Topic: Less private but perhaps secure HOT wallet (Read 505 times)

I tend to agree. In a $5 wrench situation, then your best way of getting out of that situation alive and minimizing harm is to give the attacker what they want, which is some bitcoin. If they see you own a bunch of bitcoin which then automatically moves to a different wallet or your wallet app self destructs or whatever, then they still know you own that bitcoin and can just hit you until you reveal your back up, the other wallet, whatever. Instead you need to be able to hand over some amount of bitcoin to them while keeping them unaware of your main stash. This means segregated wallets with different devices, seed phrases, passphrases, etc., and it also means good on-chain privacy so there are no obvious blockchain links between your daily wallet you are going to hand over and your larger holdings.

I am not sure how good of an idea it is to implement what you describe. If you are being subjected to a $5 wrench attack, your attacker may not believe you when you say you cannot access the coin anymore after the coin had just moved, so you might be subjected to further physical harm. Also, if the attacker does believe you, they may react negatively when they discover that you just moved your coin to an address you cannot immediately access. (I think the typical "mugger" will say something along the lines of "give me your wallet or I'll shoot")

You don't have to. They made a mistake of where they sent the funds. You are sitting there tied up getting hit with a wrench. Either that or your phone is infected, or if there is more then one person, they are stealing from their partners by sending funds that they have access to and not the others. This way at least you have company as they they start getting hit with a wrench.

Or as we keep saying, don't leave a lot of funds on your phone. Since my old phone did a gravity check so I had to get a new one and BTC / crypto is down I would be more worried about not getting my phone back then getting my crypto stolen.

-Dave

But in both cases, how do you convince the attacker to stop hitting you?

You could prove the address sent to is a multi-sig, by either revealing its script or spending from it before so its script can be viewed via any block explorer. But how do you convince the attacker that it is a multi-sig with other people and not just 3 of your own wallets? In the case of the timelocked transaction, how do you convince the attacker that although there has been a timelocked transaction you don't still have the seed phrase/private key to the wallet which created the timelocked transaction and could just create a normal transaction any time you want?

At the end of the day, having a not-that-secure mobile wallet with a small amount of funds is not the worst thing in the world to lose, if by handing it over to an attacker you thereby avoid revealing anything about your main stash.

Either way, it just becomes a question of how you want to setup your OPSEC

Your way, making it looks like your phone is infected works too. I was thinking of a x of y multisig with enough people involved that it's going to involve a lot of $5 wrenches on people.

The other possibility is having them be sent to a wallet that is always online and waiting for a transaction. That wallet will then send the BTC with a transaction with a timelock. They can keep hitting you with the wrench, it's not going to change time.

-Dave

Until they hit you so much you reveal how to access the destination address.

You need something with plausible deniability. Different passphrases as Loyce has pointed out is the usual route to take. To build on your system, I guess you would need some way of making your phone appear like it was infected with malware. Perhaps it broadcasts the attacker's transaction with a very low fee, and then a few seconds later RBFs it to a different address. Or every time they enter their address, it makes it very obvious that the address is being "maliciously" changed to a different one.

This is different. An online account can have its password attacked remotely by anyone anywhere in the world without ever being near the device (physically or electronically) which is storing both the password and the 2FA. While having both password and 2FA on the same device is not optimal, in such a scenario it does still add additional security. This is not the case for a mobile wallet which is being discussed here. An attacker must compromise your device somehow to access your wallet file, in which case everything else on that device is similarly vulnerable to compromise.

I can think of so many potential problems: accidentally entering that password out of habit, an attacker somehow changing the destination address (clipboard malware), not being able to review the transaction before sending, or just being beaten with the wrench until you give access to the destination address.
A much better method is adding different passphrases to the same 24 word seed. It's impossible to prove you're using more than one.

My solution is to not do any banking on my phone, use only a small Bitcoin wallet for daily expenses, have a different account for Bitcointalk, and use a different email address. I've disabled as many "restore options" as possible to limit potential attacks and I install as little software as possible.

We clearly have different scenarios in mind, which is adding to the confusion, I think. I mean, in that specific scenario, sure, I completely agree with you. You'd have to really stretch to make up a worthwhile justification for adding a 2FA app to the mix.

For other scenarios, I've already laid out some of the attacks that would be defeated by single-device 2FA, earlier in this thread. Like I said in the disclaimer on my first post, I've been talking about 2FA in general this whole time and not only in terms of mobile wallets.

