Topic: Obfuscation - only to be used by wizards in magic spells, not cryptography - page 2. (Read 5712 times)

fpgaminer - this is a brilliant and clear answer. Thank you very much for explaining.

I already said I'm not an expert. I was trying to draw Gavin out a bit to explain what he meant, I was not trying to pretend I know more than him.

I was hoping someone could explain why something that seems a "good" idea to me is (or is not) a good idea. Did you read this:


I'm told "entropy". People aren't as smart as they think they are.

It seems it's too much to ask experts to spend a few minutes to explain something. I'm not pretending to be a genius, I'm not in the encryption field, I'm just trying to get an answer that makes sense.

But you can all take your clubs and go back into your caves now, I'm not going to ask anything else. This forum is sick in the amount of abuse it pumps out every day. Thanks to those (very few) that were helpful.

Forgive me if this has already been mentioned.  The method described is, roughly, what existing encryption schemes do.  They are nothing more than scramblers.  Modern encryption schemes like AES evolved from older methods like the Enigma machine.  That evolved from ancient encryption like the Caesar cipher.

A Caesar Cipher is where you take each letter of the message, and count some number of letters further down the alphabet.  For example, A becomes B, B becomes C, Z becomes A.  The word DOG becomes EPH, if shifting by 1 letter.  As can be seen, this forms a simple mapping from one alphabet to another.  AES also maps from one alphabet to another.  Except with AES, the alphabet is very large (2^128), and the way that it maps from one alphabet to the other is so complex that, without the key, no one can figure it out.  Each key in AES creates a different mapping.

Wrapping back around to the method described in the OP, we can see that if you took the sum total of all the steps, what you're ultimately doing is mapping from one alphabet to another.  Given a certain sequence of steps, we can map from a private key to a scrambled key.  We have an alphabet of private keys, an alphabet of scrambled keys, and the sequence of steps describes the mapping between the two.  As the OP mentioned, one can encode the sequence of steps as a list of words/numbers.  This list of words/numbers describing the steps to take is the key (i.e. the password).

Therefore, this is not fundamentally different than AES or any other modern encryption scheme.  As to whether the method should be used, I would strongly suggest no.  This is because AES is well studied by the best minds mankind has to offer.  We know with high confidence that it is secure.  It is also specifically designed to resist all known crypt-analytic attacks.  The method described in the OP is more akin to the Enigma Machine, which was completely demolished by early crypt-analytic attacks developed by people like Alan Turing.

If what you want is "security through obscurity", use the well studied methods for doing so.  Steganography is a great example.  Encrypt your data with world class encryption schemes like AES, and then use steganography to hide it somewhere.  This is well studied as well, and if someone feels that obscurity adds an extra level of protection, that is the way to do it.

EDIT: Spelling; thanks Meni!

Even when Gavin replies nicely, you want to argue that you're a genius. I don't think anyone will be able to convince you otherwise.

I said it was different, not better.

I never said I published a paper in "Encryption Monthly" proving this was a scientific fact. I thought about it, tried to explain the idea and then invited people's opinion on it. Where did I mislead anyone?

An endearing quality. Your mother must be proud.

Look, now I'm being rude! Does that mean I can be elevated to Senior or Hero member status?

Naw, I'd rather not be considering how most of them replied to me in this thread.

gavin does an excellent job of not being rude to people.

i, however, am not as buddha-like. your suggestion to use some obfuscated process to 'protect' your wallet is a classic example of 'security through obscurity'. it is vulnerable to the same threat model as any other method of protecting your wallet short of carefully-implemented multifactor auth:

your machine gets compromised because you clicked on some poisoned link, ran a trojaned executable, etc, and then a keylogger sits on your computer, silently recording all your keystrokes. when you enter your super-obscurely-generated and stored password, it is keylogged just like any other password and your coins are gone.

to suggest that this is in any way better than a normal password, especially from an entropy standpoint, is downright misleading.

Gavin is the man, because he's pretty much the only one who replied without being aggressive or condescending. Why does it "bother" you I asked a question on the forum? That just seems weird on a forum for "discussing" bitcoin related matters.

Gavin is the man. If you like your super secret ninja password protection method, here is one additional step that you have forgotten that goes right with Obfuscation. Obscurity. Don't tell everyone what you're doing. Of course, that's about as good as Obfuscation, but why not combine them? And not bother everyone else?

Just one more example why I think this is different to passwords and possible a lot more user friendly:

Let's say the pin number for your credit card is 3879. Let's just say you've used the same number for years, you know it and will not forget it.

And your cat is still called fluffy

We all know the password "fluffy3879" is weak.

However, depending on how you use them, these are not such a bad thing in obfuscation.

Let's use this memorable number one time:

Alternate shifting 3 from the end to the start, 8 from start to the end, 7 from the end to the start, 9 from start to the end
5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF
9KF5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB
Lf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF5Kb8k
KF5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9
9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF5Kb8kLf

Now let's use this memorable number a second time:
9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF5Kb8kLf
let's add 3 to each number
2zgWQnogidDA09MzPL9TsZZY69hWXMssSzNydYXYB2KF5Kb1kLf
subtract 8 from each number, add 7, subtract 9

Okay, some of that is a bit redundant. You could have more complex rules. But it remains reversible, if you know the steps you used and you know basic adding and subtracting. You can work it all out on paper if you want.

