Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Tokens (Altcoins)
Re: [ANN][ICO]🇨 Crypterium - Digital Cryptobank with Credit Token & Open Platform🇨
by
marilyn4325
on 31/03/2018, 07:51:23 UTC
Quote from: FrankCastle1 on March 30, 2018, 09:18:51 PM
Quote from: marilyn4325 on March 30, 2018, 10:47:32 AM
Quote from: FrankCastle1 on March 29, 2018, 12:36:39 AM
On iOS app invitations:

For security reasons, Crypterium’s functionality will be made available to its users in stages (at this time, we are not completely sure that our service’s most important functions are error-free). To control this process, a limited number of special invitations have been provided to a certain part of our audience. We are planning to enable full access to Crypterium’s full range of options soon (reinstalling the app will not be necessary). We apologize for the inconvenience. The procedure of launching the app this way was implemented in the interest of our community. However, it is easier to simply wait for the service’s full range of options to open for everyone.

Wouldn't it be better to provide a public beta version for everyone instead to just "a certain part of our audience", maybe on the testenet (using the Ethereum Ropsten testnet and a test version of your backend) ? And would be nice to publish at least the source code of the client app on github, so that other people could look at it and give you feedback about security etc. As written before, security by obscurity is not working.


The full beta versions of the application are not available to everyone for control purposes. It is easier to collect the feedback from a few than the many. On source code, as I stated before, There is no plan to release Crypterium source codes on GitHub at the moment. It’s hard to tell that a frequency or severity of hacker attacks depends on this. The security is strong and fullfill the most modern security requirements. Our application belongs to the category of crypto banks. We do not know examples when current banking solutions are fully laid out to public. That’s a not safe. There is one more thing that should be taken into account. We have our own developments on safety, optimization, data transfer, etc that should be kept private. Our chosen methods are working perfectly fine, but thank you for your concern and feedback.

Unless everyone can see your code to verify that the security is strong, it is security by obscurity, and every security researcher and organization doesn't recommend it, e.g. "The National Institute of Standards and Technology (NIST) in the United States specifically recommends against this practice: "System security should not depend on the secrecy of the implementation or its components.", from https://en.wikipedia.org/wiki/Security_through_obscurity .

Here is an example of an open source banking solution: http://www.fintp.org It doesn't make sense to say that it is not safe. The opposite is the case: if everyone can see and review your code, you can get feedback to make it more safe. Otherwise bugs might be only found by black hat hackers.

Another big example of an open source financial system that works perfectly is the Bitcoin network. Traditional closed sourced banking is a dinosaur and I thought with the start of Bitcoin this was extinct.

Another famous open source example for banking is Paypal, see there github repository: https://github.com/paypal While they might not have released their core server code (but I didn't examine all 155 repositories they have), they have lots of source code available for third parties to integrate Paypal.

You plan that webshops can integrate Crypterium. You should at least have open source code so that webshops can do this easily.