> ENCRYPTION_KEY = SHA256(SHA256(TOKEN)) This scheme might be vulnerable to rainbow table attack. The following scheme might be more secure: DESCRIPTION = ASCII description provided by user NONCE = 256-bit random number ENCRYPTION_KEY = hmac-sha256(key=NONCE, msg=DESCRIPTION) Coordinator distributes DESCRIPTION (fka TOKEN) together with NONCE to the signers. Also, is there any reason why you'd want to disable encryption? Why not keep that as mandatory? On Tue, 9 Feb 2021 at 12:39, Hugo Nguyen via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > > > On Tue, Feb 9, 2021 at 2:19 AM Christopher Allen < > ChristopherA@lifewithalacrity.com> wrote: > >> >> >> On Tue, Feb 9, 2021 at 2:06 AM Hugo Nguyen wrote: >> >>> >>> I don't think reusing XPUBs inside different multisig wallets is a good >>> idea... For starters, loss of privacy in one wallet will immediately affect >>> privacy of other wallets. I think multisig wallets should be completely >>> firewalled from each other. That means one unique XPUB per wallet. This is >>> what we have been doing with the Nunchuk wallet. >>> >> >> To be clear, I have stated repeatedly that xpub reuse into multisig is a >> poor practice. However, finding a trustless solution when a wallet is >> airgapped with no network, or is stateless like Trezor, is quite hard. >> >> The challenge also includes how does an airgapped or stateless wallet >> know that it is talking to the same process on the other side that that it >> gave the xpub to in the first place. Without state to allow for a >> commitment, or at least a TOFU, a cosigner who thought he was part of a 3 >> of 5 could discover that he instead is in a 2 of 3, or in a script with an >> OR, as some form of scam. >> > > The shared secret approach that I mentioned in the proposal actually can > help you here. The TOKEN doubles as a session ID - thereby establishing a > common state on both sides. > > Best, > Hugo > > >> >> — Christopher Allen >> >>> _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > -- Best Regards / S pozdravom, Pavol "stick" Rusnak CTO, SatoshiLabs