With that in mind, I think we probably already agree with each other.

I'm not sure about the "so incredibly easy" part. Some people don't have enough devices for full-strength 2FA. Other people, may have enough devices, but their setup makes it a real hassle to deal with.

Take someone like me, for example. I trust my desktop/laptop much more than I trust my phone. So, setting up multi-device 2FA for me basically amounts to having my TOTP application on my laptop and my password manager on my desktop. Because I use the same application for both tasks (KeePassXC) and I don't want a compromise of one to affect the other, I split my password database into two pieces, one with nothing but TOTP seeds in it and one with nothing but usernames and passwords in it. When I want to check my e-mail, I have to fire my laptop up to get the TOTP. For something as crucial as my main e-mail account, that's worth the hassle. For (some) other things, not so much.

Call me lazy, but for less important accounts, I've taken to putting both the TOTP seeds and the passwords in the same database. This setup is obviously not ideal from a security perspective, but it's much more convenient for me and it still provides some legitimate additional security. Even with this weak 2FA, those accounts are still protected from phishing, keylogging, copy/paste sniffing, etc. Basically any attack that's sophisticated enough to steal my password but not sophisticated enough to break into the KeePassXC database and steal the TOTP seed (which is a much heavier lift, because it's never typed in or copy/pasted anywhere).

Anyway, I don't want to derail DaveF's thread further with 2FA discussion that's not specifically about wallets, so unless he doesn't mind these slightly off-topic asides, I'll be bowing out for now

I honestly can not agree less with you, when I had all my accounts 2FAed, I had one device then, one day, I began to imagine, what if my phone gets stolen and the thief manages to unlock my phone without performing a factory reset or flashing?
Chrome browser automatically saves all the passwords required to login on my different accounts, 2fa authenticator is installed on the same device - this simply means the thief will easily gain access almost all my accounts....
This imagination is what drove me to buying a second device, this device is like a bank token, I use it to take care of all things 2fa, google 2fa authentication, phone and email authentication all managed on this device.

I personally think those who have their wallet and 2fa app on one device have not come to the realization that their device could be stolen, what they are actually focused on is avoiding Hackers from accessing their accounts or wallets in a situation where a hacker tries to gain access to their account.
But right now, they all should know that their device could be stolen and could find a way of unlocking the device without wiping, flashing or factory resetting the device, this puts them at the risk of loosing all the funds stored on the wallets installed on that device.

I have always thought a good idea for a wallet to get around the $5 wrench is a fully functional dead man switch.

Enter THAT pin / password / use that finger and the wallet unlocks normally. IF ANY transaction is attempted to be sent, all the funds are sent to a per-determined address with a high fee, non RBF. I mean at that point it's only going to get you hit some more with the wrench but at least they don't get the money.

Interesting to see where this thread has gone in terms of the discussion.

-Dave

In general, it is best to use a password manager. Doing so allows you to use truly random passwords (that are unique to each other) that you don't have to risk being forgotten.

If someone is able to access your password manager once, it will be trivial for them to access it a second time.

---

I would argue that using a sufficiently weak 2FA is worse than no 2FA because it will give users a false sense of security that may result in more money being stored on a hot wallet than might be appropriate.

Is it, though? What attack, which is able to physically obtain your phone, crack/hack/shoulder surf/$5 wrench/malware/or otherwise obtain your phone unlock password/PIN/code, and similarly obtain your wallet unlock code, would be reliably prevented by forcing it to also obtain the code for your 2FA app? If you've been so compromised on the first three points, then the fourth point is pretty much moot.

This is why I use 2FA frequently on a lot of things, but not on my mobile hot wallet. I don't see it adding any meaningful security.

Yup, I get what you're saying.

I don't think it's a fair comparison, though.

I mean, in the scenario I'm talking about, it's relatively easy to think up (realistic) attacks that would be prevented by single-device 2FA.

Whereas, with your example (two passwords), it's pretty much impossible (for me, anyway) to think of any (realistic) attacks that would be prevented by that.

Anyway, I'll give it a rest, because I get the feeling that my posts in this thread are coming off as security advice, which is not my intention.

That's a really good way to put it.

Instead of focusing on 'it is technically better than nothing' (logical privation fallacy), pointing out how with little extra effort (compared to bad 2FA) you gain the main benefit of 2FA.

That's the same approach and logic behind it that I use, too.

