3. What gives us the expected quantum Internet?
It would be correct to call it photonic. Photons can be transmitted not only via fiber optic cable, but also "over the air." Which was tested successfully in the last century.
But, this technology is applicable only to special organizations, in the option "only photon interent". We, in everyday life, will have to use sections of wifi or 3-5G to the fiber optic section. And this means all the problems - come back, phishing, attacks on devices, a person in the middle, etc.
It depends what we are sending over traditional hackable channels. Thinking in classical terms, you send the entire communication through that route, and so you introduce vulnerabilites. But using a quantum approach, it doesn't have to be that way. Quantum entanglement offers a solution - if the entangled photons are sent one to each party, sender and recipient, then the sender can make their photon interact with the data they want to transmit. This measurement alters the entangled photon at the other end as well - transmission of information via this method is Einstein's famous 'spooky action at a distance', a.k.a. quantum teleportation. The thing that is then sent through the classical channel is only the result of the measurment, the interaction between the sender's entangled photon and the information they wish to transmit. Anyone who hacks this message gains nothing, as it is meaningless by itself. However once the legitimate recipient receives this information, they can then decode the message, because they have the other photon. It is fundamentally unhackable because only sender and recipient have the entangled photons, and because the laws of quantum mechanics mean that any act of measurement, which includes any attempt at hacking or eavesdropping at either the sender's or the recipients' end, alters the state of the entangled photon at the other end, too. It's this sort of approach that makes me think that quantum cryptography (as opposed to post-quantum cryptography) has a lot of merit. Lattices and elliptic curves and so forth are not fundamentally unhackable due to laws of nature, whereas processes exploiting the laws of quantum mechanics are - or at least can be. There will of course be huge technical challenges in implementing a quantum-cryptography approach... but work is underway, not just by the Chinese but also at QuTech in the Netherlands (where they are trying out quantum teleportation, as in the link I gave previously). Here's a diagram giving a brief summary of how quantum entanglement can lead to an unhackable solution (again from my previous link). The pictures are perhaps more eloquent than my chaotic rambling:  --------------------------------- You probably know more than me. Explain how you can have a photon associated with the transmitted, if you are not connected directly to the photon transmission channel? If you, more precisely your device, are the locator in the same “photon” system with the transmitting device, then physics will work. And if you hold in your hand a smartphone that is connected to the Internet via 3,4,5-G, then how will you have a coupled photon? In addition, it is such an expensive pleasure that quantum cryptography (photon transmission), as far as I know, is needed only in order to exchange the same private keys in this way to use a symmetric encryption system. For the reason that the symmetric AES-256 is not opened by any quantum computer, because in the symmetric key any variant of a key of two to the power of 256 is possible. And in asymmetric - far from it. For example, in RCA, a key length of 15,300 bits is equal in strength to a 256-bit key in AES. I do not discuss elliptic cryptography - it is probably hacked for a long time and completely not by exhaustive search, but by cryptanalysis and the presence of vulnerabilities in the elliptic curves themselves. In serious organizations, it is prohibited for use. If in a symmetric AES system you increase the key by 2 times (256-512), then the load on the computer will increase by about 2 times. If you increase the key by 2 times in RCA, then the load will increase by 8 times with a key length of 1024 bits - 2048 bits. Therefore, in quantum cryptography - it makes no sense. There is a post-quantum AES system, and all she needs is to exchange keys without using dangerous asymmetric cryptography. Therefore, if you have a smartphone with Wi-Fi, then no quantum Internet will help you, only post-quantum cryptography. |
|
|
|
Google has come up with quantum supremacy through which calculations can be performed in a very short time and the same can't be cracked by the conventional conputer used all around.
This serves to be a tool in the hands of hackers, criminals to crack blockchain based cryptocurrencies like bitcoin ans others to be the targets. Also it is stated to crack the encryption upon which the internet is built on. Later news revealed it isn't that powerful to crack bitcoin. Right now it has got only 53 qbits, to crack the bitcoin there is need for at least 1500 qbits. This way no nees to fear about the encryption of the algorithm.
It will take a long ass time before Google hits the sweet spot for cracking the algorithm. Heck, our lifetimes may not be enough to see the light at the end of that said tunnel. Needless to say, bitcoin's current encryption is still good to go and is currently quantum resistant by any means. Also, there's no way large companies such as Google will ever use their quantum computers on doing such, and may just use the tech into something else, especially theoretical modeling and running simulations of other important things. ---------------------------- The Google company itself may not be doing this, although it is not the only one who makes a quantum computer. But strangers will do this for two reasons: 1. All companies that publicly announce the construction of a quantum computer - all provide access to it on a commercial basis! This is a disturbing fact. And the Amazon company - purposefully plans to deal only with such services and writing quantum software. 2. Think of those who are used to stealing. And most importantly, cryptanalysts. Their mathematical methods reduce the number of options that need to be sorted out. And quantum computing is what they need. If a simple search and a simple computer need 10,000 years, then a quantum one - 3 minutes. This is without mathematical methods. If you use cryptanalysis, then reduce this time by 1000 times. But I'm not talking about this, but about the fact that this happened in 2015-2016, that cryptography on elliptic curves became dangerous? Then there were still no quantum computers. |
|
|
|
" if bitcoin later becomes a traceable Currency" Well, bitcoin is already traceable. In fact, you can look at the transactions being made right now through block explorer sites like Blockchain.com[1]. Hence why you mostly see funds stolen by hackers being stationary, as they definitely wouldn't want to be sending the funds on exchanges as this would most definitely expose who they are.
[1] https://www.blockchain.com/btc/unconfirmed-transactionsCorrect, it is traceable but we can't yet track the whole thing and give an accurate result of who is the hacker, something like that, where he live, how old is he, so on and so forth, maybe that was OP wanted to say, to have a more advance tracing process. All that we could track also as of now is the IP address (hoping the hacker or scammer is not using a VPN), that uses different IPs whenever they want to. --------------------- Sorry for the clarification, but VPN had not been traced before, like the TOR. It was yesterday. Now both technologies are traceable, you just need to have a tool. Moreover, it turned out that these technologies supporting anonymity on the network - have huge vulnerabilities that allow smart people to exploit your entire device. And even determine which keys you press on the keyboard or on the screen. This is today. |
|
|
|
Google has come up with quantum supremacy through which calculations can be performed in a very short time and the same can't be cracked by the conventional conputer used all around.
