Trail of Bits says that it only takes four entities to disrupt Bitcoin and only two to disrupt Ethereum. Additionally, 60% of all Bitcoin traffic moves through just three ISPs.
Nodes not being updated is irrelevent. When you run a full node, if a vulnerable node communicates bad blocks to you, they get ignored because the chain with the most work is the one that gets accepted.
Mining pool passwords are for submitting blocks to the pool. Maybe this can be used to steal a miners Bitcoin? But can't see how it could be used to forge bad blocks or select for empty blocks or anything worthwhile as an attack. Maybe log into everyone's accounts and change everyone's passwords so no one can submit blocks while you get a 51% attack off? File that under shit that only works once though.
This is based on the Trail of Bits report. Here's a counter to the report if anyone is interested: https://www.swanbitcoin.com/fact-check-darpa-funded-report-on-blockchain-centralization
Yup! Thank you for sharing that. There's also a post, here on SN, with it:
Fact Check: DARPA Funded Report on Blockchain Centralization
#38531
https://www.swanbitcoin.com/fact-check-darpa-funded-report-on-blockchain-centralization/
Funny that they never mention how much of the internet relies on how few ISPs when they talk about other critical infrastructure
...such as the electrical grids, tap water and sewer plants, parts of the military, VoIP for the police, the whole traditional banking industry.....
yes really they have found internet vulnerabilities which are also bitcoin and every other internet infrastructure vulnerabilities
https://www.businessinsider.com/akamai-dominates-internet-infrastructure-2014-2?op=1
It's worse than you think.
These are some of the findings other than whats been mentioned already
Nodes not being updated is irrelevent. When you run a full node, if a vulnerable node communicates bad blocks to you, they get ignored because the chain with the most work is the one that gets accepted.
Mining pool passwords are for submitting blocks to the pool. Maybe this can be used to steal a miners Bitcoin? But can't see how it could be used to forge bad blocks or select for empty blocks or anything worthwhile as an attack. Maybe log into everyone's accounts and change everyone's passwords so no one can submit blocks while you get a 51% attack off? File that under shit that only works once though.
Btw. are we just going to ignore that Pentagon is doing bitcoin security research? :) Thanks!
i believe it was DARPA specifically who commissioned the report
"Pentagon", yes. Apparently they're not qualified to do it themselves. Too many metals and badges dragging them down
BIP 324 adds p2p encryption: https://bip324.com/
This is the same Pentagon that just had a gaping hole in the side of its building?
just had?
Now this is interesting as fork. This is gonna be on my mind for a looooong time.