IOTA: Snake oil insecurity with a centralized kill switch to shut off your money
⭐ Merited by Foxpup (8) ,Lauda (5) ,mindrust (5) ,bitmover (5) ,marlboroza (5) ,LoyceV (4) ,bones261 (4) ,Ratimov (3) ,The Pharmacist (2) ,mr.relax (1) ,minerjones (1) ,JollyGood (1) ,witcher_sense (1) ,Lachrymose (1) ,Rikafip (1) ,Blacknavy (1) ,Gyrsur (1) ,Hueristic (1)
It is high timeno, long past time to better warn people about the billion-dollar scam with a centralized kill switch. Please support:
From Coindesk, with my red boldface added:
(Note: This theft followed by IOTA hitting the kill switch happened only a few months after IOTA mainnet had 15 hours of downtime caused by a corrupt ledger state... Wait, what the hell kind of cryptocurrency has network-wide downtime? Bitcoin has no downtime, and certainly no corrupt ledger state.)
What bad news this is for a network that people are entrusting with their money:
(Archived)
Now, compare this fiasco and other known problems with IOTA to the dishonest claims in OP of IOTAs announcement thread (current snapshot):
Let me get this straight: IOTA avoids centralization of control by having a centralized kill switch which can turn off your money at any timeand they use that kill switch when theft occurs because their way to avoid obsolete cryptography is to sell you a bug-ridden heap of snake oil that has had its homebrew crypto broken in the past, and apparently is overall insecure and buggy (whether or not this latest theft was caused by a break of their crypto).
Because I am a techie, let me put this in terms of something that looks like maths and stuff:
The current IOTA disaster shows that honest technical experts on this forum, including myself, were justified long ago in giving a roundhouse kick to IOTAs snake oil security.
What do I mean by snake oil? Everybody who knows anything about practical cryptography knows well these warning signs:
https://www.schneier.com/crypto-gram/archives/1999/0215.html#snakeoil
I can stop at 5 of Schneiers warning signs without proceeding further, methinks.
I am not only calling IOTA insecure now. See what I said two years ago in a discussion with some of the smartest people in the Development & Technology forum, after IOTAs homebrew hash was cracked. All emphasis and boldface are hereby quoted as in my original posts.
Merited by achow101 (2), LoyceV (1)
This is not bad code. It is DIY crypto. Worse, DIY crypto for a primitivea DIY hash! Worse still, DIY crypto by a corporate outfit which never showed any evidence of being inhabited by world-class cryptographersdespite their claim in a spin-job piece that the IOTA Foundation has already subcontracted a team of 5 world-class cryptographers, as well as 3 independent ones to come up with a final design of Curl and then start the long peer-reviewed process, as was always the plan. N.b. that even world-class cryptographers need their primitive designs to undergo extensive peer review before fielding them with Other Peoples Moneywhether its the final design, or otherwise!
One of the people who broke IOTA had some damning words for it, in Cryptographic vulnerabilities in IOTA:
Anybody who buys into such ill-conceived crypto-junk as IOTA deserves to lose their money, on grounds of foolishness.
Merited by TMAN (10), achow101 (2), LoyceV (1)
I hereby partly retract one statement that I made in the above quotes:
The word deserves was rhetorical hyperbole. Newbies and people who are not technical experts do not deserve to lose money on a billion-dollar scam, which they lack adequate knowledge properly to evaluate. Wherefore my new action against IOTA: People deserve to be warned, so that they do not unknowingly take the high risk of losing money that comes with investing in a cryptocurrency that uses snake oil crypto, has suffered thefts (due to apparently as-yet undisclosed insecurities), and has actually had its whole network shut down with a centralized kill switch. IOTA is a broken-by-design financial time bomb!
Disclosures: I have no financial position which could be in any way directly affected by IOTAs market price. Indeed, I flatly ignore >99% of the altcoin market. IOTA just keeps coming to my attention as a disaster by design. In 2018, it was their broken homebrew hash; now, it is their kill switch... I want to warn others so that people dont take a high risk of losing money by buying into a billion-dollar scam with snazzy marketing, big corporate backers, and abysmally insecure technology.
- Flag #1417 against mich (see below)
- Flag #1416 against domsch (ibid.)
