from step 2 with each of the keys from step 1 to get your new private keys
4 - Repeat steps 2-4 an arbitary number of times to create multiple hidden wallets
5 - Pay small amounts into all your addresses
6 - If cooerced, give the password for a secret wallet with hardly any coins in it

Anyone got plausible attacks against this scheme?

i was going to say '$5 wrench' but i think you covered that scenario. EDIT - and it looks like fornit beat me to it anyway.

as an alternative, you could create a truecrypt hidden volume. put a low-value wallet in the outer area and your high-value wallet in the hidden area.

[gnar1ta$]

Buy gun, shoot coercer, go on with day.

[Gareth Nelson]

yeah, step-4-infinite-loop-attack.
 + none-of-the-wallets-look-like-a-plausible-real-wallet-so-i-continue-to-hit-you-with-a-$5-wrench-until-you-give-me-more-wallets-attack.
btw:
how exactly to you give them a secret wallet without doing the xor operation in your head? i mean you cant really tell them "my key is sha256(helloworld12345) xor privatekey" without revealing your method.

You don't need to keep the method secret.

The point is that for any private key, there is an insanely large number of possible keys to XOR it with to obtain a new key.

Write some software that loads the private keys from step 1 from a file on disk and then uses a second key to decrypt it - that second key can be one of many, some of which are fake.

Step 3 should be clarified - you don't build the secret wallets using mere numbers, you build your secret wallets using passphrases, and there's as many passphrases as there are possible private keys

[Andrew Bitcoiner]

Buy gun, shoot coercer, go on with day.

coercer works at a three letter named agency and has lots and lots of friends that will be upset by this.

[gnar1ta$]

Buy gun, shoot coercer, go on with day move to Mexico.

coercer works at a three letter named agency and has lots and lots of friends that will be upset by this.

  <--need one with a sombrero.

[trentzb]

Three letter agencies need to feel they are smarter than average joe. Give them what they are looking for...an environment similar to 99% of facebook/twitter users with a low value wallet. Once you start burying things with encryption they will continue digging indefinitely. Keep the high value stuff physical and in your head.

[Gareth Nelson]

This reminds me of the best way to use TrueCrypt's hidden partition trick:

Put gay porn or pics of yourself naked on the outer partition - anything that is embarrassing (to give a plausible reason for encrypting it) but both harmless (aside from embarrassment) and 100% legal.

[ripper234]

This reminds me of the best way to use TrueCrypt's hidden partition trick:

Put gay porn or pics of yourself naked on the outer partition - anything that is embarrassing (to give a plausible reason for encrypting it) but both harmless (aside from embarrassment) and 100% legal.

Nice trick!
Now I just need to decide between gay porn and my naked pics.

[payb.tc]

This reminds me of the best way to use TrueCrypt's hidden partition trick:

Put gay porn or pics of yourself naked on the outer partition - anything that is embarrassing (to give a plausible reason for encrypting it) but both harmless (aside from embarrassment) and 100% legal.

there are many reasons for encrypting less embarrassing documents... for example source code that you've developed that you want to keep out of the hands of the competition for as long as possible.

even things like 'lists of available domain names worth registering' would be best kept encrypted until the time comes to actually register them.

i guess i'm the more cautious type, but my 'my documents' directory only has one file in it. A 20 gb truecrypt container.

i'm sure a lot of people who don't encrypt would feel quite violated if their pc was ever stolen.

for me, it would just mean buying a new pc, and asking a certain friend for that encrypted bdr i stashed at his place.

[Gareth Nelson]

This reminds me of the best way to use TrueCrypt's hidden partition trick:

Put gay porn or pics of yourself naked on the outer partition - anything that is embarrassing (to give a plausible reason for encrypting it) but both harmless (aside from embarrassment) and 100% legal.

there are many reasons for encrypting less embarrassing documents... for example source code that you've developed that you want to keep out of the hands of the competition for as long as possible.

even things like 'lists of available domain names worth registering' would be best kept encrypted until the time comes to actually register them.

i guess i'm the more cautious type, but my 'my documents' directory only has one file in it. A 20 gb truecrypt container.

i'm sure a lot of people who don't encrypt would feel quite violated if their pc was ever stolen.

for me, it would just mean buying a new pc, and asking a certain friend for that encrypted bdr i stashed at his place.

The point is to encrypt what's REALLY sensitive and hiding it behind something that's embarrassing but not sensitive.

Gay porn is plausibly embarrassing enough that people would encrypt it and when the Bad Guys™ come calling and ask what the encrypted data is, you can show the gay porn without revealing the REAL data.

