Pages:
Author

Topic: Obfuscation - only to be used by wizards in magic spells, not cryptography (Read 5740 times)

legendary
Activity: 3472
Merit: 4801
- snip -
Thanks to those (very few) that were helpful.

You're welcome.
hero member
Activity: 504
Merit: 500
Obfuscation can be useful especially if the method is unknown and even more if paired with steganography.
Just look how the freemasonry kept their secrets over hundreds of years. If it were secured with cryptography we would already know their secrets or at least the secrets what they had 60 years ago.
They have just hidden(a kind of steganography) the secrets and obfuscated it(gave false explanations and hints).
Was this method successful ? Sure.
legendary
Activity: 3038
Merit: 1032
RIP Mommy
blockchain.info/pushtx
legendary
Activity: 1974
Merit: 1030
There is an even better solution, but before describing it I'm still interested in what else you might think of.

Ah, is a second computer ok? Then unplug from the internet. Ask you the txid of your 1000 BTC payment to me. Generate and sign another transaction redeeming the coins in your transaction and sending them to the merchant. Broascast the transaction from another computer (or from the same computer after setting up a tight firewall that only permits the blockchain.info URL that allows you to broadcast transactions, I can't remember it now blockchain.info/pushtx—thank you TBZ!).
sr. member
Activity: 367
Merit: 250
Find me at Bitrated
Quote
Let's imagine a challenge with 4 facts:

1.) There is a merchant out in the world who is offering something you want, (something truly amazing, like an Enzo Ferrari) for 1,000 BTC.

2.) Fortunately, I'm about to give you 1,000 BTC because I owe ya.

3.) Using a wallet of your design, your job is to create a new address to receive this bitcoin into your wallet, and then subsequently spend this bitcoin into the merchant's 3rd party address.  

4.) Unfortunately, the computer you are using is infected with undetectable and unremovable keylogging Malware and screencapture technology.  It's designed to immediately intercept and re-spend bitcoins to a thief's address.  You don't even know its infected.  In other words, as soon as the malware is able to see either your password or your private key, any funds in your wallet will immediately be stolen.

So how can you receive this bitcoin onto the computer's wallet and spend it again without the thief intercepting ANY of it?  AND without changing the current bitcoin protocol?

(Hint: easier than you think, don't spend too much time on it, I will reply with the correct solution in about 12 hours time.)

Just for fun, let's also imagine that the memory is infected as well.  The thief already knows your password and the private key to every address you have ever created.  The wallet is currently empty, but as soon as any funds go into it, they're going to get stolen right back out unless the wallet is truly of a remarkable design.

One type of valid solution would be to remove the lines of communication.

Step 1) Turn off your computers internet connection.

Step 2) Open up your computers wallet and generate an address and private key at your leisure.

Step 3) Tell me to transfer that 1,000 bitcoin to your new address now.

Step 4) Use another computer to monitor the blockchain.info page of that address. Once confirmed call up the merchant to tell him you have a 1,000 BTC address to import via private key when ready.  (But I will admit, all this is a little cumbersome and only slightly bending the rules by using 2 computers)

There is an even better solution, but before describing it I'm still interested in what else you might think of.
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
Secretly program your computer to use morse code via the caps lock key, so that screen capture is useless.
member
Activity: 98
Merit: 10
It's the muffins that must be stopped.
Let's imagine a challenge with 4 facts:

1.) There is a merchant out in the world who is offering something you want, (something truly amazing, like an Enzo Ferrari) for 1,000 BTC.

2.) Fortunately, I'm about to give you 1,000 BTC because I owe ya.

3.) Using a wallet of your design, your job is to create a new address to receive this bitcoin into your wallet, and then subsequently spend this bitcoin into the merchant's 3rd party address.  

4.) Unfortunately, the computer you are using is infected with undetectable and unremovable keylogging Malware and screencapture technology.  It's designed to immediately intercept and re-spend bitcoins to a thief's address.  You don't even know its infected.  In other words, as soon as the malware is able to see either your password or your private key, any funds in your wallet will immediately be stolen.

So how can you receive this bitcoin onto the computer's wallet and spend it again without the thief intercepting ANY of it?  AND without changing the current bitcoin protocol?

(Hint: easier than you think, don't spend too much time on it, I will reply with the correct solution in about 12 hours time.)

iirc it is possible to send the coins to me using a multisig transaction (CHECKMULTISIGVERIFY), requiring 2 signatures to spend them: Mine and the merchant's.
The malware only knows my key so it can't steal the(se) coins!
legendary
Activity: 2730
Merit: 1263
If memory is not infected use no password at all and write a script to transfer the incoming BTC to the third party. If memory is infected as well you can pay the third party for me. If that is not an option everything is lost.
sr. member
Activity: 367
Merit: 250
Find me at Bitrated
Let's imagine a challenge with 4 facts:

1.) There is a merchant out in the world who is offering something you want, (something truly amazing, like an Enzo Ferrari) for 1,000 BTC.

