Are we hackable


#1

Hey guys,

I’ve a friend who is convinced that the safe net is hackable. Says that the only secure thing
in crypto is a one time pad.

Can you provide me with some links covering why this is not true?

Personally I believe it is not.


#2

The whitepaper: https://github.com/maidsafe/Whitepapers/blob/master/Project-Safe.md

With that being said, we make the strong assumption here that the network is implemented correctly and securely mirrors the requirements in the whitepaper. No software is truly bug free and I would be very surprised if Safenet never had a bug (for instance, Bitcoin has had to hard-fork in the past due to bugs).

Your friend sounds like a smart person, they should know that any computer program which isn’t air-gapped is “hackable”, the important thing is that the program has a planned and robust disaster recovery plan for when this eventuality happens.

As such, the one-time-pad is in the same situation as SAFE and every other computer system, not only must the chosen cipher perfectly match the proposed specifications (no edge cases), but the proposed cipher’s specification must be without flaw (in perpetuity, for attack vectors we may not be aware of for another 50 years.)


#3

He is either a smart person or a smartass. Anyone can say the mantra that anything is hackable, but to be able to say why is another thing.

The user’s PC is not addressed in SAFE’s development (at this time), so the PC is hackable and thus the SAFE account for that person is hackable. But only a 3rd party hack and not a hack on SAFE.

And as @Shane said


#4

Totally agree, as long as your os is not running on the SAFE Network itself, your hackable.

Honestly, there is a pattern of login, really SAFE.

Go to https://prism.exchange/login
Click on “CIVIC ID”

This is no coincidence, a second login method should be available beside the hit your keyboard option that me got at the moment. Personally I wish that @paul (Yeah Paul Puey of Airbitz/Edge) would put up an CEP.

I would put my money where my mouth is and support it :money_mouth_face: :money_with_wings: :moneybag:

The os on your phone should also be running on the SAFE Network, really then things can get interesting to see it getting hacked.


#5

Technically he’s right, at least that’s generally accepted as true.

But he is being misleading by not saying ‘theoretically hackable’ and not explaining that this does not equate to SAFEnetwork being insecure or vulnerable to actual hacking.

In theory a properly random and properly used one time pad is not ‘hackable’ (vulnerable to known code breaking techniques) but that doesn’t mean that it is the only secure method in practice. In practice, one time pads are very rarely used - ask him to give you some examples of computer systems secured by one time pads. If his answer suggests hardly ever ask him why that is (I’m not aware of any so I’d be interested to know of any).

In his view, based on that misleading statement, all computers are hackable, to which the appropriate response is ‘so what?’ (Serious question, what’s his point?)


#6

How does CivicID tie into SAFE Browser or Beaker


#7

This is not even true. A one time pad in itself is an impossibility as it requires truly random data. Even if a one time pad were possible, then you could use it exactly once and for a single purpose only. It is a theoretical model of a secure encryption technique.

In short is is xor some very random data with you’re message. Then you must give the other person the PAD, it used to be written into shells (but was not truly random, just pseudo-random) and the shells transferred in a different medium to the message. So your friend is not correct really as even those methods are not 100% secure (I can get the shell etc.).

I looked at this a while back and there are 2 one time pad mechanisms thought to be secure, one uses a PAD that is at least the size of the message (Shannon IIRC) and the other where the pad is cycled. So in your friends logic, the only thing that is secure in crypto is these two things :wink:


#8

You could use it like Brave browser
https://www.coindesk.com/brave-browser-is-using-civics-blockchain-platform-to-verify-publishers/

But it’s better to not use anything from “companies” unless it’s open-sourced. SAFE’s selfAuth is great, it just needs to work with an option like Sqrl.