There is something called the "gun test". The crypto on an encrypted hard drive is not more secure than the gold bars in a locked safe. Its security is a function of how the secret holder response to gun-on-their-head events. In this case, since the government is directly involved (and angry), a lot of criminals may pick personal safety over assets.
Frankly, I think a large portion of cryptocurrency proponents are overly confident in its "decentralization" and "safety". Cryptocurrency is only as safe as gold bars in a locked safe; and worse if you use a public exchange.
Also perhaps a fair reason for some part of taxation. Owning millions in .*coin, and the ability to freely wander around in a first world country while not getting hit with a wrench has a whole lot of value.
Indeed, something I've tried to communicate to wealthy friends and family is that a higher tax rate,used halfway effectively, means you don't have to live in a gated community, in fear. You can roll around in your Ferrari, live where you want, and be reasonably safe.
This is commonly referred to as Rubber-hose cryptanalysis:
In cryptography, rubber-hose cryptanalysis is a euphemism for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion or torture[1]—such as beating that person with a rubber hose, hence the name—in contrast to a mathematical or technical cryptanalytic attack.
Julian Assange and a couple of others developed a file stem called Rubberhose to avoid this problem. All of the filesystem structures, data, and free space are indistinguishable from noise without the decryption key. The system always sets up some portion of the filesystem as unusable space that's initialized to noise. This space may contain another Rubberhose instance, which would also have some unusable space in it.
If you're tortured to keep revealing keys to deeper and deeper volumes, eventually you're going to hit a point where there are no more volumes, but you can't prove it.
I think the original threat model was someone willing to torture you, but willing to accept plausible deniability once you'd revealed some moderately sensitive information.
In reality, if someone is willing to torture you a couple volumes deep, there's a good chance they're going to just keep torturing you forever. Rubberhose may still work in this model, since in theory the promise of avoiding torture loses most of its power. The downside is that once you format a partition with Rubberhose, you're resigning yourself to being tortured forever.
While I tend to agree with your argument, there is a difference: crypto is safe if no one knows it exists, or rather no one can link ownership to owner.
I think you're missing the point entirely. The government can't seize your virtual coins, but the only point of money is to spend it on actual goods, which the government definitely can seize.
A. You can store redundant copies in various secret locations.
B. To bury gold you must transport the valuable property in meat space to your hiding spot after acquiring it. With cryptocurrency, you hide the secrets before they have value and transfer the funds to them without new data actually traveling to the hiding spot, electronically or physically.
The hiding crypto from government entails im large part avoiding taxes, yet it seems like the government does not do much to recover lost taxes on current schemes such as fiscal paradises and so on. I doubt the governemnt would go as far as locating a harddrive, seizing it just for tax purposes. Something else must raise their flags for them to go that route. Also this route is very hit and miss in my oppinion and on a case by case basis
> They would need your private key and your hard drive?
Most people serious about cryptocurrencies do not trust computers/harddrives anymore since years. They use "hardware wallets", which are HSMs with a very small attack surface. It's not impossible that hacks happen but there's a gap so wide between "a Windows 10 computer running some Bitcoin software wallet" and "a Ledger Nano S" hardware wallet that it's basically two different worlds.
Think a Yubikey (with a tiny screen) to cryptographically sign your transaction.
$5 wrench attack still works but compromising your private key(s) by "logging every OS keystroke in the name of telemetry" or "using one of the tens JavaScript 0-day from today" doesn't.
The idea behind these cryptocurrencies hardware wallets is that ANY computer you connect them to is compromised (which is precisely why you're using an hardware wallet) and that, yet, that's not a problem.
I have to say: it's not a bad way to think about computer (in)security.
Note that hardware wallet attacks tend to get published at least once per year, but so far most/all of them have relied on physical access. Not just sending some buffer overflow via the USB link, but actually opening up the device and messing with capacitors or something.
How can one trust the hardware keys though? The manufacturer/supplier could have installed a backdoor (very reasonable to do, as people paying for these keys are likely to have sth valuable).
In general, you store the keys of your coins, not the coins themselves. Everything is inside the blockchain and the blockchain makes possibile to be sure that you have what you should have, thanks to consensus.
Based on Snowden's stories you can assume that they went ahead as fbi/CIA national security threat which could mean fast access to isps and using zero days they do have.
If that's not enough and anyone of them is in the USA they do have access
Can your wallet be hard to crack? Yes but either use your zero day to get all data including a Password or book a little bit of supercomputer time for brute forcing.
They might have linguists available to help out with a dictionary attack.
As aluminum foil hat this might have sound in pre Snowden that's how it could have been played out.
As someone else said, you do not store coins anywhere, they are derived from the public ledger (block chain).
What you store is your private key.
Your private key was generated together with your public key, and your public key is, well, public.
So the question is, can someone re-generate your private key?
In theory, yes, it is possible. In practice, it takes a very very long time.
But sometimes flaws are found in the generation process, like a weak pseudo-random number generated used, which significantly reduces the solution space, and then it becomes feasible.
iF you store your coins on a storage device not connected to a computer, maybe. As long as the government does not have access to the computer/phone the storage gets connected to, at any one time.
With state actors, you have to assume they have access/backdoors to most modern computing devices, and that device has to connect to the internet only twice - feds activate the backdoor and give it instructions, and have the device send the requested info back to the fed.
Minix being the most popular operating system, thanks to Intel-backdoor-on-a-chip, is only the tip of the iceberg.
aes 256 is as strong as the decryption key . even as few as 7 words from a 2000-word dictionary should thwart any attackers. A slow KDF makes it all but impossible.
