Hello,
Sorry for my english, I would like to inquire the safety of the Bitcon system. It uses the p2p, and has a vote decision, but it has not standlone operating system. If a big interest want to spoil it, can be attack through the operating system. Due to the regular op. system updates, it is possible to hide a leak most of the major systems, after when the system compromised on the next update, it is possible to take the majority control, because the Bitcoin Core is a running program above the op.system. IMHO in the future, the Bitcoin system must be run trusted op.system.
Re: How is the Bitcoin system vulnerable?
Your English is just fine!
The overall security of the bitcoin system is created in the mining process. If an attacker is able to gain the vast majority of the hashing power in a sustained manner, then he is able to stop payments from being processed, and he may be able to "undo" payments that have been confirmed by the network. This type of attack does not allow an attacker to create more coins into the network (inflation), nor does it allow an attacker to spend coins that he does not have the private keys for (theft). The cost of this attack is very large, you would either have to purchase more ASIC machines yourself, than all other people on the planet combined. This is a huge cost.
Or you would have to hack a number of large mining corporations / pools. They are certain to notice this and make changes quickly (otherwise they will lose money, and will not be able to pay for the electricity). You could not keep up a sustained attack like this, the owners of the machines would have to fix this issue or go bankrupt.
The last option is for a government to seize mining equipment. There is really only enough mining power in China to seize, and this would require an all-out assault. It would not go unnoticed, and the bitcoin community would be able to react.
You cannot mine bitcoins using regular computers. I believe that if you were to use every single one of Google's computers to mine for bitcoin, you would have less than 1% of the hashing power. So seizing all servers operated by Google, Facebook, Amazon (incl Amazon Web Services) and all supercomputers in operation in the world - would not be sufficient to hijack the network.
Due to the high cost, I don't think any entity will use this approach to attack the bitcoin network. They are more likely (if they are government) to pass laws that make the use of bitcoin illegal. Although they still can do this, it is less likely now than this scenario was a few years ago. They can slowly kill it though regulations, but bitcoin business can (and do!) move to other countries that do not have these regulations.
I'd say that the biggest risk for bitcoin is end user security, and the biggest challenge is for end users to take the security of bitcoins seriously. People are used to the financial sector being able to restore access to bank accounts in case credentials get lost - with bitcoin there is no one who can do this. False charges can be reversed - with bitcoin this cannot be done. People have to ensure they keep their keys safe, and that is a problem with hackers gaining access via software updates, etc. But, by using offline wallets (ie Trezor), or multisig wallets (ie BitGo), this is much more difficult - close to impossible. For long term storage, properly generated offline paper wallets (ie MyCelium Entropy) are very secure. If you are paranoid (like many in the bitcoin space), or have a huge amount of money to secure, you would use multiple solutions and combine them using multisig addresses. I don't see how this would be at risk.
The overall security of the bitcoin system is created in the mining process. If an attacker is able to gain the vast majority of the hashing power in a sustained manner, then he is able to stop payments from being processed, and he may be able to "undo" payments that have been confirmed by the network. This type of attack does not allow an attacker to create more coins into the network (inflation), nor does it allow an attacker to spend coins that he does not have the private keys for (theft). The cost of this attack is very large, you would either have to purchase more ASIC machines yourself, than all other people on the planet combined. This is a huge cost.
Or you would have to hack a number of large mining corporations / pools. They are certain to notice this and make changes quickly (otherwise they will lose money, and will not be able to pay for the electricity). You could not keep up a sustained attack like this, the owners of the machines would have to fix this issue or go bankrupt.
The last option is for a government to seize mining equipment. There is really only enough mining power in China to seize, and this would require an all-out assault. It would not go unnoticed, and the bitcoin community would be able to react.
You cannot mine bitcoins using regular computers. I believe that if you were to use every single one of Google's computers to mine for bitcoin, you would have less than 1% of the hashing power. So seizing all servers operated by Google, Facebook, Amazon (incl Amazon Web Services) and all supercomputers in operation in the world - would not be sufficient to hijack the network.
Due to the high cost, I don't think any entity will use this approach to attack the bitcoin network. They are more likely (if they are government) to pass laws that make the use of bitcoin illegal. Although they still can do this, it is less likely now than this scenario was a few years ago. They can slowly kill it though regulations, but bitcoin business can (and do!) move to other countries that do not have these regulations.
I'd say that the biggest risk for bitcoin is end user security, and the biggest challenge is for end users to take the security of bitcoins seriously. People are used to the financial sector being able to restore access to bank accounts in case credentials get lost - with bitcoin there is no one who can do this. False charges can be reversed - with bitcoin this cannot be done. People have to ensure they keep their keys safe, and that is a problem with hackers gaining access via software updates, etc. But, by using offline wallets (ie Trezor), or multisig wallets (ie BitGo), this is much more difficult - close to impossible. For long term storage, properly generated offline paper wallets (ie MyCelium Entropy) are very secure. If you are paranoid (like many in the bitcoin space), or have a huge amount of money to secure, you would use multiple solutions and combine them using multisig addresses. I don't see how this would be at risk.
Excited about the potential of Bitcoin Cash in the beautiful country of Belize.
Developer of the RegisterDocuments.com Document Registration Service (using the Bitcoin Cash blockchain).
Developer of the RegisterDocuments.com Document Registration Service (using the Bitcoin Cash blockchain).
-
iFixBTCmemoryIssues
- Gold Bitcoiner
- Posts: 2682
- Joined: Tue Nov 24, 2015 9:03 pm
Re: How is the Bitcoin system vulnerable?
Great post!Your English is just fine!
The overall security of the bitcoin system is created in the mining process. If an attacker is able to gain the vast majority of the hashing power in a sustained manner, then he is able to stop payments from being processed, and he may be able to "undo" payments that have been confirmed by the network. This type of attack does not allow an attacker to create more coins into the network (inflation), nor does it allow an attacker to spend coins that he does not have the private keys for (theft). The cost of this attack is very large, you would either have to purchase more ASIC machines yourself, than all other people on the planet combined. This is a huge cost.
Or you would have to hack a number of large mining corporations / pools. They are certain to notice this and make changes quickly (otherwise they will lose money, and will not be able to pay for the electricity). You could not keep up a sustained attack like this, the owners of the machines would have to fix this issue or go bankrupt.
The last option is for a government to seize mining equipment. There is really only enough mining power in China to seize, and this would require an all-out assault. It would not go unnoticed, and the bitcoin community would be able to react.
You cannot mine bitcoins using regular computers. I believe that if you were to use every single one of Google's computers to mine for bitcoin, you would have less than 1% of the hashing power. So seizing all servers operated by Google, Facebook, Amazon (incl Amazon Web Services) and all supercomputers in operation in the world - would not be sufficient to hijack the network.
Due to the high cost, I don't think any entity will use this approach to attack the bitcoin network. They are more likely (if they are government) to pass laws that make the use of bitcoin illegal. Although they still can do this, it is less likely now than this scenario was a few years ago. They can slowly kill it though regulations, but bitcoin business can (and do!) move to other countries that do not have these regulations.
I'd say that the biggest risk for bitcoin is end user security, and the biggest challenge is for end users to take the security of bitcoins seriously. People are used to the financial sector being able to restore access to bank accounts in case credentials get lost - with bitcoin there is no one who can do this. False charges can be reversed - with bitcoin this cannot be done. People have to ensure they keep their keys safe, and that is a problem with hackers gaining access via software updates, etc. But, by using offline wallets (ie Trezor), or multisig wallets (ie BitGo), this is much more difficult - close to impossible. For long term storage, properly generated offline paper wallets (ie MyCelium Entropy) are very secure. If you are paranoid (like many in the bitcoin space), or have a huge amount of money to secure, you would use multiple solutions and combine them using multisig addresses. I don't see how this would be at risk.
If you are running a version of Bitcoin Core, stop using it. Upgrade to Bitcoin Unlimited or Classic immediately.
Fix Your Unconfirmed Transaction.
Vote for the future of our Bitcoin network!
Re: How is the Bitcoin system vulnerable?
There is some amount of diversity in wallet implementations and they all run on many different operating systems. So there is at least some amount safety in that a virus would need to be somewhat sophisticated, and not likely to be something you can just go and buy like the existing bitcoin ransom locker viruses.
CryptAxe.com | bitcoinhivemind.com
-
vanilladev
- Nickel Bitcoiner
- Posts: 60
- Joined: Wed Sep 30, 2015 2:55 am
- Contact: Website
Re: How is the Bitcoin system vulnerable?
Nuclear reactors also suffer from this problem. Mainly the Siemens PLC's (I've tested mine, RPC is flawed and easy to propagate arbitrary payloads). Do you remember Stuxnet? So yes it could be quite easy to infiltrate a large mining facility with a worm and cause a disaster. It's easy to target a known physical facility vs. some random node. The type of operating system doesn't change this, if someone wants to do it, they can with skill. This is why you should not rely solely on Proof-of-Work for transaction consolidation IMHO.Hello,
Sorry for my english, I would like to inquire the safety of the Bitcon system. It uses the p2p, and has a vote decision, but it has not standlone operating system. If a big interest want to spoil it, can be attack through the operating system. Due to the regular op. system updates, it is possible to hide a leak most of the major systems, after when the system compromised on the next update, it is possible to take the majority control, because the Bitcoin Core is a running program above the op.system. IMHO in the future, the Bitcoin system must be run trusted op.system.
Who is online
Users browsing this forum: No registered users and 1 guest