The “key” problem in cryptocurrency

All cryptocurrencies are eventually tied to a “private” key. You lose this key, and the funds are gone, forever. Millions worth of bitcoins have disappeared from the circulation due to lost keys. You can memorize the key by mapping it into passphrase consisting of memorizable words but if you forget that, like many others, the coins are unrecoverable. An alternative is to trust a centralized service like Coinbase, but then all the benefits of investing in a decentralized currency are gone. Lastly, one can use a hardware wallet, but again, if you lose the wallet, the key is lost. If you keep the key on your device, then a malware might target and try to steal it someday. Thus, even if you are bullish on cryptocurrencies, there are no good decentralized ways of holding a significant chunk of your net worth in cryptocurrencies.

The problems are compounded further by the fact that to a great extent, the key access is all or none. If you lose your key, you lose all the funds. If I got hold of your key, I could transfer 100 % of your funds, irrevocably. Compare this to your ATM debit card, if I get hold of it, along with your pin, there is only so much damage I can do before the ATM limit hits. Further, your credit card used on a malicious website can hit you with a limited amount of fraud before the fraud warnings block the card to prevent further loss of funds.

An ideal approach, hopefully, will consist of decentralized smart contracts comprised of multiple keys tied to the same passphrase with a different set of transfer limits. So that, if one forgets one word in the passphrase and cannot access 100% of the funds now but can access at most 1% funds every day and slowly drain out their account to a newer account. Some of these unlocking codes will be held at different places, some centralized services for custody and ease of use; some kept on the personal device for ease of use where even if they get stolen the damage is contained. A further addition could be a beneficiary account where the funds would be transferred to in case the account lays dormant for a certain period.

Is HTTPS secure?

We all use HTTPS and vaguely understands it as a more secure form of communication. This article is aimed at better understanding of HTTPS and how secure it is.
Read More

BlackBerry Controversy in India

Indian Govt. has asked RIM (maker of BlackBerry smart phone) to provide access to the data going through its servers for intelligence purposes and it appears that BlackBerry has accepted the demands. Due to the lack of understanding of encryption on the part of Indian media, misleading and ambiguous reports have been published on the same. This blog post is an effort to clarify the same.
Read More