jm + private-keys   5

Tahoe LAFS accidentally lose Bitcoin wallet with loads of donations in it, get it back
But ECDSA private keys don't trigger the same protective instincts that
we'd apply to, say, a bar of gold. One sequence of 256 random bits looks
just as worthless as any other. And the cold hard unforgeability of
these keys means we can't rely upon other humans to get our money back
when we lose them. Plus, we have no experience at all with things that grow in value by
four orders of magnitude, without any attention, in just three years.

So we have a cryptocurrency-tool UX task in front of us: to avoid
mistakes like the one we made, we must to either move these digital
assets into solid-feeling physical containers, or retrain our
perceptions to attach value to the key strings themselves.
backups  cryptography  bitcoin  cryptocurrency  ecdsa  private-keys  ux  money 
march 2016 by jm
How To Implement Secure Bitcoin Vaults
At the Bitcoin workshop in Barbados, Malte Möser will present our solution to the Bitcoin private key management problem. Specifically, our paper describes a way to create vaults, special accounts whose keys can be neutralized if they fall into the hands of attackers. Vaults are Bitcoin’s decentralized version of you calling your bank to report a stolen credit card -- it renders the attacker’s transactions null and void. And here’s the interesting part: in so doing, vaults demotivate key theft in the first place. An attacker who knows that he will not be able to get away with theft is less likely to attack in the first place, compared to current Bitcoin attackers who are guaranteed that their hacking efforts will be handsomely rewarded.

private-keys  vaults  bitcoin  security  crypto  theft 
february 2016 by jm
OpenSSL Valhalla Rampage
OpenBSD are going wild ripping out "arcane VMS hacks" in an attempt to render OpenSSL's source code comprehensible, and finding amazing horrors like this:

'Well, even if time() isn't random, your RSA private key is probably pretty random. Do not feed RSA private key information to the random subsystem as entropy. It might be fed to a pluggable random subsystem…. What were they thinking?!'
random  security  openssl  openbsd  coding  horror  rsa  private-keys  entropy 
april 2014 by jm
Cloudflare demonstrate Heartbleed key extraction
from nginx. 'Based on the findings, we recommend everyone reissue + revoke their private keys.'
security  nginx  heartbleed  ssl  tls  exploits  private-keys 
april 2014 by jm

Copy this bookmark:



description:


tags: