Gridcoin Poll: Should SSL encryption be mandatory for whitelisted projects?

in #boinc8 years ago (edited)



What's the issue?

Several whitelisted BOINC projects either do not have SSL (HTTPS) encryption support or their certificates have significant issues (cert mismatch or vulnerabilities).

SSL encryption can easily be implemented for free via LetsEncrypt! LetsEncrypt provides secure SSL certificates for free and with the recently created Certbot (by EFF)

Without SSL encryption, a man in the middle (an individual between you and the BOINC web server) can potentially intercept your plain-text user account credentials for the affected project.

If you use Boincstats/BAM then your BOINC project accounts and BAM account all share the same password, so an individual 'man in the middle' attack on an insecure project could yield the user account credentials for 30+ websites.

We're talking about 7-9 projects with questionable/no SSL encryption support, so if we were to agree it should be enforced it's quite possible that projects are voted out of the whitelist.

We've been reaching out to BOINC projects for several months now, check out the latest progress report.

Info regarding how likely MITM attacks are: https://security.stackexchange.com/questions/12041/are-man-in-the-middle-attacks-extremely-rare

Thoughts?
Cryptocointalk thread
Twitter post - like & retweet!

How can I vote?

Windows users:

  1. Launch Gridcoin client & fully sync the blockchain.
  2. If your wallet is encrypted, fully unlock the wallet (not just for 'staking only').
  3. Click "Advanced" , then click "Voting".
  4. Right click on the poll with the Question "Should SSL encryption be mandatory for whitelisted BOINC projects?"
  5. Click the "Vote" button in the context menu that appears. A voting window should appear.
  6. Check one of the checkboxes (Yes/No).
  7. Click the "Place Vote" button. If you get a warning/error, fully unlock your wallet and repeat the above steps.

Linux users:

QT Wallet:

  1. Launch the Gridcoin wallet (QT) & fully sync the blockchain.
  2. Fully unlock your wallet.
  3. Navigate to the Debug Console (Help - Debug Window - Console (tab) )
  4. Enter one of the following commands:
  • For yes: execute vote ssl_enforcement_poll yes
  • For no: execute vote ssl_enforcement_poll no

Terminal:

  1. Launch the Gridcoin wallet (QT) & fully sync the blockchain.
  2. Fully unlock your wallet.
    e. Enter one of the following commands:
  • For yes: gridcoinresearchd execute vote ssl_enforcement_poll yes
  • For no : gridcoinresearchd execute vote ssl_enforcement_poll no

Extra info

  • The poll lasts 2 weeks from last night.
  • The vote weight type used is 'mag+balance'.


#gridcoin #cryptocurrency #security #encryption
8 years ago in #boinc by
$1.11
  • Past Payouts $1.11, 0.00 TRX
  • - Author $0.86, 0.00 TRX
  • - Curators $0.25, 0.00 TRX
28 votes
Reply 5
Sort:  
  • Trending
    • [-]
     8 years ago 

    Voted yesterday to the poll :)

    [-]
     8 years ago 

    grctester grctest tweeted @ 23 Aug 2016 - 01:47 UTC

    Gridcoin poll: Should SSL be mandatory for whitelisted BOINC projects?

    steemit.com/boinc/@cm-stee... / https://t.co/IfFshX6m4w
    @GridcoinNetwork @letsencrypt @EFF #Consensus

    Disclaimer: I am just a bot trying to be helpful.
    $0.00
      Reply
      [-]
       8 years ago 

      Outcome of the Gridcoin SSL poll

      SSL

      With 111,304,097 of 760,444,832 (14.637%) of total vote weight participating, the outcome was to NOT enforce SSL encryption as a mandatory whitelist requirement.

      $0.00
        Reply

        Coin Marketplace

        STEEM 0.19
        TRX 0.13
        JST 0.030
        BTC 62567.99
        ETH 3431.85
        USDT 1.00
        SBD 2.47