This serves to be a tool in the hands of hackers, criminals to crack blockchain based cryptocurrencies like bitcoin ans others to be the targets. Also it is stated to crack the encryption upon which the internet is built on. Later news revealed it isn't that powerful to crack bitcoin. Right now it has got only 53 qbits, to crack the bitcoin there is need for at least 1500 qbits. This way no nees to fear about the encryption of the algorithm.
LOL, do you think that quantum computers will be mass produces if ever they successfully crack 2^256 code? so it will not be for everyone's used. And for the record, there are a lot of development from behind. So far the following are candidates. [1] Lamport Signature - ( https://en.wikipedia.org/wiki/Lamport_signature#Public_key_for_multiple_messages) [2] Multivariate cryptography - ( https://en.wikipedia.org/wiki/Multivariate_cryptography) [3] Lattice-based cryptography - ( https://en.wikipedia.org/wiki/Lattice-based_cryptography) for the record though, bitcoin addresses are not at risk to attack not unless the attacker know your public key. The only way to attack us is that if the QC is fast enough to obtain our public key in a few minutes based on our private key. --------------------------------------------- The cryptographic post-quantum systems you have indicated are well known for a long time and all of them have their drawbacks and advantages. You have not yet indicated everything, there are more of them. And they were known far until 2015, when NIST announced a competition and this competition was supposed to end 2017-2018, but it continues to this day. Why do this if cryptography on elliptical circles is reliable? Shore Algorithm? So increase the key length and no contests are needed. For reference, I note that the 256-bit AES key = is 512 ECC and equal to 15300 bit RCA. Why did they need a new encryption system if you can simply increase the ECC to 512 bits? |
|
|
|
Google has come up with quantum supremacy through which calculations can be performed in a very short time and the same can't be cracked by the conventional conputer used all around.
This serves to be a tool in the hands of hackers, criminals to crack blockchain based cryptocurrencies like bitcoin ans others to be the targets. Also it is stated to crack the encryption upon which the internet is built on. Later news revealed it isn't that powerful to crack bitcoin. Right now it has got only 53 qbits, to crack the bitcoin there is need for at least 1500 qbits. This way no nees to fear about the encryption of the algorithm.
LOL, do you think that quantum computers will be mass produces if ever they successfully crack 2^256 code? so it will not be for everyone's used. And for the record, there are a lot of development from behind. So far the following are candidates. [1] Lamport Signature - ( https://en.wikipedia.org/wiki/Lamport_signature#Public_key_for_multiple_messages) [2] Multivariate cryptography - ( https://en.wikipedia.org/wiki/Multivariate_cryptography) [3] Lattice-based cryptography - ( https://en.wikipedia.org/wiki/Lattice-based_cryptography) for the record though, bitcoin addresses are not at risk to attack not unless the attacker know your public key. The only way to attack us is that if the QC is fast enough to obtain our public key in a few minutes based on our private key. ------------------------------------- When you talk about a 256-bit key, it’s only, exclusively, in a symmetric cryptographic system — this code can and should be sorted out completely. In other words, the key can be any of the possible values of 256 bits (in fairness, it should be noted that not every single option can be a key even in a symmetric system, there are weak keys that are unacceptable, but there are an insignificant number of them). If we are talking about asymmetric cryptography, then not all options from two to the power of 256 can be keys. If you are afraid of quantum computers, then this is not the danger that you should pay attention to. Although, it is asymmetric systems that can easily be opened with the Shore algorithm in the presence of quantum computing. I persistently draw your attention to the danger of elliptical cryptography in the case of cryptanalysis, or in other words, a mathematical attack, rather than brute force attack. Check the facts: ----------------------------------- The American mathematician and cryptographer Neil Koblitz, is (along with Victor Miller) one of those two people who in 1985 simultaneously and independently came up with a new public-key crypto scheme, called ECC (this, we recall, is an abbreviation for Elliptic Curve Cryptography , that is, "cryptography on elliptic curves"). Without going deep into the technical details of this method and its difference from the RSA cryptographic scheme that appeared earlier, we note that ECC has obvious advantages from the point of view of practical operation, since the same theoretical stability of the algorithm is provided with a much shorter key length (for comparison: 256-bit ECC operations are equivalent to working with a 3072-bit module in RSA). And this greatly simplifies the calculations and significantly improves the system performance. The second important point (almost certainly related to the first) is that the extremely secretive NSA in its cryptographic preferences from the very beginning began to lean in favor of ECC. (!) In the early years and decades, this reached the academic and industrial circles only in an implicit form (when, for example, in 1997, an official of the NSA, Jerry Solinas, first spoke at the Crypto public conference - with a report on their modification of the famous Koblitz scheme). Well, then, it was already documented. In 2005, the NSA published its recommendations on cryptographic algorithms, in the form of the so-called Suite B (“Set B”) - a set of openly published ciphers for hiding secret and top-secret information in national communication systems. All the basic components of this document were built on the basis of ECC, and for RSA, the auxiliary role of the “first generation” (!) Was assigned, necessary only for a smooth transition to a new, more efficient cryptography on elliptic curves ... (!) Now we need to remember about Alfred Menezes, the second co-author of the article about "Puzzle, shrouded in a riddle." The Canadian mathematician and cryptographer Menezes has been working at the University of Waterloo, one of the most famous centers of open academic cryptography, all his scientific life since the mid-1980s. It was here that in the 1980s, three university professors created Certicom, a company that developed and commercialized cryptography on elliptic curves. Accordingly, Alfred Menezes eventually became not only a prominent Certicom developer and author of several authoritative books on ECC crypto circuits, but also a co-author of several important patents describing ECC. Well, the NSA, in turn, when it launched its entire project called Suite B, previously purchased from Certicom a large (twenty-odd) package of patents covering “elliptical” cryptography. This whole preamble was needed in order to explain why Koblitz and Menezes are precisely those people who, for natural reasons, considered themselves knowledgeable about the current affairs and plans of the NSA in the field of cryptographic information protection. However, for them, the NSA initiative with a sharp change of course to post-quantum algorithms was a complete surprise. (!) Back in the summer of 2015 (!) The NSA “quietly”, without explaining absolutely to anyone, removed the “P-256” ECC algorithm from its kit, while leaving it with its RSA equivalent with a 3072-bit module. Moreover, in the NSA's accompanying statements it was quite clearly said that all parties implementing the algorithms from Suite B now no longer make any sense to switch to ECC, but it is better to simply increase the RSA key lengths and wait until new post-quantum ciphers appear ... But why? What is the reason for such a sharp rollback to the old RSA system? |
|
|
|
This could not be a threat, although there are numerous powerful super computers nowadays, encryptions are made in crypto to completely encrypt data. I know a bit in hashing but I'm not a computer knowledgeable person. I believe, what we are using are hashing algorithms that primarily not allowing the data to be decrypted going back to its source. And that technology makes it the most secured and reliable to people. Soon, these powerful supercomputers will not be focused on decrypting already existing data, but mainly in a purpose of creating stronger encryption.