[Gareth Nelson]

If anyone asks, I really am into gay midgets - they're so hot.

[payb.tc]

If anyone asks, I really am into gay midgets - they're so hot.

even though there's a bit of joking going on, in all seriousness people trying this trick should be very careful that the actual porn they're saving is 100% legal in their area.

there are so many tiny little rules that you may find yourself in trouble even for seemingly innocent looking pics.

for example, did you know in australia you can get in trouble for child porn, if the 18+ woman's tits are too small?

[Hawkix]

The point is to encrypt what's REALLY sensitive and hiding it behind something that's embarrassing but not sensitive.

Gay porn is plausibly embarrassing enough that people would encrypt it and when the Bad Guys™ come calling and ask what the encrypted data is, you can show the gay porn without revealing the REAL data.

Unfortunately, there are still countries where you better should unlock your bitcoin wallet to oficials and pretty darn hide gay porn.

Better choose something still embarrassing and not illegal anywhere. Hmm, what about own attempts to poetry?

[Gareth Nelson]

The point is to encrypt what's REALLY sensitive and hiding it behind something that's embarrassing but not sensitive.

Gay porn is plausibly embarrassing enough that people would encrypt it and when the Bad Guys™ come calling and ask what the encrypted data is, you can show the gay porn without revealing the REAL data.

Unfortunately, there are still countries where you better should unlock your bitcoin wallet to oficials and pretty darn hide gay porn.

Better choose something still embarrassing and not illegal anywhere. Hmm, what about own attempts to poetry?

I'm basing this on UK and US law, where "vanilla" gay porn of 2 adult men doing stuff is legal but embarrassing to possess.
Obviously if you're in a different legal climate you should use other material, your own attempts at poetry might be embarrassing but it's not the kind of thing people usually realistically hide, whereas your collection of gay porn or whatever is.

Porn in general is something that's "dirty", and thus people will plausibly hide it, especially if it's not the vanilla kind.

If you are an "out" homosexual of course the above should be altered - perhaps gay guys should hide straight porn instead.

It probably says a lot about me that I struggle to think of material other than porn that would work for this trick.

[payb.tc]

The point is to encrypt what's REALLY sensitive and hiding it behind something that's embarrassing but not sensitive.

Gay porn is plausibly embarrassing enough that people would encrypt it and when the Bad Guys™ come calling and ask what the encrypted data is, you can show the gay porn without revealing the REAL data.

Unfortunately, there are still countries where you better should unlock your bitcoin wallet to oficials and pretty darn hide gay porn.

Better choose something still embarrassing and not illegal anywhere. Hmm, what about own attempts to poetry?

I'm basing this on UK and US law, where "vanilla" gay porn of 2 adult men doing stuff is legal but embarrassing to possess.
Obviously if you're in a different legal climate you should use other material, your own attempts at poetry might be embarrassing but it's not the kind of thing people usually realistically hide, whereas your collection of gay porn or whatever is.

Porn in general is something that's "dirty", and thus people will plausibly hide it, especially if it's not the vanilla kind.

If you are an "out" homosexual of course the above should be altered - perhaps gay guys should hide straight porn instead.

It probably says a lot about me that I struggle to think of material other than porn that would work for this trick.

what's 'vanilla'? you mean softcore? ...softcore to hardcore is a blurred line that still puts you at risk of some overbearing authority's subjectiveness.

it would be embarrassing for a die-hard rock fan to have a stash of celine dion mp3's... but there we go again with the legal issues.

[dooglus]

what's 'vanilla'? you mean softcore?

Vanilla sex (or conventional sex) is a description of what a culture regards as standard or conventional sexual behaviour. Different cultures, subcultures and individuals have different ideas about what constitutes this type of sex. Often, it is interpreted as sex which does not involve such elements as BDSM, kink, or fetish activities.

[Hawkix]

it would be embarrassing for a die-hard rock fan to have a stash of celine dion mp3's... but there we go again with the legal issues.

I got it! The die-hard rock fan should hide mp3s of him own singing celine dion songs! Both embarrasing and legal (so far)

[payb.tc]

what's 'vanilla'? you mean softcore?

Vanilla sex (or conventional sex) is a description of what a culture regards as standard or conventional sexual behaviour. Different cultures, subcultures and individuals have different ideas about what constitutes this type of sex. Often, it is interpreted as sex which does not involve such elements as BDSM, kink, or fetish activities.

well even in that case, explicit depictions of 'vanilla' sex are pretty much illegal in australia. you can view nudity, but that's about it for most states.