Bitcoin Forum
March 30, 2024, 04:05:58 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: Defeating Rubber-Hose Cryptanalysis  (Read 3872 times)
cbeast
Donator
Legendary
*
Offline Offline

Activity: 1736
Merit: 1006

Let's talk governance, lipstick, and pigs.


View Profile
August 01, 2012, 04:49:31 AM
 #21

Establish a resource based economy that provides all people with their basic needs, allows for a safe and high standard of living and encourages all people to meet their highest potential. No longer need to protect or hide irrelevant money.

If my basic needs are met, I'm not going to be meeting my highest potential, I'm going to be fulfilling my basest desires.
What are your basest desires and are you doing them now? If not, why not?

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
1711771558
Hero Member
*
Offline Offline

Posts: 1711771558

View Profile Personal Message (Offline)

Ignore
1711771558
Reply with quote  #2

1711771558
Report to moderator
1711771558
Hero Member
*
Offline Offline

Posts: 1711771558

View Profile Personal Message (Offline)

Ignore
1711771558
Reply with quote  #2

1711771558
Report to moderator
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, which will follow the rules of the network no matter what miners do. Even if every miner decided to create 1000 bitcoins per block, full nodes would stick to the rules and reject those blocks.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
tvbcof
Legendary
*
Offline Offline

Activity: 4564
Merit: 1276


View Profile
August 01, 2012, 05:25:49 AM
 #22

What about writing down the secret (with archival quality materials) and storing it in a safe deposit box?

That was the best solution I could come up with.  An attacker could not get they keys out of me because I simply don't know them.  They could escort me to the bank, but that's a risky proposition since I will likely be able to conjure up some help in addition to whatever key material happens to be at that particular locale.

Problems:

 - An attacker could still torture the shit out of me trying to get the keys which I cannot give him/her.

 - An authority could (potentially) raid my safe deposit box and deny me the information I might have stored there.

One way or another, an attacker should hope they get all of my BTC (which is somewhat unlikely) because whatever I have left would be dedicated to extracting revenge.  I cannot honestly say that I have in place a solution to effect this outcome in the event of my being no longer among the living, but it's something I've mused about.


sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
mb300sd
Legendary
*
Offline Offline

Activity: 1260
Merit: 1000

Drunk Posts


View Profile WWW
August 01, 2012, 05:43:34 AM
 #23

I cannot honestly say that I have in place a solution to effect this outcome in the event of my being no longer among the living, but it's something I've mused about.


Interesting thought here, with multisig, it may be secure enough to store your bitcoins on several VPSes. A 5-of-6 address would make it so that 5 different hosts would have to collude or be hacked in order to steal your coins, and gives some insurance against a server going down. Program these servers to send all coins to an address if you do not log in once every certain number of days.

1D7FJWRzeKa4SLmTznd3JpeNU13L1ErEco
weex
Legendary
*
Offline Offline

Activity: 1102
Merit: 1014



View Profile
August 01, 2012, 05:46:37 AM
 #24

Perfection is impossible but to specifically beat the rubber hose, I like SSSS plus multiple safe deposit boxes. At somewhere between free and $40/yr you can get one at each of your banks.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1135


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
August 01, 2012, 05:48:13 AM
 #25

That was the best solution I could come up with.  An attacker could not get they keys out of me because I simply don't know them.  They could escort me to the bank, but that's a risky proposition since I will likely be able to conjure up some help in addition to whatever key material happens to be at that particular locale.

Problems:

 - An attacker could still torture the shit out of me trying to get the keys which I cannot give him/her.

 - An authority could (potentially) raid my safe deposit box and deny me the information I might have stored there.

One way or another, an attacker should hope they get all of my BTC (which is somewhat unlikely) because whatever I have left would be dedicated to extracting revenge.  I cannot honestly say that I have in place a solution to effect this outcome in the event of my being no longer among the living, but it's something I've mused about.



Suppose you have 2 safety deposit boxes.  Each box has half your key.  That helps solve problem #1.

Suppose you have 3 safety deposit boxes.  Box A and B has half your key.  Box C contains the sum the keys stored in A and B (which are both numbers).  You can recover with any 2 out of 3, because if you lose either A or B, you can recover it by taking C minus whichever one you have.  That helps solve problem #2.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
mb300sd
Legendary
*
Offline Offline

Activity: 1260
Merit: 1000

Drunk Posts


View Profile WWW
August 01, 2012, 05:51:46 AM
 #26

That was the best solution I could come up with.  An attacker could not get they keys out of me because I simply don't know them.  They could escort me to the bank, but that's a risky proposition since I will likely be able to conjure up some help in addition to whatever key material happens to be at that particular locale.