- Flag #1392 against iotatoken (see below)
- Flag #1388 against Come-from-Beyond, who is a.k.a. Come-from-Beyond... one of the founders of IOTA, and the core developer of the reference implementation and is still associated with IOTA, albeit as an unofficial advisor albeit with no position in the organization.*
(* As a practical matter, Mr Come-From-Beyond is the only well-known IOTA representative on this forum, official or otherwise; and the below quotations of OP on the IOTA announce thread were unchanged during his 201819 position on the IOTA Foundation Board of Directors. The scam accusation hereby is against IOTA itself; this thread is intended to support flags against any known major or quasi-official IOTA promotional accounts, regardless of technicalities.)
From Coindesk, with my red boldface added:
Quote from: Coindesk
IOTA Foundation Suspends Network, Probes Fund Theft in Trinity Wallet
Feb 13, 2020 at 23:22 UTC
Updated Feb 14, 2020 at 15:14 UTC
IOTA Foundation, the nonprofit behind the IOTA distributed network, recommended users close their Trinity wallets Thursday after multiple reports of fund theft.
IOTA said it started receiving the reports Wednesday and decided to shut off the Coordinator node in the network for further investigation.
[...]
On Twitter, IOTA said it is working with law enforcement and cybersecurity experts to investigate a coordinated attack that resulted in stolen funds.
Dominik Schiener, co-founder of the IOTA Foundation, did not respond to request for comments before the press time. CoinDesk will add updates as the story develops.
Feb 13, 2020 at 23:22 UTC
Updated Feb 14, 2020 at 15:14 UTC
IOTA Foundation, the nonprofit behind the IOTA distributed network, recommended users close their Trinity wallets Thursday after multiple reports of fund theft.
IOTA said it started receiving the reports Wednesday and decided to shut off the Coordinator node in the network for further investigation.
[...]
On Twitter, IOTA said it is working with law enforcement and cybersecurity experts to investigate a coordinated attack that resulted in stolen funds.
Dominik Schiener, co-founder of the IOTA Foundation, did not respond to request for comments before the press time. CoinDesk will add updates as the story develops.
(Note: This theft followed by IOTA hitting the kill switch happened only a few months after IOTA mainnet had 15 hours of downtime caused by a corrupt ledger state... Wait, what the hell kind of cryptocurrency has network-wide downtime? Bitcoin has no downtime, and certainly no corrupt ledger state.)
What bad news this is for a network that people are entrusting with their money:
- The minor point: One way or another, some people got their money stolen due to IOTAs snake oil security.
- The major point: IOTA has a kill switch! They can and do pause or suspend the whole network, via the peremptory fiat of someone who can turn off your money with the push of a button. Just like flipping a light switch. I actually do not even know of any other cryptocurrency, even horribly centralized ones, that can be shut down so easily as [pausing] the Coordinator.
(Archived)
Now, compare this fiasco and other known problems with IOTA to the dishonest claims in OP of IOTAs announcement thread (current snapshot):
Iotas blockchain solves the following problems of its blockchain cousin:
Centralization of control
As history shows, small miners form big groups to reduce variation of the reward. This leads to concentration of power (computational and political) in hands of few pool operators and gives them ability to apply wide spectrum of policies (filtering, postponing) on certain transactions. Although there are no known cases where pool operators abused their power, there have been several instances where the opportunity were present. This possibility in a monetary system powering a multibillion (in USD) industry is completely unacceptable.
Obsolete cryptography
Although large scale quantum computers do not exist yet, future oriented companies have already begun initiating the steps towards quantum-resistant cryptography. From a security point of view it makes perfect sense to assume that hardware capable of cracking classical cryptoalgorithms may appear in the very near future, so preparation is the only defense.
Centralization of control
As history shows, small miners form big groups to reduce variation of the reward. This leads to concentration of power (computational and political) in hands of few pool operators and gives them ability to apply wide spectrum of policies (filtering, postponing) on certain transactions. Although there are no known cases where pool operators abused their power, there have been several instances where the opportunity were present. This possibility in a monetary system powering a multibillion (in USD) industry is completely unacceptable.
Obsolete cryptography
Although large scale quantum computers do not exist yet, future oriented companies have already begun initiating the steps towards quantum-resistant cryptography. From a security point of view it makes perfect sense to assume that hardware capable of cracking classical cryptoalgorithms may appear in the very near future, so preparation is the only defense.
Let me get this straight: IOTA avoids centralization of control by having a centralized kill switch which can turn off your money at any timeand they use that kill switch when theft occurs because their way to avoid obsolete cryptography is to sell you a bug-ridden heap of snake oil that has had its homebrew crypto broken in the past, and apparently is overall insecure and buggy (whether or not this latest theft was caused by a break of their crypto).
