Source: www.schneier.com – Author: Bruce Schneier
Comments
Anonymous •
“I can’t understand why anyone thinks these technologies are a good idea.”
Maybe because the people are fed up with the current system that they are willing to undergo the risk rather than to submit to the corrupted system? Maybe they perceive that risk smaller than the risks they have to face from the corrupted system?
Centralized exchanges are prone to this kind of issues. Thanks to those issues the usage of atomic swaps and decentralized exchanges will increase.
Isn’t it chill? I am asking something else. Why would anyone use the centralized solutions that can lock you out of the life at will, censor you, deplatform you force you to use surveillance coins, if one can use that cool tech that doesn’t have those “features”?
xDSx •
We think these technologies are a good idea because the technologies we use otherwise are broken in such a way that we at the bottom are exploited, abused and at the merci of people and institution who do not care about us at all. Read up on the Cantillon effect, the fiat money system, the “fractual reserve” banking system and ask yourself why purchasing power declines all the time, essentially making those at the bottom poorer with each dollar the system “prints”. For a quick read, refer to “The Bitcoin Standard”, the first 6 or so chapter do not even speak about bitcoin at all but only explain how the current system has come about and why it is fundamentally broken. Well, maybe it is broken maybe it is doing exactly what it is supposed to do. Any yes, it is written by someone who actually knows what they aretalking about (professor of Economics at the Lebanese American University from 2009 to 2019 with a PhD in Sustainable Development from Columbia University, Masters in Development Management from the London School of Economics, and Bachelor in Mechanical Engineering from the American University of Beirut)
Peter Galbavy •
Looks like a great way to exfiltrate assets and shutdown an operation with very little come back. Nothing new though, retailers and others have been doing this for years.
iAPX •
Works the way it was intended.
As always people warning about the risks were ignored if not mocked.
Winter •
@xDSx
why purchasing power declines all the time,
Because wages have been stagnant since Reagan came to power (minimum wage decreased in real terms) but the economy has has doubled in real terms (GDP per Capita).
Republican policies in action!
Jon Payne •
Aren’t crypto currencies just a modern day ponzi scheme? Frankly, I like cash. It’s not electronic and can’t be tracked. If I give my mechanic a $100 Benji for fixing my car, nobody knows about except him and me. He might do the right thing and report it, and he might not. That’s on him.
Erdem Memisyazici •
I’m not sure why you would have a crypto start up if you also have not premined the heck out of it and had a massive quantum computer and a super computer to go alongside it for collisions and recovery. People don’t make their money from ads on this venture but rather control.
Clive Robinson •
@ Bruce,
Re : Crypto Cons
“I can’t understand why anyone thinks these technologies are a good idea.”
Maybe because you’ve found my fathers advice to me to be true.
He told me when I was young,
If you have the brains to commit the perfect crime, then you’ve enough brains to earn more money honestly
One of the failing in the US is the idea that anyone “can get rich quick” well simple mathmatics says otherwise, so what that says about the US education system I’ll leave to others to debate.
There are two ways to get rich quickly and without effort,
1, Improbability of chance.
2, Dishonest behaviour.
The first is actually the second in disguise. That is the people running games of chance take 20-60% for themselves…
Crypto currancy like NFT’s and what ever gets thought up next in a similar vein are a mixture of long and short cons and other criminal activities. If you are on the dishonest side and you can build up “idiot momentum” amoungst those who let their common sense get over ridden, then you can do very well “slicing off the top”.
If it was only those with more debt than sense getting harmed, then you could just shrug and say “evolution in action”. Unfortunately this is not the case, when you consider the power requirments carbon footprint and worse of crypto currancy and NFT’s not just in generating/mining but multiple storage of the block chain… You will find that the majority of the worlds population are being more than adversely effected.
The only “winers” in this game that are not totechnically criminals are those supplying the criminals.
I’ve mentioned this before, but if you’d invested in Nvidia or similar on which the mining rigs eyc were built then you would have made better than average returns.
From what has been said Nvidia are now the first trillion dollar semiconductor producer…
And they’ve already moved onto a new market “AI LLMs”… Only the US Gov want to put a crimp in this next “con game”.
It will be interesting to see how many crypto currency shills turn up and apologize for their past behaviours, but to be honest I don’t expect any unless they are carrying a begging bowl…
Erdem Memisyazici •
For reference, I don’t think I made this famous enough already, but NISTIR 8105 Table 1 clearly states that even the SHA-3 family is not safe from quantum logic gates and that larger outputs are needed.
That’s on top of always-a-zero-day hierarchy of broken hardware and software market we have today for all the clients.
I have not yet been told not to secure service to service traffic with HMACSHA512 tokens but I suspect that’s less than a decade away.
ramriot •
Seems to me anyone can make a simple operational security mistake that has greater or lesser consequences. Finding out that you lost the decryption key to your backups or that because of a config error they are useless following a crash can be career & company ending.