And compared to using a single dictionary word password, using two dictionary words is technically an improvement. And compared to using a 3 word seed phrase, using 6 words is technically an improvement. But that still doesn't mean that these examples are secure, worth using, or should be recommended.

It is so incredibly easy to use 2FA properly, that there really is no excuse for doing it badly.

I use a hot wallet on my phone almost daily. I do not use 2FA on it because there is no point. Since I'm not going to carry a separate device with me solely for this purpose, then any 2FA will involve the same phone the wallet is on. If an attacker is able to steal my phone, unlock it, and unlock my wallet file, then I am beyond compromised and a 2FA code from the same phone achieves nothing.

I would encourage you to read about the 2016 hack of Bitfinex. I understand that Bitfinex contracted with a third party to act as a “2nd factor” when signing outgoing transactions, while Bitfinex also held a third key that was kept in cold storage. I understand that Bitfinex would craft and sign transactions, and would send the partially signed transactions to the third party via their api, and if the api key (credentials) was valid, the third party would provide the second signature for the transactions (the transactions were from 2 of 3 multi sig addresses). Based on the publicity available facts, it appears that the hacker was able to compromise the server that interacts with the third party, changed the settings to allow for the third party to sign a higher volume of transactions, along with the private keys that are intended to be “hot”.

I don’t think it is possible for an app to prevent the user from automatically entering credentials, and even an on-screen keyboard can be compromised.

I believe the above system was sold by the third party as being as good as cold storage, as it required multiple institutions to sign outgoing transactions. I think “2FA” systems would be sold as something as good as cold storage. I think that even if it wasn’t sold as such, users would implement it as such. I really don’t think the potential for improved security is not there. You can improve security by implementing multi sig. Security will only be improved if multiple devices are used to sign transactions. That’s the only way.

No. Even if it's private, I don't want any third-party involved. What if they don't allow me to access my funds anymore?

Mycelium doesn't store my PIN, but it's only 6 digits, so it can't be hard to brute-force.

How old are you?

2FA on the same device is still a normal way to secure your hot wallet because it's the wallet that is frequently used. Keep in mind that when you use something frequently, it can be a headache to have to always check another device. Also, there may be emergency cases to use your wallet and you will be in trouble, so hot wallet is hot and cold is cold, hot isn't meant to be as protected as cold.

Imagine, you are using an app and someone probably got your login/password details and tries to log in but you get the message on your smartphone as a second method of verification, more likely you are the only one who has access to it. So, it gets harder for the attacker to achieve the aim.
2FA on a hot wallet, for me, means double security, not supreme security. If you take care of your device, visit only clean websites and know a thing about security, you can relax.

Keep in mind that 2FA can't protect you if some criminal catches you and has control over you and your devices when the power and fear are in action.

The only perfect thing that could protect you would be something that's able to analyze your face, eyes, voice and have a heart-rate scanner (I mean the way smartphones show your heart rate by putting a finger) but instead of putting a finger, it should analyze your fingerprint too. By analyzing, according to face, eyes, voice and heart rate, it should determine whether the owner feels scared, under pressure or relaxed.
I know this sounds like science fiction but I think in the future, something like this will be developed for perfect security of bank accounts, crypto wallets, etc.

I buy that word not correlated. I was thinking 2FA comprises of a code(password, passphrase, Private key, fingerprint or voice recognition) the device owner knows and a randomly generated code that can only be used once for a specific purpose which could come in the form of ( OTP, TOTP, (multi-sig not used once) etc) . As long as this 2FA are correlated on a single device if the device gets broken into, informations could be compromised not necessarily wallets but other valuable informations which could even grant access to making funny guess about wallet passwords and seed phrase.

2FA's are best if the exist on different devices. Even HTLC and PTLC functions almost similar as 2FA but in a transaction setting where there is a cryptographic proof of payment and why this seems even secure is the cryptographic hash it's based upon

@Welsh: Yep, I think we mostly agree with one another, the last line of my previous post said: "Full-strength 2FA is laudable and should be the goal", which lines up with basically everything you're saying.

What I'm pushing back against is the sentiment that 2FA is "worthless" unless it's implemented in its ideal form. Like I said previously, compared to no 2FA at all, weak 2FA is technically an improvement. It will thwart certain types of attack that would previously have succeeded.

I get the emotional argument that you should go all the way or not bother at all, but that's not a defensible position, IMO. I know that's not your position, but it's definitely an idea I've run across a few times on this forum.