SCAM
Because I am a techie, let me put this in terms of something that looks like maths and stuff:
IOTA = your money → 🗑️
The current IOTA disaster shows that honest technical experts on this forum, including myself, were justified long ago in giving a roundhouse kick to IOTAs snake oil security.
What do I mean by snake oil? Everybody who knows anything about practical cryptography knows well these warning signs:
https://www.schneier.com/crypto-gram/archives/1999/0215.html#snakeoil
Quote from: Bruce Schneier (CRYPTO-GRAM)
Snake Oil
The problem with bad security is that it looks just like good security. You can't tell the difference by looking at the finished product....
The term we use for bad cryptography products is "snake oil," which was the turn-of-the-century American term for quack medicine. It brings to mind traveling medicine shows, and hawkers selling their special magic elixir that would cure any ailment you could imagine.
[...]
Elsewhere I've talked about building strong security products, using tried-and-true mathematics, and generally being conservative. Here I want to talk about some of the common snake-oil warning signs, and how you can pre-judge products from their advertising claims. These warning signs are not foolproof, but they're pretty good.
Warning Sign #1: Pseudo-mathematical gobbledygook.
In the quote above, notice the "unique in-house developed incremental base shift algorithm." Does anyone have any idea what that means? Are there any academic papers that discuss this concept? Long noun chains don't automatically imply security.
[...]
Warning Sign #2: New mathematics.
Every couple of years, some mathematician looks over at cryptography, says something like, "oh, that's easy," and proceeds to create an encryption algorithm out of whatever he has been working on. Invariably it is lousy.
[...]
Warning Sign #3: Proprietary cryptography.
I promise not to start another tirade about the problems of proprietary cryptography. I just include it here as a warning sign.
[...]
Warning Sign #4: Extreme cluelessness.
Some companies make such weird claims that it's obvious that they don't understand the field.
[...]
Warning Sign #7: Unsubstantiated claims.
[...]
Other companies make claims about other algorithms that are "broken," without giving details. Or that public-key cryptography is useless. Don't believe any of this stuff. If the claim seems far-fetched, it probably is.
[...]
The problem with bad security is that it looks just like good security. You can't tell the difference by looking at the finished product....
The term we use for bad cryptography products is "snake oil," which was the turn-of-the-century American term for quack medicine. It brings to mind traveling medicine shows, and hawkers selling their special magic elixir that would cure any ailment you could imagine.
[...]
Elsewhere I've talked about building strong security products, using tried-and-true mathematics, and generally being conservative. Here I want to talk about some of the common snake-oil warning signs, and how you can pre-judge products from their advertising claims. These warning signs are not foolproof, but they're pretty good.
Warning Sign #1: Pseudo-mathematical gobbledygook.
In the quote above, notice the "unique in-house developed incremental base shift algorithm." Does anyone have any idea what that means? Are there any academic papers that discuss this concept? Long noun chains don't automatically imply security.
[...]
Warning Sign #2: New mathematics.
Every couple of years, some mathematician looks over at cryptography, says something like, "oh, that's easy," and proceeds to create an encryption algorithm out of whatever he has been working on. Invariably it is lousy.
[...]
Warning Sign #3: Proprietary cryptography.
I promise not to start another tirade about the problems of proprietary cryptography. I just include it here as a warning sign.
[...]
Warning Sign #4: Extreme cluelessness.
Some companies make such weird claims that it's obvious that they don't understand the field.
[...]
Warning Sign #7: Unsubstantiated claims.
[...]
Other companies make claims about other algorithms that are "broken," without giving details. Or that public-key cryptography is useless. Don't believe any of this stuff. If the claim seems far-fetched, it probably is.
[...]
I can stop at 5 of Schneiers warning signs without proceeding further, methinks.
I am not only calling IOTA insecure now. See what I said two years ago in a discussion with some of the smartest people in the Development & Technology forum, after IOTAs homebrew hash was cracked. All emphasis and boldface are hereby quoted as in my original posts.
Merited by achow101 (2), LoyceV (1)
The recent (and a really good) example of bad code here: http://www.tangleblog.com/wp-content/uploads/2018/02/letters.pdf
Quote
Dom, David and the rest of the IOTA team,
We have found serious cryptographic weaknesses in the cryptographic hash function
curl used by IOTA, curl. These weaknesses threaten the security of signatures
and PoW in IOTA as PoW and Signatures rely on curl to be pseudo random and collision
resistant.
...