2.) Fortunately, I'm about to give you 1,000 BTC because I owe ya.

3.) Using a wallet of your design, your job is to create a new address to receive this bitcoin into your wallet, and then subsequently spend this bitcoin into the merchant's 3rd party address.  

4.) Unfortunately, the computer you are using is infected with undetectable and unremovable keylogging Malware and screencapture technology.  It's designed to immediately intercept and re-spend bitcoins to a thief's address.  You don't even know its infected.  In other words, as soon as the malware is able to see either your password or your private key, any funds in your wallet will immediately be stolen.

So how can you receive this bitcoin onto the computer's wallet and spend it again without the thief intercepting ANY of it?  AND without changing the current bitcoin protocol?

(Hint: easier than you think, don't spend too much time on it, I will reply with the correct solution in about 12 hours time.)
donator
Activity: 2058
Merit: 1054
Stenography is a great example.  Encrypt your data with world class encryption schemes like AES, and then use stenography to hide it somewhere.
You mean "steganography". Stenography means transcribing in shorthand.

There's not a lot of entropy in your obfuscation process, so it can be brute-forced.
Okay. Can you explain in a few more sentences exactly what this means? I am genuinely interested to know if this system can be broken easily.
However unique you think your method is, there is always the chance the attacker will think the same as you, The only thing giving you a guarantee of security is true randomness. If you randomly choose one method out of 1000, there's no way the attacker will pick the same one as you by thinking like you, because you didn't choose by thinking, but by leaving it to chance. It is mathematically impossible to guess your method without 500 attempts on average.

"Entropy" is a measure of how much randomness there is in the process used to generate the method. (It is assumed the final choice is uniformly random among some options.) A process with x bits of entropy means there are 2^x different equally likely choices, and the attacker can't do any better than guessing until he finds the right one.

Foxpup gives an estimate for the amount of entropy in your process.
legendary
Activity: 2730
Merit: 1263
You know BIP 0038? The only thing that is missing is a bitaddress.org integration or a simple platform independant tool (like bitaddress.org) to encrypt/decrypt a key.
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
This scheme can easily be shown to be bogus just by calculating how much entropy each step adds to the "key":

1. Add/Subtract x to each number (e.g. +5)
Zero. x can be trivially derived by subtracting 5 mod 10 from the first digit of the obfuscated private key (since the first digit of the private key is known to be 5).

2. Shift characters along x places (e.g. +7)
Although it may appear at first glance that all values of x from 0 to 52 are equally likely, we know that only transpositions that put a number at the start are valid, and on average, there will be 9 possibilities.
log2(9)

3. Take a memorable name and swop first with last letter and add symbol to the first letter. So if your cat is called fluffy, you could replace every "F" with "y$". You could mix it up by having a personal rule to alternate the symbol with case, so F->y$ and f->y#
We only need to guess the first letter, since we know what the last letter is - it's the one with the symbol after it.
log2(52)

4. Replace a number with a line break (e.g. 4).
log2(10)

5. Transpose lines (e.g. 3 and 2)
log2(3)

Which gives us a grand total of log2(9) + log2(52) + log2(10) + log2(3) = 13.8 bits of entropy. Which is less than a password consisting of 3 lowercase letters. It can be bruteforced with a pencil and paper in only a few days!

Please leave designing cryptosystems to the experts, okay?

EDIT: Typo
hero member
Activity: 560
Merit: 517
Quote
Asking a user to come up with a password with sufficient entropy is a challenge.  That is why key stretching should be used in any key derivative function.
On a related note, I know of a way to harden weak passwords well beyond what a KDF could do.  I might make a thread about it later.
donator
Activity: 1218
Merit: 1079
Gerald Davis
What you are asking others to do: create your own cryptographic function. This is closest to the worst thing to do here.

This  & /thread.

Asking a user to come up with a password with sufficient entropy is a challenge.  That is why key stretching should be used in any key derivative function.  Asking the end user to ignore trusted and peer review cryptographic systems and "roll his own" almost always ends in catastrophic failure.

