On Tue, Jan 09, 2018 at 09:26:17AM +1100, Ben Kloester wrote: > > This sounds very dangerous. As Gregory Maxwell pointed out, the key > derivation > > function is weak enough that passphrases could be easily brute forced > > So you are essentially imagining that a perpetrator will combine the > crypto-nerd fantasy (brute forcing the passphrase) *with* the 5-dollar > wrench attack, merging both panes of Randall Munroe's comic? Seems > vanishingly unlikely to me - attackers are generally either the wrench > type, or the crypto-nerd type.
We're talking about seeds here, not hardware wallets. For a hardware wallet theft scenario, if you're worried about muggers you can make the hardware have secret accounts with different seeds, *without* risking user funds getting lost - a much more likely scenario - due to mistyped passwords. In any case, even if you were to do this type of design, a much better idea is to use a checksum by default to reject invalid passwords, while having an advanced-use-only option to override that checksum. The virtual file encryption filesystem encfs does exactly this with its --anykey flag. This allows advanced users to do their thing, while protecting the majority of users for whome this feature is dangerous. -- https://petertodd.org 'peter'[:-1]@petertodd.org
signature.asc
Description: Digital signature
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