We have found serious cryptographic weaknesses in the cryptographic hash function
curl used by IOTA, curl. These weaknesses threaten the security of signatures
and PoW in IOTA as PoW and Signatures rely on curl to be pseudo random and collision
resistant.
...
This is not bad code. It is DIY crypto. Worse, DIY crypto for a primitivea DIY hash! Worse still, DIY crypto by a corporate outfit which never showed any evidence of being inhabited by world-class cryptographersdespite their claim in a spin-job piece that the IOTA Foundation has already subcontracted a team of 5 world-class cryptographers, as well as 3 independent ones to come up with a final design of Curl and then start the long peer-reviewed process, as was always the plan. N.b. that even world-class cryptographers need their primitive designs to undergo extensive peer review before fielding them with Other Peoples Moneywhether its the final design, or otherwise!
One of the people who broke IOTA had some damning words for it, in Cryptographic vulnerabilities in IOTA:
Quote from: Neha Narula (2017-09-07)
You might think that IOTA, a cryptocurrency worth over a billion dollars, and working with organizations like Microsoft, University College London, Innogy, and Bosch, BNY Mellon, Cisco, and Foxconn (through the Trusted IOT Alliance) would not have fairly obvious vulnerabilities, but unfortunately, thats not the case. When we took a look at their system, we found a serious vulnerability and textbook insecure code.
In 2017, leaving your crypto algorithm vulnerable to differential cryptanalysis is a rookie mistake. It says that no one of any calibre analyzed their system, and that the odds that their fix makes the system secure is low, states Bruce Schneier, renowned security technologist, about IOTA when we shared our attack.
In 2017, leaving your crypto algorithm vulnerable to differential cryptanalysis is a rookie mistake. It says that no one of any calibre analyzed their system, and that the odds that their fix makes the system secure is low, states Bruce Schneier, renowned security technologist, about IOTA when we shared our attack.
Anybody who buys into such ill-conceived crypto-junk as IOTA deserves to lose their money, on grounds of foolishness.
Merited by TMAN (10), achow101 (2), LoyceV (1)
Bitcoin requires a new mindset. [...] If you get that, then you will pay careful attention to the quality of your code. Also, you will much respect Corebecause they get it, too. And if you dare to make your own currency, you will not start by designing your own hash function as IOTA did! That really wrecks any credibility they ever had.
As for the latter bolded part: I dont see amateur. I see PHB + NIH.
Come on. Were the big boys. Microsoft is involvedyou know, the company which does \ instead of / as a directory delimiter. For our billion-dollar cryptocurrency, we will do innovation! We dont just use a commercial off-the-shelf hash which everybody else has. We have our own hash! The boss says so.
I don't know precisely what happened with IOTA but I have read a little bit about it and I'm not sure why the currency continues to circulate given what I do know. I guess too many people had invested into it by that point, which is more a political reason for continuing to exist rather than anything based on technical merit or the capability of the system. I'm not sure why the IOTA people thought it was a good idea to throw in some untested cryptography, but that seems like a very amateur thing to do.
As for the latter bolded part: I dont see amateur. I see PHB + NIH.
Come on. Were the big boys. Microsoft is involvedyou know, the company which does \ instead of / as a directory delimiter. For our billion-dollar cryptocurrency, we will do innovation! We dont just use a commercial off-the-shelf hash which everybody else has. We have our own hash! The boss says so.
I hereby partly retract one statement that I made in the above quotes:
Anybody who buys into such ill-conceived crypto-junk as IOTA deserves to lose their money, on grounds of foolishness.
The word deserves was rhetorical hyperbole. Newbies and people who are not technical experts do not deserve to lose money on a billion-dollar scam, which they lack adequate knowledge properly to evaluate. Wherefore my new action against IOTA: People deserve to be warned, so that they do not unknowingly take the high risk of losing money that comes with investing in a cryptocurrency that uses snake oil crypto, has suffered thefts (due to apparently as-yet undisclosed insecurities), and has actually had its whole network shut down with a centralized kill switch. IOTA is a broken-by-design financial time bomb!
Disclosures: I have no financial position which could be in any way directly affected by IOTAs market price. Indeed, I flatly ignore >99% of the altcoin market. IOTA just keeps coming to my attention as a disaster by design. In 2018, it was their broken homebrew hash; now, it is their kill switch... I want to warn others so that people dont take a high risk of losing money by buying into a billion-dollar scam with snazzy marketing, big corporate backers, and abysmally insecure technology.