|
Development Recommendation for future-proofing NEM security:
I'd like to recommend two important security features for NEM:
1. MINIMUM pass phrase char threshold enforced by client (i.e. from day 1 you CANNOT use a passphrase less than 20 chars – I feel this was a major omission in NXT's launch and now incomplex passphrases are still allowed due to grandfathering.. Many accounts have been brute forced, and new users are still allowed to use incomplex passphrases)
2. OPTIONAL two-factor authentication: On the login screen there's a button for 'Create High-Security Account'. When clicked:
A. The client generates a file akin to a wallet.dat with a long private key
B. The user is prompted to enter a passphrase
RESULT: Account can only be accessed when BOTH of these are used in conjunction. User will need to backup their .dat file (there should be clear messaging on this). If a hacker steals the .dat file, they still need the passphrase. If a hacker guesses their passphrase, they still need the .dat file. Effectivley this may be the same as having a long random string and a user-dertimed text as the passphrase, but it would at least simplify the entry by automating the long random string via the .dat file.. Perhaps it would be ideal for this to be some sort of dual-key mechanism, though I lack the background to really speak to the ideal implementation.
Please consider this / forward it on to Devs.
|
|
|
|
|
define secure..
for one, it will never be as secure as bitcoin, but I suppose you mean practically rather than theoretically; 'who cares about a few thousand when we're working in the billions' kind of stuff. Then there's the factor of relying on the end user to control their security via a passphrase v.s. a file on their machine that needs to be backed up, can be lost, and can be stolen.. Now we're into the juicy stuff.. totally different security models; cracking passwords v. s. hacking machines.. at the end of the day this depends on the end user and their habits - apples to oranges on that front.
to answer your question:
1. never. I have had bitcoin for nearly 2 years and never lost or stolen any. I have had nxt stolen.
2. after 2-3 years. once it has had time to mature, hackers push the limits of available technology to attack it, and it's value hopefully grows to raise the stakes.
|
|
|
|
Come from Above, you're a piece of work. Take that as you will  |
|
|
|
|
Question: Could a 51% attack result in a certificate / asset double-spend?
|
|
|
|
I think some are literally interpreting the term double spend, which is probably a mistake.. double spending is usually associated to a 51% attack and the result is in line with what the poll referenced above indicated..A double spend is not the generation of new bitcoin, but it's confirmed transactions being reversed.. Confirmed money is in your wallet, then suddenly it's not. This is how satoshi saw it if you read through his white paper, this is also why confirmations are so important (at least 6, preferably 100). I wrote a little blurb on 51% attacks here https://bitcointalk.org/index.php?topic=660959. would love all of your thoughts on the accuracy of it. |
|
|
|
Assuming that it costs $1,850 per TH/s and a network hashrate of 110 PH/s an attacker would need to spend ~$101 million in order to launch a 51% attack. This would account for less then one years worth of Western Union's revenue, however bitcoin does provide for some of this revenue from trades. Western Union does currently have advantages of being on the correct side of the law as they are a registered money transmitter. With difficulty rapidly increasing it will become rapidly difficult to implement such an attack. Additionally an attacker would need to purchase this capacity in the open market and it should be obvious that someone is going to launch such an attack when the price of miners increases with the additional purchases, this would provide opportunity to somehow defend against a 51% attack.
yes, it would cost a small fortune to buy that kind of mining power, but if they started a pool with some amazing value proposition, they could find themselves in a ghash.io scenario, with the majority of the network under their control... "but then everyone would switch pools" probably true, but what if they were operating 2-3 pools? they could still outpace the network and people wouldn't really see it coming.. this is part of the problem with pools - I don't believe satoshi really accounted for pools.. where I'm left curious is around p2pool.. Could a mass migration to p2pool help mitigate the riak of such an attack? would love to hear from someone who is well versed in how p2pool works. |
|
|
|
Who says it has to be about profit? If someone or some organization is to perform a 51% attack, it's very unlikely they're doing it for profit. Once this occurs, all their btc will also be useless too, so they really only have 1 shot at racking in the profit. If they own 51% of the network, it's much more profitable to mine long term. Rather, a 51% attack will be to maliciously kill off bitcoin.
the world revolves around money, it would have to be done for profit. But bearing in mind that Bitcoin threatens the profitability of several other businesses, someone could be motivated by preserving their current profits.. Imagine something like Western Union -- even if it cost them millions, crushing the crypto movement could still net them a profit in the long run.. That said, I can only imagine the backlash were such a business to ever sponsor such an attack and get caught. |
|
|
|
Who says it has to be about profit? If someone or some organization is to perform a 51% attack, it's very unlikely they're doing it for profit. Once this occurs, all their btc will also be useless too, so they really only have 1 shot at racking in the profit. If they own 51% of the network, it's much more profitable to mine long term. Rather, a 51% attack will be to maliciously kill off bitcoin.
as per my conclusion: At the end of the day, the people most likely to perform such an attack would effectively be people with a vested interest in severely damaging or destroying the cryptocurrency landscape; people who were not looking to turn a profit and likely are willing to take a substantial loss in order to cause such damage.
|
|
|
|
|
I see a LOT of talk about the horrors of a 51% attack and very little understanding of what that entails..
