IOTA has had significant security vulnerabilities - this is what MIT claims. IOTA doesn't agree and instead tells us that MIT misunderstood the whole situation. Let's discuss what happened and what each side claims. Who do you agree with? Let me know and let's discuss in the comments below!
MIT also bring up concerns about other cryptocurrency projects not being vetted when it comes to secutiry. Do you guys agree?
MIT article https://medium.com/@neha/cryptographic-vulnerabilities-in-iota-9a6a9ddc4367
🍻 Join the crypto discussion forum - https://thecrypto.pub
📺 The best crypto content in one place - https://cryptochannel.tv
📚 Get my free e-book on Bitcoin and Blockchain - http://eepurl.com/c0hyc9 you will receive the book in your inbox once you sign up
👫👭👬Social:
Steemit: https://steemit.com/@ivanli
Facebook: http://facebook.com/ivanontech/
Slack: http://slack-invite-ivan-on-tech.herokuapp.com
Exclusive email list: http://eepurl.com/c0hyc9
🤑 Buy cryptocurrencies: https://www.coinbase.com/join/529bab0ab08ded7080000019
💰 Secure your Crypto with Hardware Wallets:
Ledger: https://www.ledgerwallet.com/r/4607
Trezor: https://trezor.io/?a=rvj3rqtje3ph
I didn't know the advantages of MIT
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
The biggest red flag that makes me question the competence of the IOTA developer(s) is that they "removed a part of the copy protection mechanism which became useless once details of its work had become known to others". That sounds like they were relying on "security through obscurity". An absolute no-go. Another one is that they claim something is impossible in practice because it requires the user to be tricked into running arbitrary code... that happens all the time.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
The system was never insecure by this copy-protection mechanism, because all transactions are currently routed through the Coordinator which checks for this specific attack (by design). Someone who copied the open source IOTA protocol code would not have the Coordinator to protect them, so their protocol would have been vulnerable to this type of attack (hence why this was a copy protection mechanism).
Once the MIT team discovered and revealed the details of the attack, there was no need to leave that mechanism in place since anyone copying the protocol would now know to check for the vulnerability.
Their point isn't that it makes the attack impossible but that it makes the attack impractical. If you can trick the user into running arbitrary code then there is no reason to create fake transactions - you can just steal their seed and move the funds regardless.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
nicely done by you i like it and upvoted
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit