Questions tagged [security]
For questions relating to the security of IoTA and how to mitigate these issues or avoid them altogether.
92 questions
4
votes
1
answer
144
views
How is a Seed stored in an IOTA wallet?
How is a Seed stored in an IOTA wallet? Can I gain my Seed back if I lose it?
- 477
1
vote
2
answers
237
views
Trinity Helper (Renderer)
Previously, I have had no problem opening Trinity on my Mac and after providing my password, it opened correctly. I updated after the recent closure and again, all was satisfactory. I have not used ...
- 11
0
votes
1
answer
59
views
Is it secure to enter your seed in a browser form to publish data to IOTA Tangle?
I am trying to publish my data on IOTA Tangle using MAM. For this, I have designed a web form where I have to enter my seed and press the publish button. The actual data is fetched from firebase ...
- 91
1
vote
1
answer
34
views
How is Tangle Quantum Immune? [duplicate]
I was going through the iota tangle documentation and features and found one of the feature mentioned as Quantum Immune , so basically looking for resources to understand the quantum immune property ...
- 111
1
vote
2
answers
109
views
Sending data as input in IOTA
I am Muhammad, working with my way to use IOTA to fetch data from IDS/IPS. IOTA uses 2 transactions as input if I am not wrong. I want to send data of IDS to IOTA. I am using Grafana and mysql to ...
1
vote
1
answer
126
views
Why does Iota try to roll its own crypto?
Having just come upon IOTA, I am struck by the combination of bold vision and something that looks like a definite no-no.
First of all, the IoT is the absolute dream come true for eavesdropping and a ...
user3515
3
votes
1
answer
81
views
How secure is storing IOTA in Ledger Nano S?
Is storing IOTA in Ledger Nano S completely secure?
I am asking because IOTA doesn't use elliptic-curve cryptography.
Does storing and using IOTA in Ledger Nano S may make it easier for an attacker ...
- 131
1
vote
0
answers
37
views
How do I keep IOTA secure? [closed]
I am setting up a website where users buy and sell IOTA with USD. I've gotten some general safety tips about keeping your seed secure but I wanted to know what I could do to be safe from hackers, ...
- 11
1
vote
1
answer
68
views
Coordicide: Would using public key encryption as a mechanism for node identity impact Iota's quantum resistance?
per the white paper
In order to identify nodes, it is necessary to introduce global node
identities. Tothis end, we envision using common public key
cryptography to sign certain dataand to ...
- 41
1
vote
1
answer
58
views
Cracking seed with list of addresses and indexes
I have an open source offline airgapped encrypted device for signing transactions.
Seeds are stored on this device.
Signed transactions are passed to an online machine as a parade of qr-codes for ...
- 205
2
votes
1
answer
57
views
Does Broadcasting a Bundle on Both MainNet and TestNet Facilitate Brute Forcing the Seed?
I have made an open source airgapped device for signing bundles offline.
A main purpose is to address the possiblity that the components we use to make our devices are already compromised before ...
- 205
2
votes
1
answer
173
views
Sybil attack with IOTA?
The solutions to attacks proposed by IOTA white paper seems unclear, in particular, in case of double-spending, it remains unclear what stops a computationally powerful adversary from conducting a ...
- 552
3
votes
0
answers
113
views
Is MAM encrypted message has perfect secrecy?
Here I am referring to MAM in restricted mode, where side key is used to encrypt the message.
One time pad is known for perfect secrecy. Since MAM uses the one-time pad, is MAM encrypted message has ...
- 263
2
votes
0
answers
32
views
what happen if we are in an untrusted network [closed]
I am discovering Iota and I am trying to find out if I it can be applied to securely send command between iot device, being 100% sure the command has been received. My concern is about the network, ...
- 21
3
votes
1
answer
99
views
Adress reuse with zero value transactions
If I send multiple zero value transactions from address A, containing several messages to broker a deal, is it safe to (re)use that address later on for a payment (to settle the deal)?
- 251
3
votes
1
answer
133
views
How does the IOTA Foundation determine if a spend is a typo or a real spend?
