CRYPTOCURRENCYJul 28, 2018Rob Loggia
I recently purchased a Bitfi Cryptocurrency Wallet and published a review of the device after giving it a test run. The cost was only $120, so in that regard this was not a major purchase for me. However, this purchase is intended to secure far more money than $120, so before buying one I did my own research. This may seem strange considering I work with John McAfee. Shouldn’t I just take his word? Well on most matters I do. But when it comes to securing my wealth and assets, there is no one person whose word I will take. So I instead took a deep dive, and given how important this is to me, my research is ongoing.
Over the last several days I have seen a few negative “reviews” of the Bitfi online. The word “reviews” is in quotes because none of the pieces I have seen were written by people that actually owned the device. A strange way to review a product, and most of these were just rants by clearly disgruntled anti-fans of John McAfee. Yes, that is a thing for successful people, and McAfee has plenty. Even the real Satoshi Nakamoto has come out of the termite-infested woodwork once again to tender his opinion on the Bitfi, for whatever that is worth to anyone these days.
One “review" stood out from the pack. Not because the author actually owned a Bitfi (he didn’t). This “review” was interesting because the person writing it had some credentials within the information security field. As a result, other people were extending credibility to the review, sharing it on social media to help it reach more eyes. I personally doubt most of these people actually read the article. Had they done so, they would not have shared it, even if they still held the author and his other work in good regard.
I did read the article, striving deliberately to do so with an open mind and open eyes. I’ve found that while many appreciate my open mind, less people appreciate my open eyes. Using them, I can see things that the author does not intend me to see as part of their arguments, but that are nonetheless highly relevant.
Most authors, especially in technical fields like math and technology, would like the audience to believe and accept that their work is clean of any psychological taint. Indeed, this is the very essence of the goal for what we call science – the discovery facts bereft of opinion and motives. As human beings, we usually fail, and the hallmarks of this failure are often in plain sight for open eyes to see.
So with open eyes, let’s dive in to Ryan Castelluci’s “review” of the Bitfi, unabashedly titled “Bitfi’s Hardware Wallet is Terrible.” In one important regard, Mr. Castelluci has the advantage over me. I am not a trained cryptographer, and most of what he writes on that subject is Greek to me, and probably to you. We must be on our guard, because an unscrupulous author will seek to use this advantage and blind the audience with science, and we don’t want that happening to us.
Castelluci makes several different attacks against the Bitfi. The first is a general objection to the security of brain wallet schemes. The author does not believe that these are secure. The next is to call into question the actual encoding scheme used by the Bitfi to calculate private keys. This is where the science comes in. Next, he goes on to attack the nature of the bounty offered by Bitfi to hack the device, describing the terms as unfair and the goal as unrealistic. Finally, not content with the technical aspects of the discussion, several attempts are made to question and impugn the reputation of the people behind the device.
Let’s take each point and examine it.
BRAIN WALLET NOT VERY MUCH GOOD
Castellucci's first argument is that brain wallets are not 100% secure. This is unsurprising, given that the author appears to have made a small name for himself attacking the concept, and has given a few talks on the subject. At one point he developed a tool that hacked brain wallets en masse by guessing weak passphrases and brute forcing addresses. Pretty clever, that.
But how clever is it? The first problem is that Bitfi is not a pure brain wallet. It is a hardware wallet that allows you to store all your money in your brain using a similar scheme, but with added protections and device support. A brain wallet is simply a tool that allows you to generate a private key from your phrase for one currency and store it offline. The Bitfi does much more than this, both in terms of actually using cryptocurrency and in terms of authentication. So arguments against a "pure" brain wallet do not allow us to dismiss the Bitfi.
But I kept reading, and even jumped out of the review and into some of the documents on the author’s site, hoping there was more to it than that. Even though Bitfi is not a pure brain wallet, Castellucci is saying these too are insecure. Surely, this suggestion must be based on something more than the fact that some people will choose a weak phrase, thereby failing to take any reasonable steps to secure their belongings. I know people that, in this day and age, still leave the front door key to their house under the mat. Does this mean to Mr. Castellucci that all door locks are useless?
Using a weak passphrase with a brain wallet scheme, or any scheme for that matter, is the equivalent of leaving the key under the mat. I cannot dispute that if someone selects “i love dogecoin” as their phrase, someone will be able to easily brute force open it. But I also cannot accept this as an indictment of the scheme, and especially not the Bitfi. The instructions that come with the Bitfi are very clear about the importance of selecting a good phrase, and offer advice on how to do it. And the Bitfi will not accept a phrase shorter than 30 characters.
In reality, this is a question of psychology, not math, and I do not expect a cryptocurrency wallet that I purchase to solve the psychological dilemmas of others. I expect it to protect my coins. While it is nice to see technologists consider the human element for once, they have chosen to focus on something they cannot fix. There will always be someone that will inhale the spraypaint deliberately, or fail to apply primer first, or... you get the picture. This isn't a problem we can, or should, look to solve with technology. I am amazed, after looking, how much time security "researchers" have wasted on this. Yes, bad passwords are bad. And strong passwords work. Can we please move on?
I remain confident that the Bitfi can protect my coins, even after hearing Mr. Castellucci's arguments against brain wallets and similar schemes. My loooooong passphrase contains letters in both cases, numbers. multiple symbols, multiple spaces, and at least one word that does not exist except to me. I have not written it down, and I cannot possibly forget it. Any password generator that I can imagine being built will take a damned long time to guess it. And this would probably be around the time the room full of monkeys comes through with the Shakespeare manuscript.