This is my understanding of a 51% attack based largely on Satoshi's original white paper. PLEASE do not hesitate to correct me on any of these points.
The Anatomy of a 51% Attack
Prerequisites:
1. A 'Bad Actor' gathers enough hash rate to outpace the rest of the network's block creation for at LEAST 6 blocks (Approx 60 or 120 minutes based on 2 scenarios below)
Scenario a) Bad Actor participates in the network prior to their attack and gradually builds hash rate until it accounts for ~51% of the network's hash rate (luck plays a role beyond sheer % hash)
Scenario b) Bad Actor wishes to go completely undetected and does not participate in the network prior to the attack, in which case he needs %101 of the network's hash (enough hash power to outpace the entire network)
2. Bad Actor has Bitcoin. Probably a lot of it.
Motive
The most likely reason for a 51% attack is to renege your Bitcoin transactions; you can't really steal bitcoin from other people's wallets, but you can send someone Bitcoin in exchange for something else of value then make that transaction disappear.
Another reason for a 51% could be to block transactions -- you could effectively control who is able to send bitcoin by only encoding your desired transactions in the blocks that you solve during your attack, though odds are that the transactions will make it into the blockchain later.
The Attack
If the bad actor is participating in the network prior to the attack (Scenario A above), they would have to pull all of their resources 'offline', effectively disconnecting from the public Bitcoin network and continuing to mine bitcoin in a closed network, creating an intentional 'fork' in the blockchain that would have to outpace the public blockchain. It's notable that this would result in a ~50% reduction in the public network's hash rate, which would be quite notifiable and would double the time to solve blocks (up to about 20 minutes).. 6 Confirmations would now take 2 hours.
The Bad Actor then submits transactions through the public Blockchain, for which they receive compensation; likely something non-physical and of immense value so as to make this a worthwhile endeavor AND to remain anonymous once the attack has been discovered (it may be possible for them to actually get bitcoin in return and retain it; I'm unclear on this) - this would notably require a significant amount of Bitcoin to begin with. On their private version of the blockchain, they move the SAME Bitcoin that was used to purchase their bounty on the public network into another wallet, likely one they own.
Once they have received their compensation / purchases (likely after a number of confirmations on the public network) they open their private version of the blockchain up to the public network and the two different accounts of the Blockchain merge. Assuming they've managed to keep ahead of the public network in block generation, the Public network's Blochchain is nullified and the Bad Actor's version of the Blockchain overwrites it on the public network.. We now have a conflict: the bad actor's Bitcoin was spent differently on the two Blockchains, and as the bad actor's version now overwrites the public network's version of things, he not only keeps whatever he purchased, but he also keeps his Bitcoin (which will likely devalue now that a 51% attack has occurred) safely tucked away in another of his wallets.
Conclusion
At the end of the day, it's simply very challenging to imagine just how anyone could make this a profitable endeavor. Even if you don't have to purchase and operate millions of dollars worth of mining equipment (i.e. you manage a pool and create your alternate blockchain using other miners' hash power), you'd still be hard pressed to assure your safety and anonymity and turn much of a profit.. The presumption is that you begin the attack with significant Bitcoin holdings (which you would retain) and your own actions would serve to devalue this investment. In terms of rewards, there are only so many things of great value that one can purchase anonymously, and a cryptocurrency would probably be one of the most likely candidates, though you would still devalue the markets such that getting a return on this kind of scheme probably wouldn't pan out.
At the end of the day, the people most likely to perform such an attack would effectively be people with a vested interest in severely damaging or destroying the cryptocurrency landscape; people who were not looking to turn a profit and likely are willing to take a substantial loss in order to cause such damage.
Anyhow, I need to go to sleep, but this has been irking me and I wanted to hammer it out.. Would love to see some thought provoking discussion on this!
Cheers
Zachamo
|
|
|
|
Litecoin  Good luck. But if more people think like you.... Donīt forget to sell than  Litecoin is far better than 99.9% of the shitcoins presented here in that forum ~CfA~ What does likecoin have? 1. ASIC resistant (not any more) 2. 2.5 min block (faster confirmations = greater risk in 51% scenario) Otherwise LTC is basically a copy/paste of BTC.. What's so good about that? The only good thing about LTC in my mind is basically the fact that it was second-to-market and has a substantial lingering community. Innovation ~CfA~ In your own words: "the weight of ur argument blows me away." Even better: Litecoin whales have slowly been cashing out of LTC and moving into other coins. It's a dying coin...I'm very dissapointed with the devs of Litecoin, they havent even changed a single thing about it since it was released years ago..
Litecoin has always been known to be a piece of shit even back in the day nobody takes it serious anyway, just a few dorks who took profit from its rise thats all no new news at all ~CfA~ |
|
|
|
@Come-from-Above
You say NEM is a scam so why a NEM adress in your signature?
why not profit off it? theres obvious money to be made. ~CfA~ The depths of depravity just prooved to be an abyss. |
|
|
|
Litecoin Good luck. But if more people think like you.... Donīt forget to sell than Litecoin is far better than 99.9% of the shitcoins presented here in that forum ~CfA~ What does likecoin have? 1. ASIC resistant (not any more) 2. 2.5 min block (faster confirmations = greater risk in 51% scenario) Otherwise LTC is basically a copy/paste of BTC.. What's so good about that? The only good thing about LTC in my mind is basically the fact that it was second-to-market and has a substantial lingering community. |
|
|
|
Excerpts from the origional Bitcoin Whitepaper (Satoshi Nakamoto): "To modify a past block, an attacker would have to redo the proof-of-work of the block and all blocks after it and then catch up with and surpass the work of the honest nodes
[...]
If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favour him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.
[...]
We consider the scenario of an attacker trying to generate an alternate chain faster than the honest chain. Even if this is accomplished, it does not throw the system open to arbitrary changes, such as creating value out of thin air or taking money that never belonged to the attacker. Nodes are not going to accept an invalid transaction as payment, and honest nodes will never accept a block containing them. An attacker can only try to change one of his own transactions to take back
money he recently spent." Also - check out: https://en.bitcoin.it/wiki/Weaknesses#Attacker_has_a_lot_of_computing_power |
|
|
|
You realize that anything that happens to Bitcoin is going to affect every other cryptocurrency. ...
Historically that isn't true. When Bitcoin experienced the accidental hard fork the entire network was affected, both technically and economically as transactions were in stasis and BTC pricing plunged. None of that happened to Litecoin. LOL!
Converting to a SCRYPT coin because you're concerned about 51% attacks? Too much roaving hash on scrypt multipools etc for those to be any more secure than BTC...
What is "roaving hash"? OP, I wouldn't convert all my BTC to LTC. I would however hold some percentage of both. Ask any wealthy person if diversification of assets is favorable or not, and I believe they'll tell you it's generally favorable. Roaving Hash refers to the multipools that switch from coin to coin, and the general massive amount of scrypt hashing power that's out there and not focused on LTC.. BTC has the majority by far of all SHA256 hashing going on in Crypto, whereas Litecoin can only account for a fraction of the overall hashing going on in the SCRYPT realm.. Scrypt it a very different landscape. Regarding the BTC fork -- wasn't that after BTC had exploded but before LTC was really noticed? The price of LTC lagged for quite some time after BTC, but eventually had it's own boom when it went up to $30+ USD.. True that LTC isn't directly tied to BTC prices, but generally when the BTC price crashes, alts don't fare well -- I suspect this would especially true for alts that face the exact same vulnerabilities that would be exploited in this case.. It would be easier to attack LTC than BTC, so an attack on BTC would not fare well on LTC... Can't confirm these numbers, but per http://liteshack.com/which tracks 100+ scrypt coins: ltc hashrate is 468,663 MH/s of 1,589,920 total MH/s (29.477%) - That's a MAJOR liability in my mind.. Bigger than a participatory (i.e. non bad-actor) 51% of the BTC network belonging to one pool. |
|
|
|
|
LOL!
Converting to a SCRYPT coin because you're concerned about 51% attacks? Too much roaving hash on scrypt multipools etc for those to be any more secure than BTC, and as mentioned, an attack on BTC will impact all crypto.
People seem highly confused about what a 51% attack involved:
1. Intent
2. Concerted effort to falsify transactions which will later be nullified
3. >50% of the overall hash rate.. Not just 51% of the current network hash rate, but >100% of it.. You need to run an ALTERNATIVE blockchain that's solving things faster than the real block chain, meaning you need more power than the entire existing network.. Hypothetically you don't need all this hash rate yourself, you just need to be able to split the network and have access to both concurrent networks.. Of course this poses massive logistical challenges.. Also - if Ghash.io were to perform a 51% attack, they would effectivley have to disappear from the network to start their own fork of the blockchain, which would be pretty obvious. People would know it was coming.
4. A crapload of investment in mining equipment (millions of dollars worth), which will severely depreciate if you succeed.
5. Risk: People would be VERY unhappy.
Q: Who stands to profit from this?
A: Only someone enormously wealthy who stands to benefit from the destruction of Bitcoin in a degree that exceeds the cost of duplicating the entire network's hash rate. Not worth it for anyone else.
Just a couple pennies that I'm giving out.
|
|
|
|
|
Smartcoin [SMC] -- loved the initial burst of ~50 SMC to any email address that signed up.. Sure, scammable, but the actual value of that ~50smc wasn't much in the context of early mining, and it's really nice for non-miners to be able to get a free stake.
|
|
|
|
With someone like you promoting this coin, how could it fail?  |
|
|
|
|
Show Posts