Then use the fluffy word replacing again (step 3 in my first example). But this time perhaps you also replace the second character with the second last l > f. Or l > f%, L > f"

You know your pin number and your cats name, so it's just a matter of remembering the rules.

At the end you have a really wacky string of letters, numbers and strings. It seems to me if the hacker doesn't get the first step backwards to decrypt, then they won't be able to follow through the rest of the steps. It seems that brute forcing would be as random as generating random private keys and hoping one will give you entry to someone's wallet.

These are just my thoughts and I'm definitely no encryption expert. Indeed everyone might decide to subtract 7 from the numbers in their private key and then consider that secure. But I suppose I'm suggesting if we gave people guidance on how to make at least 4 or 5 steps (the same way we explain how to create a strong password), things get quite hard to reverse without knowing the steps. I was only trying to find out how hard or easy people think this would be, given it was very different to a regular password.

If you are worried about keyloggers, then why not worry about malware which simply steals your bitcoins as soon as you use the software? You will also need to decrypt the keys by a chosen method which would then leave the keys vulnerable.

And Gavin is right, I know that when people are asked to pick a "random" number between 1 and 10, a large number of people will choose 7. Watch these:

http://www.youtube.com/watch?v=SxP30euw3-0
http://www.youtube.com/watch?v=H2lJLXS3AYM

lol, okay, fair enough. My thought is that many people are trying to crack passwords, no doubt many people do it for a living. I figured that a custom solution like this would be harder to crack, for the reason that no one would spend there time trying to crack a custom solution. They could never be sure how many people use it, would it be worth their time?

It's more valuable to be able to crack passwords, as they are currently the key to everything we use in modern day society - email, online banking, bitcoin wallets etc.

Obfuscation is a bit different. The idea was also that you *could* use memorable names (like fluffy in my example), which are total no-no's in password selection. You just keep the rules to yourself, which are also a lot easier to remember than strings of random data.

I'll read through the links knowitnothing has provided, as they probably will explain the problems in my logic entropy  

P.S. My approach was also supposed to be user friendly, accessible to non-technical people.

We all think we're very clever at coming up with unique ways to obscure our data.

We are wrong.

We tend to think alike, so pretty much any process you can think up is likely very similar to a process somebody else will think up.

In short: humans are really bad at creating randomness (aka entropy). And we're even meta-bad, because we THINK we're good at it.

What you have done: presented an example of a custom cryptographic function. What you are asking others to do: create your own cryptographic function. This is closest to the worst thing to do here.

Okay. Can you explain in a few more sentences exactly what this means? I am genuinely interested to know if this system can be broken easily.

Do bear in mind that I'm not saying you have to follow the 5 steps in my example above. You can take any approach that shifts and replaces the characters/numbers, in any order, as many times are you like (within reason).

There's not a lot of entropy in your obfuscation process, so it can be brute-forced.

Your "password" is now a series of steps to decipher the key, which you'll need to memorize.

bravo

Please prove this statement and then I'll read the rest of the stuff you've written. Thanks

If you are generating your private key on a compromised computer that is connected to the internet, it won't mater what method of obfuscation you use, your bitcoin are gone.

If you are using an uncompromised computer that is not connected to the internet to generate your private key, then why wouldn't you use the exact same computer (at the exact same time) to encrypt it.


And they can run a brute force attack on your obfuscation for weeks/months until they crack that too.  Since a private key has a specific structure to it, they'll have some substantial hints as to what steps you've taken.  If they have access to your "five seven cat four", they'll have even more to help them along.  You really think that a few character manipulations are more secure against brute force than a reasonable passphrase?


Sure, but that's true if you forget what the acronym means for your obfuscation as well.


You are welcome to your opinion in the matter.

Perhaps.  Perhaps not.  But memorizing what each of those things are supposed to mean to you a few years from now:

Was that a carriage return for the fifth letter of the alphabet, or am I swapping the position of every 5th and seventh character?  Wait, no, I think I was replacing every fifth letter with the letter that occurs 7 places later.  No that's not it.  I think I was using my cat's name for part of it, but I've owned a few cats.  Was it my first cat?  No, I think it was my favorite cat.  Darn it.  If I can memorize a 19 character set of instructions "five seven cat four", why didn't I just memorize a 19 character passphrase instead.  Heck, I could have written it down and stored it somewhere secure (like a safe or safety deposit box).  That way my family would still have access if something should happen to me.

So everyone just uses a password to encrypt their wallet. That's it? That's all the security people use to protect their bitcoin? That may be enough if you only have 1 bitcoin, but it falls a bit short of secure if you have 100 or 500BTC.

If a keylogger is installed, your bitcoin are gone. If someone steals your password protected wallet, they can run a brute force attack on it for weeks/months until they crack it. If you haven't used a massive password, your bitcoin will eventually be gone. And if you forget that massive, unwieldy password of letters, numbers and punctuation, your bitcoin are gone.

I'm suggesting an approach that is simple and personal to the person that uses it.


Memorising "five seven cat four" is not difficult. And as I said, you can write it down if you really want to. All you've got to do is come up with a fairly simple shorthand *you* understand, using names and numbers that have a relevance to *you* (which are fundamentally BAD to use in a traditional password) and *you* have uncrackable wallet security.

So you figured another complex solution was a great idea?


And this is somehow less complex than:

• type password
• remember password