Readit News logoReadit News
lekevicius commented on A cryptocurrency loophole only Congress can close   axios.com/massive-cryptoc... · Posted by u/samizdis
AJ007 · 4 years ago
The irony is that the crypto prefix in cryptocurrency refers to cryptography, which basically no one involved knows a damn thing about.

I’ll leave it at this Wikipedia excerpt: “Cryptosporidium, sometimes informally called crypto” https://en.m.wikipedia.org/wiki/Cryptosporidium

lekevicius · 4 years ago
99% of people investing in cryptocurrencies have extremely limited knowledge of cryptography.

However, a lot of innovations in cryptography these days come from cryptocurrency world. Aggregated signatures, ZK applications, etc.

lekevicius commented on A cryptocurrency loophole only Congress can close   axios.com/massive-cryptoc... · Posted by u/samizdis
ekanes · 4 years ago
Example: Camera & "Digital Camera" --> Camera & "Film Camera" -- which one was assumed was reversed.
lekevicius · 4 years ago
Excellent example. My first thought when I hear the word "camera" is a bunch of sensors on the back of my phone... so maybe sands will shift again, and we'll have "dedicated camera".
lekevicius commented on A cryptocurrency loophole only Congress can close   axios.com/massive-cryptoc... · Posted by u/samizdis
turminal · 4 years ago
I really wish people would stop calling cryptocurrency crypto. I bet lots of people are very unhappy when they hear "catastrophic crypto bug" or "crypto loophole" and it turns out its about cryptocoins.
lekevicius · 4 years ago
Language is an ever-shifting sand. Some years ago crypto meant cryptography, and "cryptocurrency" had to be used in full for people to understand. Now, positions have swapped. Cryptography is the one that needs to be spelled out in full.
flixic commented on Find images from movies based on what you draw   huggingface.co/spaces/osa... · Posted by u/zuhayeer
flixic · 4 years ago
It somewhat decently identifies the object drawn, but fails badly to actually find the identified object.
flixic commented on Why Did Satoshi Decide to Use Secp256k1 Instead of Secp256r1?   dappworks.com/why-did-sat... · Posted by u/g42gregory
sentinel · 4 years ago
Any recommendations for courses or books that give a 101 intro all the way to understanding these curves and why / how they are used?

I'd like to get a grasp on this from first principles. Thank you!

flixic · 4 years ago
This is a pretty good intro article: https://andrea.corbellini.name/2015/05/17/elliptic-curve-cry...
flixic commented on The Facebook Status Page is up again   status.fb.com/... · Posted by u/mritzmann
flixic · 4 years ago
Facebook app, Instagram and Messenger are working for me.
flixic commented on Brave and Firefox to intercept links that force-open in Microsoft Edge   ctrl.blog/entry/anti-comp... · Posted by u/gbil
flixic · 4 years ago
I'd like to hear Microsoft's explanation for this "feature".
flixic commented on Cryptocurrency and the unbanked   blog.prologe.press/blog/c... · Posted by u/ben_talent
flixic · 4 years ago
Despite benefiting tremendously from crpyto, I don’t believe this narrative.

The article mentions the core problem: being your own bank is a HUGE risk. I can accept that risk and deal with complex security mechanisms I have to maintain to both protect my own bank and keep it accessible. But a good security guide for crypto is 20-30 pages and requires serious cryptographic understanding. Currently, I can’t expect that from average users.

Everything can be solved over time. Social recovery wallets and user-friendly hardware might become mainstream. But I don’t see that happening in the next 5-6 years, and I fully expect CBDCs to be far along in that time. Then, countries will be a lot less motivated to promote crypto for the unbanked.

flixic commented on The Rise of One-Time Password Interception Bots   krebsonsecurity.com/2021/... · Posted by u/elorant
im3w1l · 4 years ago
I like how the ones in my country work, when you want to send money you have to sign the transfer with the 2fa app, and the 2fa app itself will display how much money you are transferring, preventing an mitm from displaying one amount but actually sending another. However the recipient is not displayed. So a mitm could modify a legitimate transfer to have another recipient, stealing the $100 destined for your utility bill. But at least that is not a catastrophic loss.
flixic · 4 years ago
For transfers, Smart ID displays both recipient and amount. So that part can’t be easily MITM’d.
flixic commented on The Rise of One-Time Password Interception Bots   krebsonsecurity.com/2021/... · Posted by u/elorant
btown · 4 years ago
Is it still vulnerable to a MITM attack though, e.g. https://krebsonsecurity.com/2020/04/when-in-doubt-hang-up-lo... ?

Attacker wants Victim's code. Attacker calls the Bank impersonating Victim, and also calls Victim impersonating the Bank. Bank tells Attacker the code check, Attacker tells Victim the code check, Victim sees the match and enters their PIN into the Smart-ID app, and Attacker's phone session with Bank is now fully authenticated and has no more need for Victim.

flixic · 4 years ago
I never thought about this, but yes, I think it can be MITM'ed exactly as you described. Same attack can probably be performed on the web, where Smart ID is also a sign in method.
f

u/flixic

KarmaCake day3073February 9, 2011
About
Web and app designer and developer. @lekevicius

[ my public key: https://keybase.io/lekevicius; my proof: https://keybase.io/lekevicius/sigs/hrkS3l9IZp-H77PDQFN9cbMbAM9rFQ-6sISj9gTId9Y ]

View Original