-------------------- The blockchain has two reliability technologies: hashing (and the Merkle tree) and a digital signature on cryptography on elliptic curves. Hashing, I do not question. And cryptography of elliptic curves - I expose. And not because I'm an expert. But because specialists with world names “refuse” it, not all, but those who did the research. Check out these facts: "The discovery was not made by full-time employees of GCHQ (the British intelligence unit), but by the mathematicians of the CESG unit, which is responsible for national ciphers and the protection of government communications systems in the UK. The close interaction between the GCHQ and the NSA is taking place primarily along the lines of joint intelligence activities. In other words, since the NSA also has its own IAD (Information Assurance Directorate) department specializing in the development of cryptographic algorithms and information protection, the discovery of British colleagues was a complete surprise for the mathematicians of this unit. Blockchain is hanging by a thread. The blockchain is saved by the non-compromised hashing function and its massive use and decentralization technology. The most secret and powerful special service in the world (USA) back in 2015 FORBIDDEN to use ESA on which the SDC is based in Bitcoin. This organization just does nothing. |
|
|
|
|
Asymmetric cryptography.
It is it that makes it possible to generate encryption keys for symmetric cryptography.
Transmission, encryption of information is carried out (in most cases) by symmetric cryptographic systems. Because they are much more reliable, less for a key, less load on computing power and the like. But the main thing is reliability.
But in this reliable system, there is an unreliable element, the most important element, an asymmetric system.
Everyone calmed down. No problems. Everything is reliable. But why then the specialized organizations responsible for the "reliability of cryptography" are looking for something, obviously, they are not happy with something.
Why do recognized authorities of cryptographic science give such ambiguous definitions as "conditionally reliable cryptography".
It is interesting to talk about the known facts of the rejection of some asymmetric systems and the intensified search for new ones.
Mathematicians know that all modern asymmetric cryptography is based on unproven mathematical statements. Simply put, from a scientific point of view, only on hypotheses. On unsubstantiated assumptions. It’s good that we know which ones.
And cryptography on elliptic curves, which is part of blockchain technology (digital signature), has overgrown with obscure facts. On the one hand, we recommend it for domestic use, on the other hand, it is forbidden to use it in serious matters.
There is an opinion of cryptographers that any system with a public and private key will be hacked sooner or later, and then all your secrets will become known. You save them now (they recommend cryptography on elliptic curves!), And then they will open everything. Well, not a fact.
This is just a danger. And it's not about the progress of quantum computing and (the main nuisance) the provision of these services to anyone, for money, over the network.
But it's not that. Brute-force attack is the fate of the monkey. We are all a little monkeys, we are all afraid of a quantum computer and a complete search. This is not the worst, the keys can be increased and generally go into even larger numerical fields.
But the main danger is cryptanalysis. He is developing.
The life of a cryptanalyst is like that of a secret agent. Even his family does not know about his real job.
I wonder why such a conspiracy.
The author is committed to the idea that if such “researchers” of asymmetric systems find something, then they will never tell us about it. Or didn’t they already say?
I would like to talk about this and much more in this topic directly relating to our security.
|
|
|
|
You are talking about phishing. Phishing and hacking isn't the same thing. If someone gets phished it is solely his/her fault because he/she wasn't careful enough and entered private information into a fake site without noticing that it is fake. This is not hacking.
You get hacked depending on how secure your hardware and software solutions are and how skilled the person performing the hack is.
A successful attack would be if someone was able to empty my hardware wallet right now without me knowing how and what happened.
If I enter my seed in a fake software or on a website that is not hacking. That is me being phished because I can't read and understand basic instructions.
-------------------------------------- Yes, you are absolutely right. I did not specify the difference. A attack on the TLS protocol with which you establish a secure connection to the server. This is phishing or hacking, or both. Indeed, in such a situation, you will give the hashes of your private data, and the https icon will be displayed. Is it possible to know by heart all the sites that you visit. And even if you know, the listener in the communication channel will still do his dirty work. [15:14, 12/10/2019] A team of researchers from the Worcester Polytechnic Institute (USA), Luebeck University (Germany), and the University of California at San Diego (USA) discovered two vulnerabilities in TPM processors. Exploitation of problems, collectively called TPM-FAIL, allows an attacker to steal cryptographic keys stored in processors. This chip is used in a variety of devices (from network equipment to cloud servers) and is one of the few processors that have received the CommonCriteria (CC) EAL 4+ classification (comes with built-in protection against attacks on third-party channels). And then they attack our ECC (cryptography on elliptic curves): [15:14, 12/10/2019] Researchers have developed a series of attacks, which they call “timing leakage”. The technique is that an attacker can determine the time difference when performing repeated operations TPM, and “view” the data processed inside the protected processor. This technique can be used to extract 256-bit private keys in TPMs that are used by certain digital signature schemes based on elliptic curve algorithms such as ECDSA and ECSchnorr. They are common digital signature schemes used in many modern cryptographically secure operations, such as establishing TLS connections, signing digital certificates and authorizing logins. “A local attacker can recover an ECDSA key from Intel fTPM in 4-20 minutes, depending on the access level. Attacks can also be carried out remotely in networks by restoring the authentication key of the VPN server in 5 hours, ”the researchers note. Would such attacks (or not attacks) become possible in keyless encryption systems, in passwordless authentication systems (I mean not a biometric identifier, but a variable digital one)? Yes, this is not hacking cryptography itself. This is key theft. Some have already tried to successfully crack cryptography on elliptic curves, so they were immediately classified. I mean the information with verifiable facts set forth in my 2nd post on the account of December 4, 2019, here: https://bitcointalk.org/index.php?topic=5204368.40 |
|
|
|
We must not forget why centralized exchanges and exchanges were created. Only for earnings owners.