In this case & in light of the Ponzi like behaviour, I doubt the exact narrative presented & wonder if “the wallet event” was a vertent cash grab.
Clive Robinson •
@ Erdem Memisyazici, ALL,
Re : Background hardware moving forward…
“…if you also have not premined the heck out of it and had a massive quantum computer and a super computer to go alongside it for collisions and recovery.
What’s the difference between a number of “mining rigs” and a “super computer”?
In many cases “not much”…
As for “Quantum Computers”(QC) maybe I’m getting old and jaded, but firstly they always appear to be thirty years away at best, and each step towards it makes the “destination” look smaller and smaller in real terms.
Likewise “Artificial Inteligence”(AI) I actually believe that currently we realy do not have a clue as to where the path to finding it is.
Yes we can keep throwing money at hardware, but mostly that has a flip side. Whilst it does not do much for QC or AI the spin-offs are bringing what you might call conventional or consumer computing up at a much faster rate…
Which makes the need for QC and AI even more niche…
AlanS •
@Clive
I am surprised that someone who appears to live in the UK doesn’t have a third option: Having the right connections.
Emily Stark •
@ Erdem Memisyazici,
For reference, I don’t think I made this famous enough already, but NISTIR 8105 Table 1 clearly states that even the SHA-3 family is not safe from quantum logic gates and that larger outputs are needed.
That table’s not clear at all, in that it uses the relative term “larger” without saying what’s being compared (and, similarly, talks about “large-scale” quantum computers without defining any cutoff from, for example, “small-” or “medium-scale”). Presumably as a result, you’ve misinterpreted it.
I guess they mean that quantum-security requires a longer hash than would be required for classical-security. Both SHA-2 and SHA-3 define sufficient algorithms. Actually, neither seems to define any vulnerable algorithms: the minimum hash length is 224 bits, giving 112-bit security. (So, am I missing something? That seems large enough, so why does NIST say “larger output needed”?)
See, for example:
- Cost analysis of hash collisions (Daniel J. Bernstein 2009) “A quantum algorithm by Brassard, Høyer, and Tapp has frequently been claimed to reduce the cost of b-bit hash collisions from 2b/2 to 2b/3. This paper analyzes the Brassard–Høyer–Tapp algorithm and shows that it has fundamentally worse price-performance ratio than the classical van Oorschot–Wiener hash-collision circuits, even under optimistic assumptions regarding the speed of quantum computers. … Anyone afraid of quantum hash-collision algorithms already has much more to fear from non-quantum hash-collision algorithms.”
- Estimating the cost of generic quantum
pre-image attacks on SHA-2 and SHA-3 (Amy et al., 2016), which says attacks on SHA2-256 and SHA3-256 would take upward of 2^140 cycles.
I see no reason to think that the SHA2-256 hash used by Bitcoin is a weak point. The public-key crypto is; the generally terrible state of computer security is; and, of course, the fact that most of the companies involved in the ecosystem are incompetent and/or criminal.
Why does anyone think it’s a good idea? Well, some people seem to be getting rich off it, and we haven’t caught most of them (so, from their point of view, it was “good”). I used to be rather hopeful about cryptocurrency being a “stealth” security bounty program, to incentivize computer security (whether or not this was intended). But I suspect this whole thing might peter out before giving us a useful generalized result. Instead of new secure systems, we’re mostly getting old computers repackaged in miniature form with no network connections (“hardware wallets”).
Ray Dillinger •
This incident is likely not a cash grab; if the block chain is public, one cannot “find” the keys again to actually spend the assets without creating clear evidence that it has been found. The people who the assets are owed to would see you selling them and cry ‘foul,’ and then there’d be people with guns knocking on the door.
The cynic in me says, this is likely an attempted cash grab where the cash through some idiotic mischance somehow wound up dumped into an incinerator rather than in any spendable form.
What is the economic effect of these hallucinatory losses though? It’s not like any infrastructure, goods, real estate, or production capacity has been harmed. All that has happened is that a bunch of people who had putative control of these things via “wealth” in a form divorced from any such meaningful asset, now have less.
So is this just like burning a giant pile of cash, where all that really happened is that everybody else in the world is now slightly more wealthy in practical terms?
ATN •
Looks to me the perfect retirement plan from someone/few people inside that company:
If you have “the state of Nevada filed to seize control of the company because it was near insolvency”, you just claim you have lost all control of your wallet because you are dumb, and 5 years later you can enjoy a very nice retirement.
AL •
Like a lot of things in life, these technologies are seen as a lesser evil compared to something called “quantitative easing” (QE), where central banks create (“print”) new money, give it to the government to spend, and pretend that this is borrowing.
