Bitcoin Forum

http://www.businessinsider.com/dan-kaminsky-highlights-flaws-bitcoin-2013-4


http://www.businessinsider.com/dan-kaminsky-highlights-flaws-bitcoin-2013-4

Wow, this was a really great read.

moar

that was good.

what, can't hack it?  what would all the Bloomberg ppl say?

I'm having trouble enjoying this - he obviously doesn't understand how difficulty governs the hashpower thrown at the network. I'm actually stunned he can't figure that out.

he also can't seem to understand the anonymity features around stolen coins even though their movement can be tracked via the blockchain.

the other thing he doesn't understand is that the "large actors" that he says could rewrite the "truth" of the blockchain merely consist of individuals who can abandon those pools at the drop of a hat. 

the system is such that it encourages and rewards telling the truth and will punish those actors who try to obscure it.

the quintessential example of this is Eleuthria's latest actions.

it was he who voluntarily decided to revert from 0.8 to 0.7 in reviewing the IRC discussions at the time.  Gavin and other devs did not force him to do so.  he saw that it was in the interest of the network to prevent any single individual from losing money.  he was voluntarily rewarded a few weeks later by Gavin reimbursing him for his gratuity from the Faucet.

the second example is Eleuthria voluntarily limiting the growth of BTCGuild to 40% of the network.  once again, he understands the importance of maintaining confidence amongst the individual, small players in the network.

this is what makes Bitcoin great.  you won't get that shit from Ben Bernanke.

I highly enjoyed reading this.

His last concerns, about the technical choice of pure hashpower instead of some other feature to boost decentralisation, can be counter-argumented analysing the cost/return of such attack.

The system is built at the premisse that if you can arrange some hashpower into Bitcoin, it's massively more profitable to HELP (mining and earning coins) the network instead of attack it.

Of course, some people would love to see the world burn, but that doesn't mean that they can arrange the sufficient power to do it (both financially and/or without accomplices). Bitcoin is like the internet or electricity, it will improve the life for everyone.

Let me share with you here a portion of an article from GBBG Blog:

"Bitcoin Hacks
So often the media misrepresents the truth about hacking. Nearly 100% of the time, when a news release discusses a recent ‘hack’ on a product or service, they are entirely incorrect. When it comes to bitcoin, this is fully the case. Bitcoin has NEVER been hacked. Many articles have surfaced recently alarming the general public with reports of bitcoin hacks. While these articles do a good job of causing panic and short-sighted sell-offs, enabling our managers to purchase BTC at a massive discount, they are malicious lies.

Bitcoin is a protocol, like email is a protocol. It is not a company, a service, or an organization. In the four year history of Bitcoin, the protocol has functioned near flawlessly. With only a very few exceptions, such as the recent branch in the blockchain, the protocol has delivered above and beyond expectation. As a protocol, Bitcoin has never been ‘hacked’. Therefore, the fear mongering and misrepresentation of the general media is unwarranted.

The real truth is that certain individuals, through their own security flaws, have allowed their Bitcoin Wallets and the servers that manage them to be hijacked. Every single instance of ‘Bitcoin hacking’ that has been reported by the media is actually a hijacking. There is a major difference between the two. Hacking a system is the complex process of decrypting the passwords or other security measures in place to protect the system. Hijacking is the more simple process of fooling someone into handing over passwords and other details necessary to gain access to a system.

We have yet to see a true, definitive case of hacking within the Bitcoin protocol. However, because people are people, we have seen many cases of hijacking. The media chooses to report these hijacks as ‘hacks’ and uses this as a reason to distrust Bitcoin. In our opinion, they should also apply this philosophy to email. Since so many individuals have allowed their email accounts to be hijacked over the years, the entire world should discard and distrust email altogether. Their assertion that Bitcoin cannot be trusted or ‘valuable’ over time, because individuals have allowed their wallets to be hijacked is the exact same as the assertion that email cannot be trusted or ‘valuable’ over time because individuals have allowed their accounts to be hijacked. Both are extremely stupid assertions.

Bitcoin is a protocol. Email is a protocol. TCP/IP is a protocol. And, as with the early days of Email and TCP/IP, the Bitcoin protocol will have its ‘maturing’ and ‘vetting’ process. We urge our members to read carefully when idiots in the media report ‘bitcoin hacking’. A stupid fool who says Bitcoin has been hacked is just as ignorant as one asserting that Email has been hacked. If an individual does not take the proper security measures and they allow another individual to hijack their wallet, that is NOT hacking. And the fools reporting such in the media should be ignored."

I haven't looked closely but at a minimum there were stolen coins from bitcoinica that were distributed randomly to IRC users and others:

Bitcoinica stolen coin returns
 - http://bitcointalk.org/index.php?topic=82581.0

and there've been many various successful exchange hacks so while some might have held onto the loot, others certainly have mixed and cashed out.

List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses
 - http://bitcointalk.org/index.php?topic=83794.0

I call it the capital C indicator.

Anyone who writes "BitCoin" is guaranteed to have at least one major misconception.

I'll say it again.

The geeks fail to understand that which they hath created.

Really glad to read this.
Dan Kaminsky was quite vocal a few years back about bitcoin, for the reasons he explains. Having him preaching the qualities of bitcoin from a security standpoint can only give more confidence to people :)

While I'm glad Dan has written this, what amounts to a retraction of his previous what I would call denigration of Bitcoin, I'm also a little saddened.

It is like when watching a great champion get beaten in his twilight years ....

Nah man, there is so much more to securing the network.  The hash produces a proof of work, not much moar.  There's the need to secure the sig scripts so that tx's can't be altered.  There's the need to prevent DDoSing the network overall with packet floods, all kinds of quirks to the protocol.  So many possible attack vectors that satoshi practically covers them all in the 0.1 release.

Some day he will get a nobel prize in economics for this invention.

.... a Nobelesque prize to recognise society-changing coding/engineering feats ... like TCP/IP, WWW (http) , linux, etc ... particularly open source, i.e. non-commercial contributions?

While I like the empathy, I would have thought the important lesson is that after getting knocked down, he had the fortitude to get back up.

I can't imagine him being a single person. If he/she is, must be the Newton of our age.

Empirically true, similar to usage of the "the" prefix.

It's the opposite of big government supporters' logic, which is "If we don't tax and regulate the rich guys like hell nothing  can stop them from keeping all their wealth to themselves and abuse their influence and power! They don't care about the poors, and will only try to exploit the whole society as much as possible!"

Why not give the free market a chance?

I'll stick with his opinion about the network security, not about the political implications of Bitcoin.

Dan Kaminsky verdict: The network is robust at the lower level. It can scale. Entire classes of bugs are missing. An exploit would be discovered years ago in the beginning. The C++ language was a good choice, if Satoshi knew what he was doing. And there's interesting work to be done.

The nice thing is that maybe 10-20 years from now, when Bitcoin will be used in all major institutions as a world wide currency, he can get out and tell us his (or their) story, and he will be able to prove he is who he claims to be because he can sign a message with the key used to create the genesis block.