You need to remember how many exchanges in history collapsed and what were the financial consequences.
Centralized exchanges cannot be secure by definition. Security only exists in decentralized systems.
To sum up, I want to say my opinion because I know it would be hard to believe but there is no absolute system that is totally safe. No matter if it is decentralized or not, the safety of the system is not only depending on the system itself, but how the users are using it. If you want to secure your funds, you have the right to choose which platform to use and you have the right to execute which decision you want or in simple terms, your security mainly depends on you especially on how you handle your accounts safety and security, and how responsible you are in keep your private and public keys safe from vulnerabilities. -------------------------------- Yeah, there's no such thing as absolute safety. But let me point out that the current security model is weak in itself. Regardless of the precautions you take, it is not capable of performing its functions, because vulnerabilities are inherent in its design. Brief analysis: 1. Cryptography. Asymmetric cryptography (private and public key cryptography) is based on unproven mathematical assumptions (complexity of factoring and discrete logging of large numbers in a short time). For this reason, it is not used in military affairs, important diplomatic and government dispatches, etc. Only symmetrical. Some class of elliptical curves previously successfully standardized by NIST (USA) proved unsafe. The information is not much disclosed, but it can be checked. Elliptical cryptography itself (abbreviated as EСС) is full of unexpected surprises, details are carefully concealed, but there are verifiable facts. Detailed analytical material, with references to sources, here: https://bitcointalk.org/index.php?topic=5204368.40- second post on the account of 04 December 19. At first glance, it seems that these are sick fantasies, conspiracy theory, etc. Yes, you will have this impression until you read this analysis yourself. Well, let me have a fantasy, then even more fantasy in the NSA and NIST (USA), the first refused the ECC categorically, and the second has nothing to do, actively looking for a replacement for all modern cryptographic systems with open and closed keys. The beginning of this story no later than 2012. Strange. 2. Key encryption systems and password (even worse biometric) authentication. These are problematic methods if you look at the statistics of attacks using the data theft. You hid the key in your hardware wallet, or you wrote it down on paper, protect it, don't lose it. Because they will not be stolen while lying in a stash, but when used for their intended purpose. Phishing. It grows faster than the most daring assumptions. Fraudsters need not the key itself, but its hash, the one that you will transfer to the server. You can store the key further. Secure connection to the server? Go deep into the details of its start, read the facts, perhaps you are a free-thinking person... 06.12, 20:15] The University of New Mexico has released information about a vulnerability affecting Ubuntu, Fedora, Debian, FreeBSD, OpenBSD, macOS, iOS, Android, and other Unix-based operating systems. The problem allows you to listen and intercept VPN connections, as well as embed arbitrary data into IPv4 and IPv6 TCP streams. The vulnerability identified by CVE-2019-14899 is related to Unix-based operating system network stacks, in particular how the OS responds to unexpected network packets. https://seclists.org/oss-sec/2019/q4/122[15:14, 10.12.2019] A team of researchers from the Wooster Polytechnic Institute (USA), the University of Luebeck (Germany) and the University of California, San Diego (USA) found two vulnerabilities in TPM processors. The exploitation of the problems, which have become known as TPM-FAIL, allows an attacker to steal cryptographic keys stored in the processors. This chip is used in a variety of devices (from network equipment to cloud servers) and is one of the few processors that have received the CommonCriteria (CC) EAL 4+ classification (comes with built-in protection against attacks through third-party channels). And now our ESUs are under attack: [15:14, 10.12.2019] Researchers have developed a series of attacks that they call "timing leakage". The technique consists in the fact that the attacker can determine the time difference when performing TPM repetitive operations, and "view" the data processed inside the protected processor. This technique can be used to retrieve 256-bit private keys in TPMs using specific digital signature schemes based on elliptical curve algorithms such as ECDSA and ECSchnorr. They are common digital signature schemes used in many modern cryptographically secure operations, such as establishing TLS connections, signing digital certificates, and authorizing logins. "A local attacker can recover an ECDSA key from Intel fTPM in 4-20 minutes, depending on the level of access. Attacks can also be carried out remotely on networks by restoring the VPN server authentication key in 5 hours," the researchers note. This applies to the question of both cryptography and keys. This is when you pass a hash key, it may not be on your server first. The Turla cybercriminal grouping (also known as Venomous Bear or Waterbug) distributes new malware called Reductor to intercept encrypted TLS traffic and infect the target network. For more information: https://www.securitylab.ru/news/501571.php3. Phishing. Why is it possible? Because the client has a permanent identifier, whose hash is the subject of hunting. The server checks you, and you are the server? Do you know what recommendations to the user on phishing protection? Carefully study all symbols of the name of all sites that you visit. And do not let God miss the substitution of 1 character! And this is in the 21st century? We are led as a brainless herd... Facts: [10:27, 12/08/2019] According to the annual Security Intelligence Report prepared by Microsoft, the number of phishing attacks in recent years has grown three and a half times. What happened? Are there more nonchalant people or are scammers working better? Try to answer this question. Customers of banks, payment systems and telecom operators are increasingly becoming victims of phishers. Internet fraudsters gain access to confidential user data (logins, passwords and plastic cards), directing potential victims to fake sites and services. Check here: https://www.microsoft.com/securityinsights/Obviously, if you have a key "from the safe where the money is", they will always hunt for this key. 4. The trust certificate system to confirm that the public key belongs to a specific person. You don't even want to write facts here. Just look at the name. We are offered a game - "believe", "do not believe". It came to the point that you can find software that automatically generates the necessary certificates of trust. On the subject of concepts of modern security systems based on key cryptography and password authentication - I will soon open a separate topic, I wonder what others know about this pressing issue. Blockchain, Bitcoin, is based on cryptography on elliptical curves (for signature), by the way. |
|
|
|
|
We must not forget why centralized exchanges and exchanges were created. Only for earnings owners.
