Let's Not Make Two Steps Forward, and 20 Steps Back in Crypto

in #money7 years ago

86631.jpg

This is a post about security and unsecurity measures I see being made, or proposed, for (public) blockchain technology. The argument is this:

Blockchain encrypts our data publicly on a ledger. To access this data, we uses asymmetric cryptography with public and private key encryption. Nontechnical people however do not understand this concept. Technical people try to make it easy for these folks to use a blockchain. This means that some reintroduce insecure, but commonly used, techniques. This, in turn, means that the most insecure point in the "blockchain" is not the blockchain itself. It's the people using it.

Let me explain. Credit card, Europe's EC cards, and many other of the "cards", we carry around, are secured with a four-digit PIN number. The techniques used, to secure this information, can be considered insecure, at this point. If someone gets your card, you can be certain, they are able to hack it easily. It doesn't even take effort anymore. I'm not a fan that we still have to use these cards, nor am I a fan of banks pushing "touches payments", using an RFID chip – which is also horribly insecure, and hackable instantly. With RFID's however, we don't even realise when it's happening. [[Ref]]

Then we have the blockchain. It uses an encryption method that can be considered secure from today's standards. Now we're giving out cards to "normal" people. Cards that are secured using PIN numbers at worst. You can probably guess where this argument is going.

The challenge we face with making the blockchain more accessible to nontechnical people is that we shouldn't have to sacrifice what we've been working so hard for. Security-wise we basically had no progression from the 80's (and earlier), up until this point. Now all of a sudden, we could have a high security standard, that would be acceptable to the nerds. We nerds have high standards, and if it works good for us, it's going to be great for consumers.

Challenges are, for example:

  • On-device encryption. How secure is the blockchain-saved data on a device?
  • Authentication. How do we authenticate transactions, and log into our wallets? Do we use Touch ID (been hacked right after its publication. Ref: CCC) or some other form of identification system? How secure is the 2FA method being used? Do we send the second authentication using insecure systems, e.g. Email?
  • Backdoors. If we have companies manage our wallets. Is it possible for them to "reset" the password? If so, then they can look into the data, and possible hacks are just a matter of time.

I'm neither a hacker, nor am I one of the people who are interested in that kind of hacking. I work in the blockchain field as trader, investor, speaker, and consultant. Working in this field, projects, and observations, made me think and wonder about this topic. Please let me know if you feel that we're heading in the right direction in blockchain, or what you feel we should spend more time thinking about.

Sort:  

It might take a generation growing up with PCs and passwords to see a real change in habits.

Airbitz actually has a novel solution, but I don't understand it enough to verbalize it here. Probably worth tweeting their CEO for a response.