According to Come-From-Beyond in the emails send to DCI:
The Coordinator is used as an extra protection measure. Particularly,
it stores all transactions that reach it, this allows us to recover
...
user1543
-1
votes
1
answer
48
views
What is the absolute minimum cumulative weight that a transaction must have to be considered confirmed by a vendor?
I assume that referencing a Milestone is not sufficient for a vendor (exchange). That is, they must be making sure that both a Milestone is referenced AND that some time or cumulative weight threshold ...
user1543
0
votes
0
answers
60
views
If the coordinator were to be identified or located, what attacks could be carried out against it?
The coordinator is currently vital to the operation of the Iota network. There are both security (leaking the seed used to generate milestones) and availability (it must be able to issue milestones) ...
- 305
2
votes
0
answers
110
views
Can the coordinator be found or identified?
The coordinator is currently vital to the operation of the Iota network. There are both security (leaking the seed used to generate milestones) and availability (it must be able to issue milestones) ...
- 305
1
vote
1
answer
126
views
What could an adversary do with the seed of the coordinator?
The coordinator issues milestones that the Iota network use as a root of trust when validating transactions. These milestones are signed, which in turn means that keys exist for signing the milestones....
- 305
2
votes
2
answers
50
views
Are inbound/outbound Iota connections encrypted?
If I am running a full node, what can an adversary determine from sniffing the traffic to and from my node, or is it all encrypted?
- 305
2
votes
0
answers
70
views
How is the secrecy of the Iota seed maintained on IoT devices?
Iota is intended to be deployed on IoT devices.
A problem with IoT devices is that they are placed in insecure locations, allowing attackers to gain physical access and perform advance/prolonged ...
- 305
2
votes
1
answer
111
views
When can a transaction be considered irreversable? (without COO)
In an interesting exchange between Come-From-Beyond (CFB) and a Nxt developer, the question is asked:
DEV. So when can a transaction be considered irreversable?
CFB. Never, look at formula #14 in ...
user1543
2
votes
2
answers
284
views
As per "The Stability and the Security of the Tangle", how will IOTA ensure that all honest nodes are continuously using their hashing power?
As per the recently released The Stability and the Security of the Tangle, a 2018 ICUBE - University of Strasbourg "study of the stability and the security of the distributed data structure at ...
user1543
2
votes
3
answers
140
views
What happens if we generate a "seed" that already exists?
According to this answer,
"our seed is as the combined username and password that grants access
to our bank account. If anyone obtains our seed, they can login and
access our funds."
Despite ...
- 552
2
votes
0
answers
101
views
How to compute the % of network computing power the attacker hold?
It is known generally that Tangle is susceptible to 34% attack(of total computing power) that gives a 100% successful attack. The example given on page 19 of white paper says that an upper limit to ...
- 150
1
vote
1
answer
56
views
Can a bundle be 3 transactions for security level 1?
A bundle has 4 transactions:
The output; address and amount of IOTA recipient gets.
The input; address, and amount of IOTA sender gives, and half of their signature.
The other half of the sender's ...
- 809
6
votes
1
answer
534
views
What prevents someone from using a Precomputed POW Spam Attack against the network?
What prevents someone from using a Precomputed POW Spam Attack against the network?
A theoretical attack could use pre-made transactions to be released before their network expiry dates.
Rounds of ...
user1543
2
votes
2
answers
190
views
How to send a sidekey securely to the subscriber for my channel
Sending the sideKey and channel-id is important for new subscribers to read my stream. How can I securely transmit them over the network? Shouldn´t be the key exchange algorithm also quantum proof?
- 121
3
votes
1
answer
1k
views
IOTA Winternitz Signature Scheme Details
IOTA uses Winternitz one time signature scheme (W-OTS). Page no 45
W-OTS uses one-way function f and cryptographic hash function g.
W-OTS selects parameter w > = 2, which is number of bits to be ...
- 263
-2
votes
1
answer
67
views
Is it really safe? [duplicate]
How likely is it that someone will discover my seed? either by brute force or by trying to generate a new one.
2
votes
0
answers
55
views
Security implications of storing seed on Trezor password manager
I'm wondering about using Trezor password manager to store an IOTA seed and whether there are any security implications I should be aware of?
Many thanks!
8
votes
1
answer
210
views
How is address reuse prevented in the current wallet implementation?
