Author: yurisvb at pm.me 2023-06-05 14:22:04
Published on: 2023-06-05T14:22:04+00:00
Yuri S Villas Boas has published an article on Toptal's Technology Blog about Formosa, a password format that improves upon BIP39 by allowing meaningful, themed sentences with a regular grammatical structure instead of semantically disconnected words. The article explains that the system is simple and can be understood by any IT professional in less than 10 minutes. Formosa uses a simple fixed grammatical structure for sentences, which allows for easy implementation, customized themes, and keeping legacy BIP39 properties like checksum bits and uniformly high entropy density. This leads to efficient auto-complete and resistance to side-channel attacks.The article also touches upon loss of Bitcoin at a higher rate than it is mined and how non-technical individuals who adopt Bitcoin can feel emotional pain when they lose their patrimony. Yuri argues that we should build a solution for coercion-resistance that is not reliant on obscurity. He also mentions that we lack defenses to coercion that don't violate Kerckhoff's principle by critically relying on obscurity. To this day, there is no scheme, protocol, or ceremony that simultaneously achieves self-custody and coercion resistance with non-obscurity. Yuri plans to make a thread about this critical issue shortly.In response to Keagan McClelland's feedback, Yuri explains that Formosa extends BIP39 rather than replaces it, enabling forwards and backwards compatibility and facilitating adoption. Themes are also convertible into one another, and legacy addresses can be kept even if a user chooses a theme. While Keagan notes that increased memorability could make $5 wrench attacks more viable, Yuri argues that knowledge-based authentication still has some properties that possession-based authentication doesn't. Mitigating the shortcomings of KBA can arguably be done better with 2FA, instead of PBA.
Updated on: 2023-06-16T18:13:53.369825+00:00