A wallet on a block chain is the core way any end user interacts with it. It establishes the end of the line of trust in the system, and using/accessing one is the edge of trust. The wallet supports the means of making transactions between it and the chain to one or more parties. A wallet can ensure anonymous use of the chain and provides trust between transactions without the need of validation of identity or cheating the system since all transactions are validated before applied.
To establish a baseline of a secure system these are a few important points to note.
Wallets in block chain technology check all the bullet points for a secure system.
- Authentication – If you have access to the wallet, it is assumed you are the owner and there isn’t much protection against attacks here.
- Authorization – If you have the pass phrase and the wallet address you are authorized to use it and interact with the services on the block chain. It is very hard to random/brute force your way into this.
- Non-Repudiation – Having your wallet lets you make transactions on the chain.
- Integrity – Through the use of transactions via the wallet you are a trusted entity on the system. Transactions are verified by consensus so you aren’t not going to have a invalid request (although it is more likely to be denied.)
Wallet check bullet points for Internet Privacy:
- Individual Privacy - Chain Specific but typically anonymous or pseudo anonymous only need an email or pass phrase to signup and access.
- Communication Anonymity - Trust between entities without revealing identities of the party. Having an address is enough to establish trust with another party.
Moral of the story is, once you have access to the wallet, you pretty much have unrestricted access to use it to your desire. There is no off switch or protection inside the wallet, and you are bound to the credits you have to use in the system.
Is that really what we wanted?
Attacks
- $5 Wrench Attack
- Keyloggers
- Wallet.dat imports
- Stolen Phones
- Mad Spouse
- Shared Logins
All of these are attacks that make getting access to a wallet obtainable, and once obtained you are a trusted entity on the system.
Recovery
Forgot my password
If you forget your pass phrase or lazily try and maintain your wallet, you risk loss. There isn’t a great way to recover your assets if you have lost something to access it.
No Limits
As annoying as the banking system is. I does add some sanity checks for thinks like limiting atm withdrawal, reviewing large transactions, serving as a mediator between transactions etc. At some point we take these things for granted, and when they are barrier to something you want to do it is a inconvenience. For situations when your credit card is stolen it is good there is someone there to monitor your transactions and limit the damage. With block chain wallets there is no damage control.
No comments:
Post a Comment