[Cryptography] I don't get it.

Jerry Leichter leichter at lrw.com
Wed Apr 16 17:57:26 EDT 2014


On Apr 16, 2014, at 5:39 PM, ianG <iang at iang.org> wrote:
> In SSL, we kind of got by in spite of bad practices.
> No such luck in Bitcoin, oh boy.  There, the results are as predicted
> by the practices.  Why?  Why is it so?
There was never a need for attackers to go after SSL directly - there were plenty of ways to get around and get whatever you wanted done.  It's a difficult argument to make, but the kinds of attacks that SSL was designed to protect against never really emerged, even in cases where SSL was badly deployed or not deployed at all.  Even the NSA, from what we've seen leaked so far, didn't bother to go "through" SSL - they had plenty of ways to get around it instead.

The story is different for Bitcoin.  The transactions are much more limited, and you don't have all kinds of third parties who can be tricked or coerced into getting around security: The guys essential to security actually have skin in the game.  In general, the crypto is much more tightly bound to the semantics of the actual protocols and transactions than is the case with SSL.  So in this case, the weak links were in the implementations - and sure enough, they got attacked.
                                                        -- Jerry



More information about the cryptography mailing list