Problems:

 - An attacker could still torture the shit out of me trying to get the keys which I cannot give him/her.

 - An authority could (potentially) raid my safe deposit box and deny me the information I might have stored there.

One way or another, an attacker should hope they get all of my BTC (which is somewhat unlikely) because whatever I have left would be dedicated to extracting revenge.  I cannot honestly say that I have in place a solution to effect this outcome in the event of my being no longer among the living, but it's something I've mused about.



Suppose you have 2 safety deposit boxes.  Each box has half your key.  That helps solve problem #1.

Suppose you have 3 safety deposit boxes.  Box A and B has half your key.  Box C contains the sum the keys stored in A and B (which are both numbers).  You can recover with any 2 out of 3, because if you lose either A or B, you can recover it by taking C minus whichever one you have.  That helps solve problem #2.

Why not use a 2-of-3 multisig address?

1D7FJWRzeKa4SLmTznd3JpeNU13L1ErEco
markm
Legendary
*
Offline Offline

Activity: 2940
Merit: 1090



View Profile WWW
August 01, 2012, 08:11:28 AM
Last edit: August 01, 2012, 12:07:18 PM by markm
 #27

Why not use a 2-of-3 multisig address?

You have that working already?

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
Mageant
Legendary
*
Offline Offline

Activity: 1145
Merit: 1001



View Profile WWW
August 01, 2012, 12:05:42 PM
 #28

The problem I see with trying to defeat Rubber-Hose Cryptanalysis is that if the attacker is wiling to torture you to get access to your data (this is the premise of this thread), but you cannot give him access, then he might torture you anyway just in case. I would not rely on an attacker being reasonable.

So if you actually are at the mercy of the attacker in such a situation, then it seems you better be able to give the attacker access to your information. That is, unless you would actually prefer to suffer torture or die than give up your data.

cjgames.com
jago25_98 (OP)
Hero Member
*****
Offline Offline

Activity: 900
Merit: 1000


Crypto Geek


View Profile WWW
August 01, 2012, 01:03:20 PM
 #29

The problem I see with trying to defeat Rubber-Hose Cryptanalysis is that if the attacker is wiling to torture you to get access to your data (this is the premise of this thread), but you cannot give him access, then he might torture you anyway just in case. I would not rely on an attacker being reasonable.

So if you actually are at the mercy of the attacker in such a situation, then it seems you better be able to give the attacker access to your information. That is, unless you would actually prefer to suffer torture or die than give up your data.

It goes without saying but it's good to say it.

I think it's less applicable for a company though, or shared assets.

Also, perhaps it's a deterrent. If they cut off one finger and you still can't give them what they want, are they going to cut the rest off? What if they know before all this that you don't have access?

I agree that it might not be a solution, but, like a burglar alarm, it can be a deterrent.

Bitcoiner since the early days. Crypto YouTube Channel: Trading Nomads | Analyst | News Reporter | Bitcoin Hodler | Support Freedom of Speech!
tvbcof
Legendary
*
Offline Offline

Activity: 4564
Merit: 1276


View Profile
August 01, 2012, 05:13:37 PM
 #30

The problem I see with trying to defeat Rubber-Hose Cryptanalysis is that if the attacker is wiling to torture you to get access to your data (this is the premise of this thread), but you cannot give him access, then he might torture you anyway just in case. I would not rely on an attacker being reasonable.

So if you actually are at the mercy of the attacker in such a situation, then it seems you better be able to give the attacker access to your information. That is, unless you would actually prefer to suffer torture or die than give up your data.

An attacker willing to rubber-hose someone probably plans to kill them in the end one way or another.  So the choice comes down to:

  1) A shorter less painful death with the attacker getting the BTC (or whatever he/she's looking for.)

  2) A longer more painful death with the attacker coming away empty-handed.

A practical advantage of #2 is that there would be more opportunity to convince the attacker that they may be able to end up with something by keeping you alive longer.

The best solution in my mind is to arrange a credible deterrence solution.  Something akin Assange's 'insurance.aes256' file perhaps.  I think that Dr. Strangelove defined deterrence best to my way of thinking:

  "Deterrence is the art of producing in the mind of the enemy... the fear to attack" (55:09)


sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!