Seems like a great guy.
Great video.
Maybe it's all fake.
Don't think so.
You should watch it.
End of post...
JK
So, now let's get into the heart of the topic.
In this scenario, dude had a hardware wallet, his friend bought him some crypto and stored it there.
Price skyrocketed, friend forgot his password.
Can a white hat hacker retrieve his password?
The answer is yes!
So, sometimes I wonder if the real issue is not so much whether the thing we're worried about could happen, but much more about the other thing we hadn't thought about. In this case, if you know the password to get into an account, then hacking the actual product being protected there doesn't really matter. If you can get the hardware to tell you what it knows about your password, then does the level of encryption on what the password protects matter?
We think about public/private key cryptography and the mathematical improbabilities in being able to crack someone's private key. The big fear in all of it is whether a supercomputer or quantum computer in the future will be able to hack SHA-256 or Scrypt (LTC) and render the entire concept of protected encryption on the internet useless. But, the guy in this video, which I believe is being pretty straight forward about his journey to help out a client, trying to find the right method to glitch the normal operations of a hardware wallet, accidentally happens upon a process that generated the actual seed phrase and private key on the screen. From there, he was unable to repeat the process.
I don't doubt it happened, because it isn't really what the video was about, and hey what do I know, right?
But, it brings up the theoretical point. I trust that the elliptical encryption process that is used for Bitcoin works; that is to say, it protects a private key that can validate a public key, and the public key cannot be used to discover the private key. I also believe that things like mnemonic phrases and keystores seem to work for the purpose of gaining access to the private side of the encryption; namely, the wallet with the address, or the wallet that generates numerous addresses.
Aaaaannnnd...
It's also cool that Trezor and other platforms come up with ways to protect people from keystroke viruses and the sort, so all of those things are clever and good.
Here's what the video got me to thinking about.
We have these super awesome explainer videos about how crazy hard it would be to guess a private key and get in to steal someone's coins, and even the quantum experts claim that the QCs are in a primitive state, incredibly hard to program, and won't be good at SHA type encryption, but might be a threat to legacy banking protections (not hard to believe THAT one).
But, the guy in the video, super nice seeming guy, if he actually does what he does, knows how to basically place the microprocessor chip into a state where it isn't performing/functioning properly. The thing we don't think about, is that the hardware wallet can act as your wallet, where your Bitcoin, for instance, is stored, because it knows your seed phrase. It knows your private key. Think about that again: IT KNOWS.
How does it know? Because it has to have the actual correct answer tucked away. It has to be able to run the encryption process and check to see if the answer to the public/private question is accurate. Is this the address? Is this the password? Is this the phrase? If yes, let 'em in.
Glitching processors is testing at the faults in a system, to which there are gazillions in all available operating systems.
If you type a seed phrase into a wallet to gain access to coinage, you need protection from keystroke viruses, or lack of surveillance to see your written paper phrase. If you have it saved in a file on your computer somewhere that no one would think to look, there's a good chance they will never find it, and even a hacker wouldn't know what to do with your stuff to find it either, but the second that you copy/paste it- the vulnerability is there, like a ghost most people don't think about; it's in your RAM, dude! All it takes is "paste". That is, until you copy/paste something else.
So, I ask honestly- for people that go from wallet to wallet with lots of crypto transactions, how often do you go slow, typing it in, while reading off of your paper wallet? Or, for those who have it memorized, there is a moment in time where the computer process is the actual weak link in the chain?
The Trezor and other hardware have their own processes for trying to protect how information is stored and prevent anyone from getting to it even through glitching and the sort. But, sometimes the less obvious thing, is the thing that leads to the real privacy problem.
As is the world today. I've made myself unpopular in certain Bitcoin cliques multiple times by suggesting that some things aren't as rock solid and secure as we might assume. It isn't that Satoshi didn't think of everything; what he did was remarkable, and couldn't have happened without prior partial successes. But, he/they is/are also human. While we may come up with mathematically incredible codes of protection, the truth is it's the 'other' thing we didn't pay attention to that usually gets us.
In that particular case, it was the idea that no one can steal your coins.
Your keys, no government can getcha.
It's a total opt out. Well, there are some folks that are feeling it now that they realize how fast a government can end that dialog. Trudeau proved the measures that every government will follow. Cyprus, Greece and Lebanon and India all did it to innocent civilians in their bank accounts without their having invoked emergency measures, and did I mention they were innocent? The World Bank advised it to their governments. They advised that the US do the same thing in the same scenario. What was the scenario, you ask? Government corruption.
There's the guy who threw the Bitcoin laptop away, instead of the useless one, and lost 1500 Bitcoin forever.
There's the pizza guy, of course :-) Hey, would you rather be rich or be a legend? Nevermind!
There's that poor guy that lost his in a boating accident; what a terrible terrible shame. (hehehe)
All of these things to say that it's worth considering interesting new ways to protect the actual points of failure in this incredible new field. Things like making a guard that protects what sits in RAM so it can't be retrieved even in micro-seconds of computing. Things like making it possible to get your coins to a new, safe location if emergency government orders decide to target you, whether you did anything wrong or not.
See, I don't like good things being used for evil. I don't like Bitcoin being used for illicit activity. But, I believe in stopping the bad behavior, not the materials and mechanisms that they used to behave poorly. It's becoming clear that those in power are losing the relative perspective that rules apply to them, that there are lines not to be crossed, but no gatekeepers to prevent them from crossing them. They will continue to do so.
When I think about the value behind money that is designed to be unconfiscatable, we are living in the world that is the perfect use case. If Bitcoin arrived at the perfect time to offer a solution to absolute bank corruption, Wall Street corruption, political carelessness, then we are very fortunate to have a 13 year stretch of seeing it remain stable among the most dangerous authoritarian systems that exist. We live on the planet with Russia, Iran, Pakistan, India, N. Korea, China, and the US in positions of such instability and corruption, and the regulatory walls are closing in to let us know they do not appreciate us flexing the "freedom" muscle. They have devised very clever ways of blocking off the pass.
Anyway- thought you guys would appreciate the video- I did.
Sometimes the angle we need to view things is different than where we thought, and the points of failure are coming from a completely different place.
And on that note, Crypto Gordon Freeman, the free man, for now... out.