jago25_98 (OP)
|
|
July 30, 2012, 03:28:14 AM |
|
I wonder if there should be a forum dedicated just to security... I'm sure you're all familiar with How to deter? Idea 1) Steganography Idea 2) Additional factor: Share the private key between 4 execs. 2 of the group are required to decrypt the code. 4 not 2 in case one of the pair dies. Idea 3) Time based auth. Have a factor that only becomes clear when a certain time happens. Hard to implement in practice? Could it be something such as how light falls on the earth or something stranger? How could this work in practice? Idea 4) p2p auth. Need a peer to peer network agree and get concensus to decrypt the key. Idea 5) Deniable encryption. Like carrying 2 wallets, one low value. Can't see this workingm they might be able to tell you are lying. Idea 6) Do something funny with public key encryption? Idea 7) Just bury half of the key somewhere awkward to get to. In another country perhaps. If you had a yacht and got captured would this deter or would you really want access to that for a bribe? Anything else? How to make these things more workable? Is there a way to give a 3rd party access to a wallet in such a way that they can only pay out to an address you hold? That way you could give grandma/wife half the savings and get an allowance so you can't go gambling.
|
Bitcoiner since the early days. Crypto YouTube Channel: Trading Nomads | Analyst | News Reporter | Bitcoin Hodler | Support Freedom of Speech!
|
|
|
SuperP
|
|
July 30, 2012, 04:29:54 AM |
|
Idea 2) Additional factor: Share the private key between 4 execs. 2 of the group are required to decrypt the code. 4 not 2 in case one of the pair dies.
Shamir's Secret Sharing Scheme ( http://point-at-infinity.org/ssss/) can do this. You can split the private key into N encrypted secret strings and give them to different people. The original private key can only be reconstructed if X secrets are combined. Idea 3) Time based auth. Have a factor that only becomes clear when a certain time happens. Hard to implement in practice? Could it be something such as how light falls on the earth or something stranger? How could this work in practice?
The closest thing I can think of to what you describe is having some third party only give you what you ask for at a certain time. Another option that might be somewhat applicable is Encryption based on Time Reversal Transformations ( http://comjnl.oxfordjournals.org/content/32/3/241.full.pdf (Skip to the Discussion section)). It's where you have some data, apply some rule to it to change it, and do that over and over again for X steps. There's no easy shortcut to skip steps. To decrypt it you would have to apply the rules in reverse and go through each step backwards until you got to your original data. This isn't measured in time exactly, because if you encrypt something on a slow computer, a fast computer would be able to reverse it quicker.
|
|
|
|
FreeMoney
Legendary
Offline
Activity: 1246
Merit: 1016
Strength in numbers
|
|
July 30, 2012, 04:50:01 AM |
|
Regulate rubber hoses?
|
Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
|
|
|
mb300sd
Legendary
Offline
Activity: 1260
Merit: 1000
Drunk Posts
|
|
July 30, 2012, 04:53:26 AM |
|
Store the private key in a microcontroller that won't release it until a certain time using only the internal oscillator, enable code-protect so it can't be read or reprogrammed. Not 100% secure, but certainly significantly more difficult than any software-only solution to break.
|
1D7FJWRzeKa4SLmTznd3JpeNU13L1ErEco
|
|
|
TangibleCryptography
|
|
July 30, 2012, 04:56:36 AM |
|
On #3 there are timelock encryption algorithms. Methods that even given the "secret" it will take hours or even years to produce the key. Most timelock encryption algorithms can be parallized in encrypting but not in decrypting. So you could create a problem which takes 1 CPU year to complete and then rent 365 Amazon instances and produced the encrypted output for storage in just a day. However decryption would require 1 CPU year to complete (well maybe single core get a little faster and overlocked so someone can "brute force" it in 6 months).
|
|
|
|
nimda
|
|
July 30, 2012, 05:14:55 AM |
|
Cool, SSSS takes BTC donations at 1BWary.
|
|
|
|
|
|
Nefario
|
|
July 31, 2012, 12:30:00 PM |
|
I think SSS with the keys given to individuals spread over a large geographic location (multiple countries), their real identities need to be secret.
In some situations this might result in you getting killed, so you need to have deniable encyption as well.
|
PGP key id at pgp.mit.edu 0xA68F4B7C To get help and support for GLBSE please email support@glbse.com
|
|
|
EhVedadoOAnonimato
|
|
July 31, 2012, 12:50:38 PM |
|
You forgot an important thing: privacy.
