BitShares Forum

Other => Random Discussion => Topic started by: robrigo on May 19, 2015, 02:00:33 pm

Title: Violated by the mighty Balrog
Post by: robrigo on May 19, 2015, 02:00:33 pm
Great read on CIN (Corruptor-injector networks) attacks. How can we mitigate these types of compromise on our hot wallet machines? If a cryptocurrency does threaten the status quo, we can assume damn well that they will be using these types of attacks to erode the trust in the system (maybe by keylogging and stealing funds for example).

cryptostorm.org/balrog
Title: Re: Violated by the mighty Balrog
Post by: roadscape on May 19, 2015, 03:18:09 pm
Crypto gives all the power to the clients... as more users store funds on their own machines, the incentive to attack clients increases significantly.

Hardware wallets (or some form of air-gap?) will be crucial in the long run. But can we trust hardware? :)
Title: Re: Violated by the mighty Balrog
Post by: CLains on May 19, 2015, 04:32:02 pm
The focus should be: Decentralize security..

Spatial decentralization

For instance, 2 out of 3 signatures required to unlock funds, e.g.

Signature #1 Your home PC
Signature #2 Your Laptop
Signature #3 Your Family/Friend

Temporal decentralization

For instance, transaction must be signed 3 times temporally apart, e.g.

First signing, at time zero
Second signing, at 48h>24h after time zero
Third signing, at 72h>48h after time zero

Then you can freeze your own transactions by double signing.

Mixing

For instance, to move >X amount within a week, 2/3 signers are required to sign each day for three days.

Since signatures are public information, we can hook this up to email notifying users when movements occur.
Title: Re: Violated by the mighty Balrog
Post by: karnal on May 19, 2015, 10:13:01 pm
Good point.. do we have multisig for bitshares?
Title: Re: Violated by the mighty Balrog
Post by: xeroc on May 20, 2015, 06:12:28 am
Good point.. do we have multisig for bitshares?
yes bitshares does already .. but before implementing anything yet you should better wait for the next release ..