IOTA vs MIT - A deep dive - Programmer explains

in iota •  9 months ago

IOTA has had significant security vulnerabilities - this is what MIT claims. IOTA doesn't agree and instead tells us that MIT misunderstood the whole situation. Let's discuss what happened and what each side claims. Who do you agree with? Let me know and let's discuss in the comments below!

MIT also bring up concerns about other cryptocurrency projects not being vetted when it comes to secutiry. Do you guys agree?

MIT article https://medium.com/@neha/cryptographic-vulnerabilities-in-iota-9a6a9ddc4367

IOTA Response https://medium.com/@mistywind/iota-cofounder-sergey-ivancheglo-aka-come-from-beyonds-responses-to-the-ongoing-fud-about-so-ea3afd51a79b

🍻 Join the crypto discussion forum - https://thecrypto.pub
📺 The best crypto content in one place - https://cryptochannel.tv
📚 Get my free e-book on Bitcoin and Blockchain - http://eepurl.com/c0hyc9 you will receive the book in your inbox once you sign up

👫👭👬Social:
Steemit: https://steemit.com/@ivanli
Facebook: http://facebook.com/ivanontech/
Slack: http://slack-invite-ivan-on-tech.herokuapp.com
Exclusive email list: http://eepurl.com/c0hyc9

🤑 Buy cryptocurrencies: https://www.coinbase.com/join/529bab0ab08ded7080000019

💰 Secure your Crypto with Hardware Wallets:
Ledger: https://www.ledgerwallet.com/r/4607
Trezor: https://trezor.io/?a=rvj3rqtje3ph

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

I didn't know the advantages of MIT

The biggest red flag that makes me question the competence of the IOTA developer(s) is that they "removed a part of the copy protection mechanism which became useless once details of its work had become known to others". That sounds like they were relying on "security through obscurity". An absolute no-go. Another one is that they claim something is impossible in practice because it requires the user to be tricked into running arbitrary code... that happens all the time.

·

That sounds like they were relying on "security through obscurity".

The system was never insecure by this copy-protection mechanism, because all transactions are currently routed through the Coordinator which checks for this specific attack (by design). Someone who copied the open source IOTA protocol code would not have the Coordinator to protect them, so their protocol would have been vulnerable to this type of attack (hence why this was a copy protection mechanism).

Once the MIT team discovered and revealed the details of the attack, there was no need to leave that mechanism in place since anyone copying the protocol would now know to check for the vulnerability.

Another one is that they claim something is impossible in practice because it requires the user to be tricked into running arbitrary code... that happens all the time.

Their point isn't that it makes the attack impossible but that it makes the attack impractical. If you can trick the user into running arbitrary code then there is no reason to create fake transactions - you can just steal their seed and move the funds regardless.

nicely done by you i like it and upvoted