Many of the techniques you mention become useless if your attacker is really evil and knows for sure that you have or control at least X amount of money hidden somewhere. If he also happens to know the habits of your family members, things may get ugly.
|
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1003
|
|
July 31, 2012, 12:54:37 PM |
|
A hardware problem can be solved with a hardware solution and I believe there's an invention that deals with the problem presented in the OP.. Just use one of these: ... and don't let them catch you. I believe it's also possible to hire people who will carry those for you and protect you if necessary.
|
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
Elwar
Legendary
Offline
Activity: 3598
Merit: 2386
Viva Ut Vivas
|
|
July 31, 2012, 02:35:24 PM |
|
Safes have time controls where only certain times of day you can open it.
Same could be done for a wallet.
|
First seastead company actually selling sea homes: Ocean Builders https://ocean.builders Of course we accept bitcoin.
|
|
|
MysteryMiner
Legendary
Offline
Activity: 1512
Merit: 1049
Death to enemies!
|
|
August 01, 2012, 12:05:31 AM |
|
Safes have time controls where only certain times of day you can open it.
Same could be done for a wallet.
Have You ever tried to change time in BIOS? Probably best hardware against rubber-hose cryptanalysis is a AK-74 and RGD grenade.
|
bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
|
|
|
ben-abuya
|
|
August 01, 2012, 12:20:01 AM |
|
Idea 3) Time based auth. Have a factor that only becomes clear when a certain time happens. Hard to implement in practice? Could it be something such as how light falls on the earth or something stranger? How could this work in practice?
nLockTime should handle this: https://en.bitcoin.it/wiki/Contracts
|
|
|
|
Topazan
|
|
August 01, 2012, 12:22:23 AM |
|
What about writing down the secret (with archival quality materials) and storing it in a safe deposit box?
|
Save the last bitcoin for me!
|
|
|
jago25_98 (OP)
|
|
August 01, 2012, 12:28:44 AM |
|
There a lot of good ideas here but they seem a bit hard work for the average person, especially if you're trying to avoid keyloggers. Truecrypt and deniability is a good step but you might cave under pressure.
I'd like to see the ability to use one time paper passwords and Google Authenticator as a second factor. You can already do this at blockchain mywallet.
SSSS sounds good. I guess that is 2x better than splitting the key in half between 2+ people?
I guess time delay could be done by block discovery.
Open-Transactions is intended exactly for this situation afaik.
Offline wallets sound great for this problem but they're stuck in set amounts. I guess you could always make a lot of small offline wallets... I wonder if subdivisions are possible mathematically via a third party in the calculation. That is, you could have another p2p system for subdivisions i.e. trading Bitcoin for 2 Litecoin keys in a p2p way...
nLockTime sounds interesting. Kinda treads on OpenTransaction's toes a bit but I really didn't know we had that - good news
"Imagine that you open an account on a website (eg, a forum or wiki) and wish to establish your trustworthiness with the operators, but you don't have any pre-existing reputation to leverage. One solution is to buy trust by paying the website some money. But if at some point you close your account, you'd probably like that money back"
^ why not have this on direct exchange networks? hmm... I guess it's a form of debt though which is exactly what Bitcoin is against... ?
|
Bitcoiner since the early days. Crypto YouTube Channel: Trading Nomads | Analyst | News Reporter | Bitcoin Hodler | Support Freedom of Speech!
|
|
|
LightRider
Legendary
Offline
Activity: 1500
Merit: 1022
I advocate the Zeitgeist Movement & Venus Project.
|
|
August 01, 2012, 01:18:52 AM |
|
Establish a resource based economy that provides all people with their basic needs, allows for a safe and high standard of living and encourages all people to meet their highest potential. No longer need to protect or hide irrelevant money.
|
|
|
|
LightRider
Legendary
Offline
Activity: 1500
Merit: 1022
I advocate the Zeitgeist Movement & Venus Project.
|
|
August 01, 2012, 02:57:01 AM |
|
Establish a resource based economy that provides all people with their basic needs, allows for a safe and high standard of living and encourages all people to meet their highest potential. No longer need to protect or hide irrelevant money.
If my basic needs are met, I'm not going to be meeting my highest potential, I'm going to be fulfilling my basest desires. Are you being encouraged to meet your highest potential? If so, why would you engage in mind numbing and boring activities that do not provide any longterm fulfillment?
|
|
|
|
cbeast
Donator
Legendary
Offline
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
|
|
August 01, 2012, 03:03:52 AM |
|
I'm more concerned about Devil's Breath (scopolamine) that cause you to willingly give up your brain wallet. There must be a way to defeat the state of mind it puts you in with a brain wallet device you won't recall while drugged.
|
Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
|
|
|
elena.m
Newbie
Offline
Activity: 24
Merit: 0
|
|
August 01, 2012, 04:42:47 AM |
|
Regulate rubber hoses?
This is one of my favorite trolls ever.
|
|
|
|
|