Here’s the money they’ve printed up so far.
https://fred.stlouisfed.org/series/RESPPANWW
With their backs against the wall, they’re trying to unwind QE. If they fail, and particularly if that chart starts hitting new highs, crypto currencies or something else are going to start looking real good.
Erdem Memisyazici •
@Emily Stark
So, am I missing something?
Yes. So am I at this time but that would be a lack of complete understanding of quantum logic gates. It’s a cost issue at best. Will get cheaper in a few years.
Clive Robinson •
@ AlanS,
Re :
“I am surprised that someone who appears to live in the UK doesn’t have a third option: Having the right connections.”
Two points to note,
1, It’s not just the UK by any means.
2, I don’t know about other people but those sorts of “right connections” I call “dishonest connections”.
Have I ever used “connections” yes all the good jobs bar two I’ve ever had are because friends said “you should go for it” or dropped my C.V. On their boss not “human remains” and I fitted in comfortably.
However our host @Bruce once told me off for my rather dim view of HR people, so I won’t go there. But I suspect more than one or two reading along are thinking thoughts that would not be strictly legal if voiced even with the right to free speech 😉
lurker •
@Bruce
“I can’t understand why anyone thinks these technologies are a good idea.”
In the single sentence above that you mention two technologies: “fintech” and “encryption”. Are you saying both of these are bad ideas?
Back in the day I lost two encrypted disks, a few years apart, from bitrot or somesuch. The password was written down on the advice of the resident graybeard, and not lost. Since then I’ve been leery of full-disk encryption. Documents that need it, yes; but invite lockout from your bootable system disk, no.
Anonymous •
@xDSx
We think these technologies are a good idea because the technologies we use otherwise are broken in such a way that we at the bottom are exploited, abused and at the merci of people and institution who do not care about us at all.
The flaw in your argument is that you seem to think the people exploiting the existing financial system are not also exploiting the crypto system in the exact same way.
As George Carlin once said, “it’s a big club, and you ain’t in it.”
this guy •
@Bruce
I can’t understand why anyone thinks these technologies are a good idea.
I guess: greed.
LeeHamm •
Slightly off topic but worth a mention…
Liberty Safe is illustrating a great argument for not having a back door in data encryption. Lots of physical safe owners are now wondering if their safes also have a back door, available to the FBI or other bad guys.
Emily Stark •
@ Erdem Memisyazici,
quantum logic gates. It’s a cost issue at best. Will get cheaper in a few years.
The papers are already based on hypothetical quantum computers much better than the current ones. Quoting Amy et al.: “Improving any of the issues listed above will certainly result in a better estimate and a lower number of operations[; however,] the decrease in the number of bits of security will likely be limited.” (Well, obviously it’s limited in the literal sense—a 140-bit security level can’t be reduced by more than 140 bits—so they must mean something like “small, in relation to the total number of bits.”)
A computation on the order of 2^140 or 2^150 cycles is unlikely to be feasible before the year 2100, under even the most optimistic estimates. If these hash attacks ever becomes practical, it’ll probably be long after every public ECDSA key is cracked. And, of course, if 256-bit hashes ever start looking weak, we can switch to the existing 384- or 512-bit ones that have already been defined. I don’t think this is where the surprises will come from.
Anonymous •
This is why crypto will never replace the traditional financial system. Users want and need failsafes, not this crap where losing a USB drive means you lose your life savings. That is not a viable system.
Clive Robinson •
@ LeeHamm, ALL,
“Lots of physical safe owners are now wondering if their safes also have a back door, available to the FBI or other bad guys.”
If it’s an electronic lock almost certainly, and if a physical lock “weak points” in the design.
This is norhing new, and it’s both a legal and safety requirment going back more than a century.
Have a think back on the Apple v. FBI / DoJ a few years back. The case got dropped by the FBI / DoJ when three things became clear,
1, Apple would fight every which way till hell froze over, and then some. Which as they made it clear to certain politicians Apple moving completely “Off Shore” and would not ever employ US Personnel again nor give the usual kick backs etc was a bit of an alarm.
2, Apple’s legal argument was gaining traction against the FBI / DoJ.
3, The FBI to avoide adverse case law found an excuse to drop the case.
In short the FBI and DoJ want nothing but “token security” which unfortunately in the case of both physical and electronic locked safes is all to easy to find out as Mossad demonstrate on a regular basis. Worse the FBI / DoJ want it without “legal oversight”…
With physical systems it’s near impossible to not “release the secret sauce recipe” as the tool marks will remain on the evidencence and legally have to be documentd in the chain of evidence.
So there is little or nothing “Liberty Safe” could do because such “back doors” are there for “safety reasons” so can not be argued away as Apple did.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Original Post URL: https://www.schneier.com/blog/archives/2023/09/cryptocurrency-startup-loses-encryption-key-for-electronic-wallet.html
Category & Tags: Uncategorized,cryptocurrency,encryption,keys – Uncategorized,cryptocurrency,encryption,keys