You need to remember how many exchanges in history collapsed and what were the financial consequences.
Centralized exchanges cannot be secure by definition. Security only exists in decentralized systems.
|
|
|
|
|
Bitcoin has the same or less security as blockchain technology.
In parallel there are 2 processes:
1) Bitcoin covers more and more supporters and capital, is used as a means of payment.
Most Bitcoin owners use it only as a means of accumulating and storing capital.
This is a minus!
2) Technologies are developing that can crack any cryptography using public and private keys. These technologies are developing very fast. Worst of all, the pace of their development is not predictable. First of all, it is quantum computing, which is provided to users as a service through a network. Just pay the money and use it. This is problem. This is negative for us.
If we compare the rate of development of these two processes, look at the result in 5-10 years, we will see the faster pace of development of process No. 2).
And finally, encryption on elliptic curves is probably no longer reliable. But no one ever admits this to us. There are many benefits to those who are silent.
In fact, in military affairs and in intelligence, asymmetric cryptography is never used, only symmetric.
Is there an answer to this question?
|
|
|
|
and intercept the Ledger Blue PIN.
All that remains for skeptics is to verify this information on their own.
Really, you need to close your eyes to these facts, and continue to convince yourself of the absolute safety of "wallets" and key obsolete technologies? Nothing is 100% safe and nobody is claiming that it is. But there are safer and less safer options. A hardware wallet is safer than a web and desktop wallet. I don't think this is something that needs arguing about. The vulnerabilities you mention require special hardware and in some cases physical access to the device. Also, the Ledger Blue has been discontinued and is no longer part of Ledger's products portfolio. ---------------------------- You have to deal with your safety yourself. Are you sure that all vulnerabilities, all holes - will be unveiled right there. Hang on a noticeboard? What's the point? The meaning is only to those who are on the white side. People on the black side will not tell you anything. Is it logical? It’s not a matter of whether the fraudster is tracked or not. Even if they are tracked, even if they are found, this will be only a separate episode. This is not a solution to the problem. The fraud system itself will not disappear with the capture of any number of these characters. The system itself, contributing to the spread of bitcoin theft, is based on the fact that you "have a safe key" in which the money is. The key is your concern and your fraud problems. For this reason, an alternative (my topic) to key technologies is proposed - keyless technologies. But, so far, few people perceive it, everyone is waiting for the "thunder to strike." Who is creative, see here: https://bitcointalk.org/index.php?topic=5204368.0You hide the key. This works well when you do not need to use bitcoin. Then, when you use bitcoin, you send the key hash - to some server. The fraudster does not need your key in its original form. He needs this particular key hash. Because the server does not know your key, it knows the key hash. Further, the scammer makes a phishing attack, receives a key hash, and all your money is almost certainly lost. Yes, a modern phishing attack provides the same encryption between the client and the phishing server as the original server. Therefore, if they managed to attack you, it means that you will exchange encryption keys with a phishing site, so you have established a “secure” communication channel, but with a phishing site, and pass the hash of your key on it. It's all. Woo a la. And what was the point of storing it in a hardware wallet if it was stolen at the time of its use? Not convincing? Here are the facts from today. [10:27, 12/08/2019] According to the annual Security Intelligence Report prepared by Microsoft, the number of phishing attacks in recent years has grown three and a half times. What happened? Are there more nonchalant people or are scammers working better? Try to answer this question. Customers of banks, payment systems and telecom operators are increasingly becoming victims of phishers. Internet fraudsters gain access to confidential user data (logins, passwords and plastic cards), directing potential victims to fake sites and services. Check here: https://www.microsoft.com/securityinsights/Obviously, if you have a key "from the safe where the money is", they will always hunt for this key. This is a phenomenon. And you need to fight with the phenomenon, not with the fraudster. 2 new ones will always come to the local 1 caught fraudster. |
|
|
|
I think the problem is not that scam transactions can't be traced (because they can be) but the thing is that once a person is scammed there is little help available because the transaction can't be reversed unlike with PayPal or any traditional means of doing it. However, even if Bitcoin can be revered, still scammers are known to be innovative, creative and very intelligent they can easily devise ways and means for the benefit of their "craft and business" making scamming one of the most known ways of making money online.