WHY NO DO WORK FOR ME
The next item placed under scrutiny by the author is the generation scheme used by Bitfi for the phrase→key translation. Is the Bitfi using a secure formula for this important calculation, one that does not leak information or allow the key to be reverse engineered without knowing the phrase? An interesting thing happens here, because while I was the one expecting to be confused, it appears that Castellucci is the one laboring within a fog.
Castellucci appears to want to say that the scheme used by Bitfi is insecure. Certainly this is the impression he appears to want the reader to gain. And yet he cannot bring himself to say it. His examination with the formula revealed that it was largely based upon two tried and tested schemes – BIP32 and scrypt, perhaps mixed with some homebrew. I cannot find anything suggesting that these schemes are unsuitable for the purpose, and apparently neither can the author.
His entire argument against the formula, it seems, is based on the level of openness provided by the platform - whether obscurity was being used in place of security. Since the author was able to determine pretty quickly how the work was being done, it would be strange to take his word that there is any meaningful use of obscurity as an ersatz for security.
A more likely explanation for what is seen is that many commercial vendors don’t feel an obligation, even while otherwise acting in a spirit of openness, to make things easy for potential competitors. Must Bitifi also provide the typewriter upon which security researchers type their thesis on how lousy the Bitfi is? Bitfi obviously provides what is needed, or the author’s analysis would not have been possible. I see no moral or ethical obligation for them to make it easy and free of work as well.
Again, none of this addresses the actual security status of the device.
ME DESIGN CONTEST, THEN ME WIN
Mr. Castellucci's next objection is the nature of the hacking bounty program offered by Bitfi. The contest terms are simple - steal the coins out of a Bitfi and get $100,000. Sounds very practical to me, but some people, mainly security researchers, don't like it. Castellucci claims that the contest is “unfair” and that “the sole purpose of it is to discredit security researchers like myself who raise concerns about the design of their product.” It would seem as if Mr. Castellucci would like to design the competition before he enters it, specifically the part where he would have to successfully breach an actual Bitfi and take actual coins.
The entire discussion wreaks of a phenomenon I described in my original review of the Bitfi. Technologists and scientists often demonstrate difficulty for looking at problems and solutions within their field of study as human issues rather than simply as technical puzzles. All technology, in my view, should serve humanity, and it is only in this regard that it is important or interesting. Ordinary people living their lives have no interest in the pure science of anything. Does it work, or doesn’t it, is the only relevant question.
Scientists hate this fact, and many regard the rest of us as philistines for this belief. But I feel no shame in it – I am proud of it actually – and again maintain my stance that the only relevant question for a cryptocurrency wallet is if people can steal the coins out of it, provided it is used as directed. If they cannot, I do not give a single shit whether there is pure science left unsatisfied in the design. The eggheads are certainly free to discuss it, just as I am free to ignore their ramblings and to keep my Bitfi and use it. You are too.
This is one reason why the bounty program is fair. Another really important one is that it is Bitfi that is offering it. Anyone is free to offer their own bounty on the Bitfi, with their own prize paid out of their own pocket, and to set whatever requirements they wish. I see no reason to care about the hurt feelings of security researchers, or to use those arguments to draw negative conclusions about Bitfi.
BUT LOOK - SO BAD, BAD MEN
Failing to score any meaningful points with science, Mr. Castellucci falls back on an old standby – personal attacks. Throughout his piece, he includes sentences and links designed to suggest that the people behind Bitfi are scammy people that should not be trusted. I suppose if you have no sound technical arguments, you need to find somewhere to hang your hat.
Personal attacks can be found throughout the document, but the last paragraph and sentence of the “review” is the most obvious example. In it, the author links to a civil lawsuit against one of the founders of Bitfi. He suggests that the author was “in trouble with the SEC.” Yet this appears to be slanderous. The defendants prevailed in the lawsuit, a civil case that requires no proof to file. The Federal Judge upheld that Khesin did everything properly and dismissed the plaintiff’s case.
All of this leaves one very strange and interesting question: why? If Castallucci was truly a disinterested security researcher as he claims, why go to the trouble of including all of the ad hominem attacks? The science should speak for itself, and the author should not wish to be distracted by any other subject.
The content of this review speaks to a vitriol underlying it. The source of this vitriol, despite the protestations of the author, cannot simply be outrage on behalf of humankind. There has to be more to it than that; this seems very personal.
While the answers are not evident within the document, Twitter contained some clues as to a potential motivation that would fit, psychologically, with the production of this document. It appears as if the author originally wanted Bitfi to employ him as a security researcher for the product, revealing “vulnerabilities” in return for pay. However, his heavy-handed approach was not met with success. So he raged.
ME FEEL TIRED
This kind of extortionate behavior is a known problem in the security industry, with “security professionals” routinely threatening to make companies look bad, or even to expose their data, if they don’t take the ever so reasonable alternative of simply paying the researcher. It is ugly, but it is real. And in this case, it explains that missing piece.
Underneath his angst surrounding this matter, there are clues that Castellucci does wish to be fair in some small, probably primal, way. He admits, after covering most of his points, that “for the some users, this really will provide adequate security.” I suppose I am one of those the some users. It will take more than his arguments to pry me off my Bitfi. Do your own research, and I think you’ll agree.