When trying to send to a foreign address, I got the following error recently:
How does my wallet know, that this address has already been used for sending? It's quite an old address, so I assume I don'...
- 321
4
votes
1
answer
89
views
Are there any security considerations regarding running full node?
I have been thinking about setting up a dedicated full node to support the Iota network.
In this case would be running some variant of Linux on a dedicated server that would at least meet the ...
- 143
5
votes
1
answer
129
views
On average, what % of my private key is compromised on the first address re-use, and what exponential effect does it have on security?
Each time we use an address, 50% of your private key is revealed at random.
When 50% of the private key is revealed, a computer would have to do 2^256 computations to crack it, similar to the SHA-...
- 3,135
4
votes
1
answer
104
views
Is this an official source of the IOTA wallet?
https://github.com/iotaledger/wallet/releases/tag/v2.5.7
Is this release from iota
I have got v2.5.6 before I download just wanted to make sure this is right wallet and it’s not a scam
Thanks
- 127
5
votes
1
answer
342
views
How to send data payload and funds in a secure/immutable way?
For me, one of the main use cases for IOTA regarding IOT was to be able to send data and funds in an atomic, immutable way.
E.g. sending a bundle including parameters, transferred in the ...
- 1,468
7
votes
2
answers
892
views
Can one send a zero value transaction from any address to any address?
Since zero value transactions do not require a signature, I assume one can send 0 value tx from any address, even if he does not own the corresponding seed.
Is this assumption correct?
- 1,468
6
votes
2
answers
351
views
Exchange Winternitz one-time signatures
Are there any Winternitz alternatives out there which on the one hand make quantum computer attacks hard and on the other hand don't mess with the ability to reuse an address? Or are these properties ...
10
votes
1
answer
993
views
Why is the normalized hash considered insecure when containing the char 'M'
Looking at the code of the iota.lib.js' bundle creation mechanism, a normalized hash is computed and then checked for inclusion of 13 /* = M */. If one is found, the obsoleteTag is incremented, and ...
- 1,468
3
votes
0
answers
122
views
Iota donation address and security [duplicate]
I see more and more content creators publishing an IOTA address for getting donations. How does that relate to the security advice not use an address for more than one transaction?
- 131
6
votes
1
answer
855
views
How does Curl-P's copy protection feature work?
I've read in a few articles that the Curl-P hashing function was designed with known practical collisions, intended as a "copy protection" feature.
I'm still having trouble wrapping my head around ...
- 1,320
4
votes
2
answers
673
views
How to get iota out of an address that has already been used twice?
Is it possible to get IOTAs safely out of an address from which two or more transactions were made already? With safely I mean that there is no chance to get hacked if the third or later transaction ...
- 175
3
votes
2
answers
119
views
crypto documentation for iota?
Is there a documentation about the crypto-primitives and the crypto protocols, that are used by iota and how they are implemented?
And if so, where ;-)
- 415
5
votes
0
answers
250
views
MAM message encryption
According to the documentation message encryption is done in following way
Each message is encrypted with a one-time pad that consists of the channel ID and the index of the key used to sign the ...
- 263
3
votes
1
answer
199
views
Roadmap: How to avoid address reuse with automatic snapshots?
It is well known that an address that was used to send IOTA (i.e. a transaction was signed with that addresses private key) should not be used a second time because security weakens exponentially with ...
- 39
7
votes
1
answer
805
views
Do I Have to Change My Seed after Multiple Transactions?
Is it recommended to change the seed and transfer the funds after creating a higher, specific amount of Receive addresses and doing multiple (20+), completed transactions (no double-spending of course)...
- 115
2
votes
5
answers
442
views
Seed generator best and safe? [duplicate]
Which is the best seed generator and is there an official one
Thanks
- 127
3
votes
1
answer
224
views
Mechanism used to Claim at risk addresses
What Mechanism was used to Claim the at risk addresses? (from the September and October events) How Is it possible to move anothers address into an amalgamated foundation address?
- 173
7
votes
2
answers
358
views
Address re-use and snapshot
If an address was used more than once to spend, as was the case in the September claim, are addresses that were weakened for violating the Winternitz, One Time Signiture architecture of the tangle, ...
- 173