It’s not a matter of tracking down a scammer or not. Even if they are tracked, even if they are found, this will be only a separate episode. This is not a solution to the problem. The fraud system itself will not disappear with the capture of any number of these characters. The system itself, contributing to the spread of bitcoin theft, is based on the fact that you "have a safe key" in which the money is. The key is your concern and your fraud problems. For this reason, an alternative to key technologies is proposed - keyless technologies. But, so far, few people perceive it, everyone is waiting for the "thunder to strike." Who is creative, see here: https://bitcointalk.org/index.php?topic=5204368.0You hide the key. This works well when you do not need to use bitcoin. Then, when you use bitcoin, you send the key hash - to some server. The fraudster does not need your key in its original form. He needs this particular key hash. Because the server does not know your key, it knows the key hash. Further, the scammer makes a phishing attack, receives a key hash, and all your money is almost certainly lost. Yes, a modern phishing attack provides the same encryption between the client and the phishing server as the original server. Therefore, if they managed to attack you, it means that you will exchange encryption keys with a phishing site, so you have established a “secure” communication channel, but with a phishing site, and pass the hash of your key on it. It's all. Woo a la. And what was the point of storing it in a hardware wallet if it was stolen at the time of its use? Not convincing? Here are the facts from today. [10:27, 12/08/2019] According to the annual Security Intelligence Report prepared by Microsoft, the number of phishing attacks in recent years has grown three and a half times. What happened? Are there more nonchalant people or are scammers working better? Try to answer this question. Customers of banks, payment systems and telecom operators are increasingly becoming victims of phishers. Internet fraudsters gain access to confidential user data (logins, passwords and plastic cards), directing potential victims to fake sites and services. Check here: https://www.microsoft.com/securityinsights/Obviously, if you have a key "from the safe where the money is", they will always hunt for this key. This is a phenomenon. And you need to fight with the phenomenon, not with the fraudster. 2 new ones will always come to the local 1 caught fraudster. Hardware wallets are also subject to hacking, unfortunately. Everyone knows this information: Cyber-experts from Wallet.fail discovered a number of vulnerabilities in the Trezor and Ledger hardware cryptocurrency wallets. As a result, they managed to carry out a series of successful wallet attacks during the Chaos Communication Congress in Leipzig. Experts said that vulnerabilities lie in software and hardware, firmware, software architecture and web interface. During the demo attacks, the Wallet.fail team managed to extract the PIN and mnemonic core from RAM Trezor, remotely sign the transaction and crack the Ledger Nano S bootloader, and intercept the Ledger Blue PIN. Really, you need to close your eyes to these facts, and continue to convince yourself of the absolute safety of "wallets" and key obsolete technologies? |
|
|
|
Bitcoin has a bright future ahead, experiencing many obstacles in the value of growth, Bitcoin always exists and promotes. Contrary comments will not change Bitcoin towards new heights of technology.
---------------------- Bitcoin has exactly the same future as blockchain technology. Let's see what the results will be. There are 2 processes in parallel: 1) Bitcoin covers more and more supporters and capital, is used as a means of payment. This is good, but very slow. Why? Because most owners of Bitcoin use it only as a means of accumulating and storing capital. This is a big problem and it is growing! 2) technologies are developing that can break any cryptography using public and private keys. These technologies are developing very rapidly. The worst thing is that the pace of their development is not predictable. First of all, it is quantum computing, which is given to users, as a service, through the network. Just pay the money and use it. This is problem. This is negative for us. If you compare the speed of these two processes, then in my opinion, give a short time, and everyone will see the faster pace of development of process No. 2). And finally, encryption on elliptic curves is probably no longer reliable. But no one ever admits this to us. There are a lot of benefits to those who are silent. Read carefully my post of December 04, the second on this date, there are only verifiable facts, here: https://bitcointalk.org/index.php?topic=5204368.40Perhaps you will be more careful in your views on the future. |
|
|
|
|
In any business where it smells of money, there are scammers. Large fraudsters are known to a narrow circle of specialists. Usually they don’t even try to catch them. There is such an opportunity, it’s all about whether you have the right software, because there is always a trace - this is the scam computer’s IP, this is the geography of accessing the Internet and then it's a matter of technology.
Minor scammers are almost unknown. Unlike their victims, they are inventive. They are not stupid, otherwise they are caught. Every petty swindler dreams of becoming big. Therefore he invents. And we are sitting and watching. We are not inventing anything. We are waiting for unwanted guests to come to us.
Hardware wallets are already breaking. Fraudsters - evolving, and ordinary people let fat. This is always the case, nothing new, whatever crypto-technology would come up with for us, we are not able to withstand the attack.
|
|
|
|
I bought my ledger nano in online and that there is a risks of hacking that's why I reset it. If you will buy hardware wallet make sure that you will reset it because you do not have guarantee that the hardware wallet is vulnerable to hackers. You are probably talking about cases where the hardware wallet arrives with an already pre-created seed and you simple continue using it that way, which you should never do. Things like that can happen if you buy your wallet from some third party and not from the official source or an official Amazon re-seller. You and only you should know the seed, not have one sent to you. ------------------ Hardware wallets are also vulnerable. They are built from the same elements as the entire digital hardware world. Everyone knows this information: Cyber-experts from Wallet.fail discovered a number of vulnerabilities in the Trezor and Ledger hardware cryptocurrency wallets. As a result, they managed to carry out a series of successful wallet attacks during the Chaos Communication Congress in Leipzig. And again, bad software, how could without it: Experts said that vulnerabilities lie in software and hardware, firmware, software architecture and web interface. During the demo attacks, the Wallet.fail team managed to extract the PIN and mnemonic core from RAM Trezor, remotely sign the transaction and crack the Ledger Nano S bootloader, and intercept the Ledger Blue PIN. All that remains for skeptics is to verify this information on their own. Really, you need to close your eyes to these facts, and continue to convince yourself of the absolute safety of "wallets" and key obsolete technologies? Alternative here (my topic): https://bitcointalk.org/index.php?topic=5204368.0 |
|
|
|
Yes it is. Modern technology is weak and full of vulnerability. In my opinion, I’m not an expert, but the problem is somewhere in the beginning, in the very basis of authentication offered to us. For example, Microsoft writes so eloquently in its whitepaper that password authentication has outlived itself. And then he offers to build a new building from old bricks: password + biometrics + key. But this is the molding of everything old. And all biometrics are many times weaker than password methods, I mean, it is easily imitated. And here is the result. My vision is this error in the permanent identifiers that are assigned to the client, and on the basis of which we are authenticated. This needs to be changed because a persistent identifier is the target of the attack. And the kidnappers succeed. The number of abductions is growing !!! My suggestion is a variable identifier. Then abduct him without meaning.
