On Tue, Jan 09, 2018 at 12:43:48PM +0000, Perry Gibson wrote: > >Trezor's "plausible deniability" scheme could very well result in you going > >to > >jail for lying to border security, because it's so easy for them to simply > >brute force alternate passwords based on your seeds. With that, they have > >proof > >that you lied to customs, a serious offense. > The passphrase scheme as I understand it allows a maximum of 50 characters > to be used. Surely even with the HD seed, that search space is too large to > brute force. Or is there a weakness in the scheme I haven't clocked?
While passphrases *can* be long, most user's aren't going to understand the
risk. For example, Trezors blog(1) doesn't make it clear that the passphrases
could be bruteforced and used as evidence against you, and even suggests the
contrary:
Since the passphrase is never saved on the device, this means that there is
no
wrong passphrase. The device does not know which one you have chosen, and
therefore all of them are correct! Given the same seed, for each and every
letter combination used as a passphrase, a different wallet will be
generated.
and:
Since there is no way to prove that there is any wallet beyond the ones
that you have admitted to, the “attacker” will have to be satisfied with
the revealed ones.
Also note how this blog doesn't mention anti-forensics: the wallet software
itself may leave traces of the other wallets on the computer. Have they really
audited it sufficiently to be sure this isn't the case?
1)
https://blog.trezor.io/hide-your-trezor-wallets-with-multiple-passphrases-f2e0834026eb
--
https://petertodd.org 'peter'[:-1]@petertodd.org
signature.asc
Description: Digital signature
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
