Is blockchain personal security or personal danger?
Is the blockchain safe for personal information? We are told that the blockchain is confidential, safe and generally cool. We sign and encrypt everything in it. But is everything really cool, like singing in the odes to the blockchain HYIP? And, if we put in the blockchain information that someone does not need to know, then where is the guarantee that the information is safe, that tomorrow our cipher will not be picked up and will not get access to it?
Even looking from a primitive point of view that IT is developing at an incredible pace, we can assume that what is safe today will be hacked tomorrow. You ask, what about now: we everywhere (in the IT infrastructure) use passwords for access, the more important (read more “secret”) information, the more difficult the password you can think of, so that it would be harder to pick up, and and digital signature - the top of the evolution of cryptography? And you will be ... wrong!))
First, do not forget that humanity regularly conquers more and more new peaks in various fields. And secondly, the blockchain in this matter is more vulnerable than the classic options:
These two factors: the immutability of the “password” and the unlimited possibility of its selection make all blockchain data extremely vulnerable (the only question is the resources necessary for their production).
If the information is held by third parties (responsible for its storage, such as banks, government structures, law offices, medical institutions, various registries, etc.) and is encrypted using the classical method, then, firstly, the information encryption methods will be updated in step over time, because each organization storing our personal (read “secret” data) is responsible before the law for their confidentiality (at least theoretically), and secondly the physical access to even an encrypted database of unauthorized persons will be difficult.
Confidentiality is the opposite in the blockchain. Sooner or later, your blockchain will be available to third parties and it is only a matter of time. It's like in cryptography - the encryption method will be available to everyone sooner or later, so it is important to keep the encryption key, which can be changed in case of compromise. And in the blockchain neither to delete information, nor to recode, there is never a technical possibility.
Imagine if your confidential information is worth certain material benefits for third parties? Now, these third parties can theoretically get it from the “information keepers” (the very guarantors), but the guarantors will be responsible for the leakage (reputational, legislative, material, etc.), and this is regulated (sorry) by the regulator (there will be problems with leakage of confidential data will be aggravated - responsibility and punishment will increase, detection of such cases will be intensified). It is difficult to buy, for example, tax data about your competitor (you need to find a person who has access to them, find an approach to this person and finally pay for his services). It is not only expensive, but also scary, because at any stage people in uniform may come to you and, legally, send to conquer Siberian expanses. And what will happen if you trust this information to the blockchain? Third parties need to buy a powerful computer, download a blockchain, and stupidly launch a key partition. The question is only time and money! You will achieve the same with much less effort and will not risk your head (even if by July of this year the law stipulates that “i-ay-hey - you can't break into someone else’s blockchains!” - what happens on your personal computer is disconnected from the network - no one will ever know!)
PS And for dessert: if we take note of Moore's law *, then when the blockchain comes into our lives, home computers will be able to pick up any keys for the information stored in the blockchains a number of years ago.
Ie, for example, information in the blockchain was preserved that you went to a doctor, and after 10 years any schoolchild will know about it without spending any resources, having picked up the password for this blockchain in 5 minutes at home computer (or after 20 years on the phone).
PPS I’m not at all against the blockchain technology, on the contrary, I consider it really a breakthrough technology! But we must understand that, like any technology, it has only its limited range of applications, it is necessary to understand its capabilities and its vulnerabilities, and it is impossible to shove it (excuse me, it is not possible to pick up another word)!
* Despite the fact that Moore announced in 2007 that the law would not be in effect soon due to atomic restrictions, the computing capacity is growing every year and will continue to grow, if only by increasing the number of processor cores in the technology .
Even looking from a primitive point of view that IT is developing at an incredible pace, we can assume that what is safe today will be hacked tomorrow. You ask, what about now: we everywhere (in the IT infrastructure) use passwords for access, the more important (read more “secret”) information, the more difficult the password you can think of, so that it would be harder to pick up, and and digital signature - the top of the evolution of cryptography? And you will be ... wrong!))
First, do not forget that humanity regularly conquers more and more new peaks in various fields. And secondly, the blockchain in this matter is more vulnerable than the classic options:
- The password in the blockchain (your private key or digital signature) is created once, i.e. at any compromise of it (you used it on the website-copy, it was pulled off by a trojan, or simply lit up somewhere) access to the data will be open forever. In any classical system, the password can always be replaced, moreover, where confidentiality is more important - the system itself obliges the owner to change passwords with a certain frequency!
- In the blockchain, the ability to select a password is not limited to the number of attempts and its selection is only a matter of time (in the classic IT version there is always a place for the guarantor, for example, a server (mail site, bank online, etc.). When the server sees that the user's password is chosen, he can take appropriate measures (withdraw the captcha or ask a secret question, simply block the account before finding out the reasons or require confirmation of ownership (for example, by phone, other mail, etc.))
These two factors: the immutability of the “password” and the unlimited possibility of its selection make all blockchain data extremely vulnerable (the only question is the resources necessary for their production).
If the information is held by third parties (responsible for its storage, such as banks, government structures, law offices, medical institutions, various registries, etc.) and is encrypted using the classical method, then, firstly, the information encryption methods will be updated in step over time, because each organization storing our personal (read “secret” data) is responsible before the law for their confidentiality (at least theoretically), and secondly the physical access to even an encrypted database of unauthorized persons will be difficult.
Confidentiality is the opposite in the blockchain. Sooner or later, your blockchain will be available to third parties and it is only a matter of time. It's like in cryptography - the encryption method will be available to everyone sooner or later, so it is important to keep the encryption key, which can be changed in case of compromise. And in the blockchain neither to delete information, nor to recode, there is never a technical possibility.
Imagine if your confidential information is worth certain material benefits for third parties? Now, these third parties can theoretically get it from the “information keepers” (the very guarantors), but the guarantors will be responsible for the leakage (reputational, legislative, material, etc.), and this is regulated (sorry) by the regulator (there will be problems with leakage of confidential data will be aggravated - responsibility and punishment will increase, detection of such cases will be intensified). It is difficult to buy, for example, tax data about your competitor (you need to find a person who has access to them, find an approach to this person and finally pay for his services). It is not only expensive, but also scary, because at any stage people in uniform may come to you and, legally, send to conquer Siberian expanses. And what will happen if you trust this information to the blockchain? Third parties need to buy a powerful computer, download a blockchain, and stupidly launch a key partition. The question is only time and money! You will achieve the same with much less effort and will not risk your head (even if by July of this year the law stipulates that “i-ay-hey - you can't break into someone else’s blockchains!” - what happens on your personal computer is disconnected from the network - no one will ever know!)
PS And for dessert: if we take note of Moore's law *, then when the blockchain comes into our lives, home computers will be able to pick up any keys for the information stored in the blockchains a number of years ago.
Ie, for example, information in the blockchain was preserved that you went to a doctor, and after 10 years any schoolchild will know about it without spending any resources, having picked up the password for this blockchain in 5 minutes at home computer (or after 20 years on the phone).
PPS I’m not at all against the blockchain technology, on the contrary, I consider it really a breakthrough technology! But we must understand that, like any technology, it has only its limited range of applications, it is necessary to understand its capabilities and its vulnerabilities, and it is impossible to shove it (excuse me, it is not possible to pick up another word)!
* Despite the fact that Moore announced in 2007 that the law would not be in effect soon due to atomic restrictions, the computing capacity is growing every year and will continue to grow, if only by increasing the number of processor cores in the technology .
Source: https://habr.com/ru/post/410009/