An identifier that is constantly changing is an interesting thing, but only if it is completely unpredictable. Absolutely. And it would be impossible to predict. And he must change very often. And these changes should be synchronous with the server, in the sense that the server should know exactly what it is now, but absolutely should not know what it will be in the next moment. But these requirements contradict each other. This is the first look. The property of determinism and pseudo-randomness - coexist in nature. Because they do not contradict each other, if everything is properly organized. If we had a keyless encryption system, we would be able to recognize the digital code that we accept. And if we can identify a digital code according to the pattern: “ours” - “alien”, then we will identify this code. Remember that the next packet that we accept is a completely different code, a different cipher, a different identifier, regardless of the information that is encrypted in it. OK? And this means that we identify its sender. And this means authentication by a variable identifier, in case of successful "verification" of the code. If we use everyone’s favorite mathematical models of encryption, mathematical models for describing processes, then I don’t know how to make such a contradictory system. And if you use geometry and a fresh head, then it turns out you can try. Studies show that it’s not very difficult, you can. Generally speaking, we need a randomly selected virtual space, time as a guardian of its constant changes and information "for encryption" - from which first and second order derivatives will be extracted. of course, derivatives of geometric nature, always unidirectional. Yes, another interesting property of such a system is that it doesn’t just need a key, it is dangerous by definition, because the key is a certain regularity. And any regularity, repeatability is the worst enemy of encryption. I can offer, as an option, such a scheme of the principles of the geometric model of keyless encryption (next post):
I just found out that I'm not yet allowed to post images. Please, anyone interested, open this link to the scheme displaying the first 3 principles of vector-geometric encryption. 
Why do we need a fundamentally new technology based on the geometry of virtual spaces? Could it be better to improve mathematical methods? In fact, a new approach to encryption may be in demand. The new technology of post-quantum passwordless authentication, keyless encryption and instant verification of any amount of data is: 1. A new geometric method of vector coding, provides high speed with minimal load on the processor; 2. Does not require the mandatory presence of a key function in the processes of encryption and decryption of information; 3. Passwordless user authentication through post-quantum variables, deterministic digital identifiers. 4. Without the possibility of a phishing attack in the client-server version, with mandatory mutual passwordless authentication in both directions, both the server itself and the client. 5. Keyless coding technology generates a post-quantum cryptographic code, reasonably resistant to any type of cryptanalysis, given the appearance of quantum computers and quantum attacks; 6. Without the ability to identify correlation patterns (including keys) by brute force attack; 7. Without the possibility of hidden modification of the message, even at the level of one bit of information, special or “noise” imperceptible violation of the integrity of encoded or decoded data; 8. It is absolutely resistant to attacks based on matching selected plaintext with a cryptographic code (Eng. Chosen-plaintext attack, CPA); 9. The ability (without need) to use as keys - ordinary user information, of any size, type and complexity, and any of its parameters will not affect the quality of the encryption code; 10. Absolutely accurate (up to one bit) and “fast” (or continuous) verification of any amount of transmitted (or received) information; 11. The observer in the middle is not able to observe: 1) who gave information to whom (or from whom) information; 2) how much information is transmitted and / or received; 3) whether there was any information exchange between users; 4) all "pauses" or the time of "silence", of any duration, is filled and fully encoded exactly as the information itself; 12. Provides users with the ability to identify and eliminate the “middle attack” or “listener presence” - easily and independently.
As you can see from my previous post, an innovative approach to encryption that combines keyless and vector-geometric principles can provide such a staggering result. We don't know how to achieve this by mathematical methods. Mathematics is always the law and exact calculation. Both of these things are great in themselves, but inappropriate where you need to hide the encoding algorithms. Where you need to choose an encryption scheme without using a key, and therefore without certain instructions. The virtual space-time continuum, which has no constant certainty, in combination with the geometric coding method, easily allows you to abandon the pre-defined encryption scheme {it means giving up the key). Moreover, it allows to change this scheme elegantly and unpredictably, to change the encryption algorithms to new ones as often as necessary.
And what's interesting is that it's impossible to make a system of encryption without a key, reliable, easy, hiding the traffic of exchange of useful information - without authentication without a password. These are two sides of the same coin. They either exist at the same time or none exist. For the consumer, this is great.
This is an explanation of the scheme, which can be viewed at the link (I do not have the right to post the scheme right away): https://imgur.com/swVGL7L Yellow squares are GIS cells (the Geometry of the Inner Space is the one that exists at a given moment in time, or in other words, in this Logical (tuned) Time Tunnel), which constantly change their coordinates non-linearly depending on the data of information exchange. The reference point selected for a given LTT (the Logical Time Tunnel is a point in time simultaneously fixing everything up to a single state and system settings) - is selected by the system from a variety of algorithms with reference to the history of both past received and transmitted data. The Zero Axis for a given LTT is dynamically selected in the same way (it must be understood that its choice in this LTT will necessarily differ from the next LTT). Data for encoding - generate an unpredictable stream of “parameters” for transformation. “A”, “B”, “C”, “D” - in yellow squares these are the elements of GIS corresponding to the data for encoding (for convenience, but no more, they have the same letter designation). “X” and “Y” are either symbols participating in the exchange or not, you need to know the instantaneous parameters of their location in this LTT to calculate the coefficients of the desired vector of the relative vector “XY”. “A”, “B”, ... “X”, “Y” - for each new LTT they have new coordinates. The choice of options for constructing spaces (i.e., specific GIS), their construction and their options for transformation are endless a priori (like a map of the streets of any city on earth).
In the scheme described above, explaining the very first principles of geometric encryption technology. Such a scheme may not use a key. In all encryption systems, the key selects an encryption scheme. Here, the circuit chooses itself based on "its history", on new information and on the time during which the system processes it. As a result, during the functioning of such an encryption system, a digital code is processed not according to any stationary algorithms, but only according to those algorithms that are active at this particular moment in time, which are generated for this moment in time by the system (“Logical Time Tunnel”). Therefore, there are 2 important properties in this encryption model: 1. strict observance of the sequence of decryption of information; 2. The absolute identity of the decrypted information regarding the encrypted. Such an encryption model, at the stage of decryption, completely excludes the possibility of any modification of information. The organization of the processes of data encryption and decryption - in parts, packets of information, enables the system to independently evaluate the integrity of the received data with respect to the sent data, the information decrypted with respect to the encrypted one, through the analysis of the current states of the system relative to the past.
