Author: Troy Benjegerdes 2014-08-09 19:39:54
Published on: 2014-08-09T19:39:54+00:00
In a 2014 email exchange, Mike Hearn discussed the security of SSL and certificate validation in relation to Bitcoin mining. SSL is considered essential for financial services, but Hearn suggests that SSL may not be the best cryptographic solution for Bitcoin mining. Turning on SSL could give pool operators a way to hack miners, and there are far better mechanisms that could be implemented using ECDSA keys to authenticate both miners and pools. However, there is currently zero economic incentive to do so, and as long as the cost of man-in-the-middle fraud is lower than the engineering cost to implement real cryptography and code audits, we will continue to see security patches every few months. Hearn provides a link to a Symantec blog post discussing OpenSSL patches for critical vulnerabilities two months after Heartbleed.
Updated on: 2023-06-09T01:59:30.789740+00:00