On Tue, Jan 09, 2018 at 12:43:48PM +0000, Perry Gibson wrote:
> >Trezor's "plausible deniability" scheme could very well result in you going to
> >jail for lying to border security, because it's so easy for them to simply
> >brute force alternate passwords based on your seeds. With that, they have proof
> >that you lied to customs, a serious offense.
> The passphrase scheme as I understand it allows a maximum of 50 characters
> to be used.  Surely even with the HD seed, that search space is too large to
> brute force.  Or is there a weakness in the scheme I haven't clocked?

While passphrases *can* be long, most user's aren't going to understand the
risk. For example, Trezors blog(1) doesn't make it clear that the passphrases
could be bruteforced and used as evidence against you, and even suggests the
contrary:

    Since the passphrase is never saved on the device, this means that there is no
    wrong passphrase. The device does not know which one you have chosen, and
    therefore all of them are correct! Given the same seed, for each and every
    letter combination used as a passphrase, a different wallet will be generated.

and:

    Since there is no way to prove that there is any wallet beyond the ones
    that you have admitted to, the “attacker” will have to be satisfied with
    the revealed ones.


Also note how this blog doesn't mention anti-forensics: the wallet software
itself may leave traces of the other wallets on the computer. Have they really
audited it sufficiently to be sure this isn't the case?

1) https://blog.trezor.io/hide-your-trezor-wallets-with-multiple-passphrases-f2e0834026eb

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org