It isn't difficulty to come up with a cryptographic system that you (the creator) can't break.  It is very difficult to come up with a system which remains strong in the face of crypto analysis.
sr. member
Activity: 354
Merit: 250
Here's why I dislike your method in a practical sense. It makes the human do the work of a computer. Yes we're very bad at mentally generating true randomness. However we aren't so bad at memorization. Reciting a personal tune or poem composed of nonsense is way easier than running a string of characters through several steps of modifications before accessing your private key. Also this uses up brain power that is probably better spent making sure you don't do something stupid like paying an 80 BTC fee. http://blockchain.info/tx/258478e8b7a3b78301661e78b4f93a792af878b545442498065ab272eaacf035
hero member
Activity: 798
Merit: 1000
Quote
And in the area's I am an expert, I would not stomp - like quite a few people did in this thread - on someone who obviously was not an expert, trying to figure something out.
Certainly, but a lot of fields don't involve quite the same risks that cryptography does; doubly so when the cryptography is being used to secure large sums of money.  
I'm going to horrify you here perhaps, but it's only money.

If people were dying, I'd stand for a lot more shouting and viciousness from doctors looking for medicine or to clamp a ruptured artery.

No one is going to die if some guys thinks he's got an interesting idea, which turns out not to be.

This forum went from a place of ideals and principles to what it is now because of money.

I respect your field - cryptography is VERY hard - I have no doubt about that.

And I'd say a lot of the people who make this forum unbearable are *not* cryptographers, just people interested in money. Making it or stealing it. You just have to look at the amount of scams in the Newbies section every day and the fact that it's allowed.

Anyway, I don't want to keep bumping this thread up to the top of the forum, as it may be "bothering" some people Wink

Best wishes
hero member
Activity: 560
Merit: 517
Quote
And in the area's I am an expert, I would not stomp - like quite a few people did in this thread - on someone who obviously was not an expert, trying to figure something out.
Certainly, but a lot of fields don't involve quite the same risks that cryptography does; doubly so when the cryptography is being used to secure large sums of money.  No one is going to die from a bad theory about quantum gravity Tongue  Also, cryptography is one of those strange scientific fields where we can't formally prove much of our work*.  We can build "spherical cows" around the work, but that's about it (most of the time).  Really, our best tools are history, paranoid minds, and big scary clubs to fend off the NSA.

Because of those reason, the problem of sophomorism will be more prevalent 'round cryptography.
hero member
Activity: 798
Merit: 1000
I hope my explanation clears things up a bit.  If not, feel free to ask questions.  I did intend my reply to explain more than it chastises; though forgive me if any parts of it come off as chastising.
There was nothing chastising about your explanation. It is probably the most scholarly and thoughtful message ever addressed to me on this forum. And I appreciate you taking the time to help me, I really do.

You probably shouldn't take the replies here as a good measure of this community.
75% of the replies to any thread on this forum are hideous. Nasty, bullying, unhelpful, misleading, unfounded and vicious. It makes me believe that 75% of the community are nasty, bullying, unhelpful, deceitful and vicious. It's hard to get a true measure of the community when this is what you see every day in every thread  Undecided

The reason why, is that cryptography is hard, and it is very often that cryptographers and related engineers see developers come along thinking that they know better, but end up implementing something horrifying.  Since this is so common, the natural reaction to anyone cooking their own encryption is to, as you put it, bash them with clubs.  Sure, it's not ideal, but it's understandable.  Anyone with a modicum of knowledge in the field grows quickly jaded by all the horrific pseudo-crypto in the world.
I studied hard subjects at university. And in the area's I am an expert, I would not stomp - like quite a few people did in this thread - on someone who obviously was not an expert, trying to figure something out. I hope I'd be more like you, trying to explain the flaw in the logic or how to think about it differently, see it in a different way, clear up the confusion.

I'd given up trying and then your message answered all my questions. Thanks again fpgaminer. You are a decent person amongst many cavemen.
hero member
Activity: 560
Merit: 517
Quote
It seems it's too much to ask experts to spend a few minutes to explain something. I'm not pretending to be a genius, I'm not in the encryption field, I'm just trying to get an answer that makes sense.
I hope my explanation clears things up a bit.  If not, feel free to ask questions.  I did intend my reply to explain more than it chastises; though forgive me if any parts of it come off as chastising.

You probably shouldn't take the replies here as a good measure of this community.  The reason why, is that cryptography is hard, and it is very often that cryptographers and related engineers see developers come along thinking that they know better, but end up implementing something horrifying.  Since this is so common, the natural reaction to anyone cooking their own encryption is to, as you put it, bash them with clubs.  Sure, it's not ideal, but it's understandable.  Anyone with a modicum of knowledge in the field grows quickly jaded by all the horrific pseudo-crypto in the world.
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
This is far from the simplest, nor the most secure.  An offline or paper wallet are simpler and more secure.

I'm sure this could be brute forced some way.  The private key starts with 5, has a checksum, is exactly 64 characters long, etc.
Pages:
Jump to: