What is a better way to maintain a distributed ledger? Also, is it even theoretically possible to get bitcoin security right in your opinion? Is it practical?
This first question comes up all the time in security threads and you should know the answer is "it doesn't matter". If the threat/concern/flaw/whatever is valid, the person who raises it doesn't need to have a better alternative.
His points are valid not only against Bitcoin, but against a large set of existing e-commerce sites and technologies. I think he would be more convincing if he could come up with some attacks that were unique to Bitcoin and would justify the undercurrent of his comment -- that Bitcoin is bound to fail, and fail badly enough that it will be of no use to anyone except scammers.
I think he would be more convincing if he could come up with some attacks that were unique to Bitcoin
"Find any combination of inputs (say, of the executable script that Bitcoin runs by design) which gives you an RCE on one instance of the satoshi client, fan out the attacker-chosen code to the entire network, root (a large percentage of) the network at once." is my usual example of a hypothetical attack. People keep telling me that this can't happen. Your call on whether you find them or me more credible. I have no particular dog in that fight -- no change in the Bitcoin price affects my net worth. (If Bitcoin imploding would cause me to be impoverished, I might buy a pair of the rose-tinted lenses that some folks seem to be wearing.)
Touche. The attack you mention could happen. In fact it's impossible for anyone to to prove that it can't, other than by removing the script running capability. I suppose I should be more convinced now. I guess what I would really need to be convinced is to be shown a flaw in the fundamental idea of Bitcoin that could not be fixed, rather than in specific features of it's current implementation that can probably be fixed. Is it worth throwing the baby out with the bathwater for something fixable like this?
Wouldn't it be great if Bitcoin worked? Wouldn't it be great if it didn't take several days to move a few grand from one account to another? Wouldn't it be great if no one could take your money without your permission? Wouldn't it be great if you never had to touch physical currency again? Wouldn't it be great if you didn't have to fill out a piece of paper and sign it to give someone else a significant amount of money? And then they didn't have to scan it into their phone, or shove it in an ATM or wait in line to deposit it? Why do I still have to do that? Wouldn't it be great if it wasn't so expensive to send money with Paypal?
Bitcoin has a sordid history of theft and fraud -- not more sordid than any other currency/commodity I can think of though. There will continue to be thefts and fraud. People will probably pay for better security. Who knows maybe people will end up paying as much for bitcoin security as they do now for the privilege of using visa/mastercard/etc.
Let people play with their Bitcoins -- the results might not be all bad.
I know nothing about Bitcoin, but here are some questions I can answer!
Wouldn't it be great if it didn't take several days to move a few grand from one account to another?
Absolutely not! I want the bulk of my life savings kept in an asset that is only liquid on the timescale of days, or even longer. I have seriously contemplated trying to find a broker that has no web presence at all, one that would refuse to execute a trade unless I turn up in person - ideally with three forms of ID and a DNA sample.
I'm not a criminal, I don't live in a failed state and the odds that I'll need to flee the country on 24 hours notice are very low. So I want my retirement money to be hard to move.
If one day I decide otherwise - perhaps taking up high-stakes casino gambling, or day trading - I'll withdraw a bunch of cash and bury it in the backyard or something. This will take considerable time and preparation, making it very hard for me to take up high-stakes gambling on a whim at 3am late one night, but that is not a bug but a feature.
Wouldn't it be great if no one could take your money without your permission?
What defines "my permission"? Is Bitcoin a mindreading technology? If someone steals and/or cracks my computer with my Bitcoins on it, they don't get my Bitcoins? Or, rather, deprive me of my Bitcoins, which is exactly as bad from my perspective?
If Bitcoin were a mindreading technology, even that would only go so far. We don't even need to invoke wacky movie-plot truth-serum scenarios, or torturers armed with five-dollar wrenches, to see the problem: I have, alas, extensive life experience with Alzheimer's patients who slowly but surely stopped being "themselves". There's a large and evil cottage industry built around bilking such people. As someone with no kids and no plans to have any, this is actually an important practical issue in my life: I'm going to grow old (hopefully!), I may well become senile, and the day may come when the safest place for my money is in a trust, where even I can't give permission to spend it without first convincing an independent trustee.
@patio11: So, your attack basically amounts to "find RCE, then use RCE to gain control of whole network at once".
Okay, the problem with this argument is that it is technically valid on any network of any kind. If I invent magic exploit that lets me execute any code I choose, then I can gain control of entire network because I now can execute any code I choose on it. Sure. That much is obvious, but not specific to Bitcoin.
You originally put the price of "Subtle bug in the Satoshi client C code: $100,000" but without giving any meaningful reason behind this number. You know that throwing money at finding bugs doesn't actually find them, right? If the bug does not exist, then it cannot be exploited, no matter how much money is thrown at the problem.
Now, I'm not saying that there is no such bug, because I have no idea whether there is or not. However, when the existence of said bug translates directly into a money-stealing opportunity, in the most literal possible way I can imagine, then there is a rather large incentive amongst those concerned to make sure no such bug exists. I wouldn't be particularly surprised if that particular piece of code wasn't the most ridiculously oversecured thing you can imagine.
Now, obviously flaws can exist elsewhere, and often do. But you're pointing to something that is fundamental to the network and saying "what if it has a flaw", and that seems too obvious to actually be meaningful or insightful to me. Anything can have flaws. The useful question is not "what if there's a flaw?", but "does it have a flaw?".
This is obviously just one example of a link in Bitcoin that is weaker than SHA2. An even weaker link would be the appsec quality of the largest Bitcoin transacting sites.