There is an axiom in cryptography, any permanently acting encoding rule will always be a loophole for a cryptanalyst. The key is also a special kind of rule that is applied when encoding and decoding. This technology does not have this rule, there is no key, there is no need to use other rules. The system itself generates its own rules, partly due to the information itself, which partially performs the function of a key. Information is always a new stream, which means that the system always has a new key, as it were, a key that is somehow applicable but only to the same information and only at this point in time to encode and decode the same information. But this is a cyclical logical paradox, like this, the information is applicable in some way to the information itself ... to itself, for encryption ... and for decryption ... Sounds like nonsense? This is a different perspective on keyless encryption methods, and when you go deeper into this technology, it becomes clear that there are no paradoxes here. This is a well-coordinated working information-temporary ratchet, with conditionally infinitely updated rules.
Our goal is to give a first description and confirm the possibility of a keyless method of encryption based on original encoding methods found in constructed and correctly organized, structured, spatio-temporal unidirectional virtual continuums. At the same time, the properties and capabilities are observed: 1) instant verification of a large amount of information; 2) alternative non-scalable blockchain; 3) the absolute resistance of the code to brute force attacks; 4) resistance to attacks by matching any amount of open source code with its corresponding cipher; 5) the justification of the complete impossibility of modifications, changes in the integrity of the cipher code of a message received by the keyless vector-geometric encryption methods, at a fundamental level of the functioning of this technology; 6) the possibility of passwordless authentication using a new type of identifier: variable and strictly determined at the same time. To get such advantages and opportunities that come only from the keyless encryption technology itself is a tempting prospect for our secure future.
Once again, let's ask a question, why change the well-proven key and password technologies to some poorly understood keyless and password-free ones? Observations of events show that this makes sense. Here's a famous, fresh example: There are vulnerabilities that affect Intel Platform Trust (PTT) technology and STMicroelectronics' ST33 TPM chip. These vulnerabilities in TPM chips allow stealing cryptographic keys. A team of researchers from the Worcester Polytechnic Institute (USA), the University of Luebeck (Germany) and the University of California at San Diego (USA) discovered two vulnerabilities in TPM processors. Exploiting problems commonly referred to as TPM-FAIL allows an attacker to steal cryptographic keys stored in the processors. This chip is used in a wide variety of devices (from network equipment to cloud servers) and is one of the few processors that have received CommonCriteria (CC) EAL 4+ classification (comes with built-in protection against attacks through third-party channels). Here is the price of error in key and password technologies. And we use the network to transmit important information, I wonder if this chip is installed in our network section? Maybe it's worth checking?
I see danger in technology that has keys. One attentive user will definitely be safe because they can use the keys correctly. But overall, statistically speaking, keys and passwords will always cause problems for a lot of people. And there is no other way out than to switch to new technologies that will no longer have old problems. I think it is modern when continuous development of computer technology allows you to find new algorithms of work. Keyless encryption is a new, non-mathematical, next-generation code generation method with 2 modes of operation, the main mode - without keys and an additional mode - with the ability to use any information as a key. The proposed technology of keyless encryption has nothing in common with known in cryptography keyless primitives, unidirectional functions that do not use many keys, have a single key that is used continuously. The technology of keyless, vector-geometric encryption is not based on complex mathematical apparatus, on mathematical paradoxes of number theory, which seem to us insoluble for polynomial time only in sets of astronomically large values. This encryption method is based on the original, coherent, rationally organized geometrical model of internal space-time, with the properties of a full virtual continuum, which is continuously changing by hybrid functions, the arguments of which are many dynamic event and current parameters. |
|
|
|
The network is not and cannot be anonymity. This is an axiom and principle of work. All maneuvers, with TOR or VPN - only complicate the task until the software is written. Here is a fresh fact (another one this year): [06.12.2019] University of New Mexico specialists released information on a vulnerability affecting Ubuntu, Fedora, Debian, FreeBSD, OpenBSD, macOS, iOS, Android, and other Unix-based operating systems. The problem allows you to listen and intercept VPN connections, as well as inject arbitrary data into IPv4 and IPv6 TCP streams. The vulnerability that received the identifier CVE-2019-14899 is associated with the network stacks of Unix-based operating systems, in particular, with the way the OS react to unexpected network packets. https://seclists.org/oss-sec/2019/q4/122 |
|
|
|
Bitcoin as a capital flight to a level never before seen in history. The people to choose with their feet is much easier than before stepping. People will choose to live in places where security against physical and economic violence is the best. We must achieve a higher quality governance because places with very bad governance experience massive capital flight to make them poor and not very effective. This is a gift that is so little negative value.  The phenomenon that happens is that bitcoin is a capital flight, because it will not can tracked by the state financial authorities where the bitcoin owner lives. This is because bitcoin is anonymous. So on the one hand anonymity is good for bitcoin users, but on the other hand anonymously is misused to hide illegal results. --------------------------- Maybe this is so, but maybe this is a mistake. If they are watching you, then they will track your IP, your location, yourself. Watch the news, find everyone they are looking for. Yes, it is a matter of time and effort, a matter of price, and nothing more. And as soon as the user’s IP is installed, your affairs in the blockchain are easily and openly tracked. No, this is imaginary anonymity. Real anonymity is cash on hand. People who are forced to observe anonymity, including the anonymity of their capital, generally try not to deal with digital technology. You don’t even see a smartphone near them, the most nonchalant only have push-button phones. And Bitcoin has anonymity only for the owner, which no one needs. |
|
|
|
|
So, if you take a sober look at these dialogues, people are constantly preoccupied with their own safety, all their lives they must be careful! As if stole something. We were forced to choose a model of behavior when we are forced to hide our secrets "under a stone, in a cave."
So, in the 21st century, we come to the need to use paper to store digital information (!). We must protect our hardware wallets from our own means of communication.
It seems that modern means for our communication are specially made to have countless holes. Nobody is able to darn them.
Well, is it really possible to accidentally make such crap that people are forced to either remember in their head or write down information?
Look soberly, this is a disaster that we do not notice, we consider something quite normal, modern.
This is not the norm.
These are obvious flaws in our entire digital civilization that need to be corrected, but there is no one to review all the fundamental concepts of our digital systems.
|
|
|
|
|
Show Posts
