“…you rushed to the press with a preprint, as per your last communication with Sergey just an hour ago there is still a ton of unresolved issues. What kind of academic rushes to the press before peer review?”
" These emails seem to lay to rest the vulnerability, and it appears as though the problem surfaced from a textbook understanding of traditional cryptography that attempted to exploit a vulnerability that doesn’t exist under IOTA’s unconventional Tangle technology."
I mean, it all smells of a smear campaign against IOTA. I'm glad they're getting some publicity about this BS.
Christian Richardson
DCI is utter bullshit and I hope they get held accountable. Everyone should read the email leaks to find out how these lying snakes behave.
Andrew Brown
Instead of obsessing on the severity of the bug ask yourself this: why did they chose to invent their own crypto in the first place? Something is fishy about the whole project.
Nicholas Jones
The article seems biased towards IOTA.
the email exchange contained code and advanced thinking results, not something that is conductive to an "hour on slack". The academic knew what IOTA devs are and that it will end in a silenttly poisonous narcissistic venom - this IOTA devs are famous for.
>attack is based on a wrong assumption about IOTA signing scheme. >IOTA hashing functions are surely special enough that regular hashing function security rules don't apply. >Narcissistic inability of admitting to being wrong, instead nitpicking as a form of defense.
>IOTA devs make direct statements about the system being correct, not proving it is correct. >typical narcissistic deception on ones own grandiosity.
IOTA = shit
nope
Jace Richardson
Even though DCI did not release code to prove a vulnerability, Iota replaced the CurlP hash function with Keccak. They hired Cybercrypt in November to review CurlP. Read the leaked emails and make up your mind.
Josiah Johnson
They're dwelling on an irrelevant exploit. Does not affect IOTA. End of story.
What are they supposed to be admitting, exactly?
Nathaniel Reed
IOTA is snake oil.
The idea is flawed. It does not stop Sybils nor double spends... but do waste your time on it if that makes you happy.
Caleb Sullivan
if it does not stop double spends, then why aren't you rich yet?
Easton Kelly
The author in your screenshot apparently has done zero research. Security has been discussed quite a bit.
Again, it stems from a fundamental misunderstanding of the technology.
From Nov 2017: "MAM - Since these messages are part of the distributed ledger, they both contribute to the security of the network by increasing total hashing power and benefit from the data integrity properties of the network as other transactions continue to indirectly reference them."
Asher Hall
Which makes it even more fishy. Switch to Keccak proves that:
(1) the IOTA team does not believe that Curl is secure, because they would not replace it,
(2) if Curl can be replaced with a peer-reviewed hash, why waste time developing it in the first place?
There is precisely one situation when such behavior would make sense: if Curl was intentionally backdoored.
Another problem. IOTA is for embedded systems. I'm an embedded system engineer, and all this shit is written in C, sometimes C++. IOTA is written in Java. That makes no sense.
Liam Rivera
Java is used in IoT.
And besides that, are you trying to say there's no interoperability between Java and C++ architecture? Come on man.
Isaac Butler
Interoperability is not costless. far from it.
Ryder Hughes
Yet it happens all the time.
Nathan Hill
And most of the time it is costless. All depends on the software/firmware being used.
Aiden Davis
One word: NRF52. Now DYOR.
Ethan Collins
That's what nobody seems to be able to answer. alllllllll these supposed problems with it. why haven't you gotten rich yet?
Rigado seems to be able to use Java SDK's with nRF52 SC's.
Maybe you're just not a very good engineer?
Brody Campbell
Or maybe start dev'ing in an Azure IOT environment. Supports Java just fine, along with a multitude of other things.
Elijah Wilson
Image attached. Java used for embedded systems is on the rise, and currently accounts for 12.9% or more of ES out there. Not to mention that a large portion of that 80% are Windows embedded, and will support Java modules running on it.
Is this the backbone of all IOT devices? How does it make Java less resource hungry than c/c++.
Asher Reed
Whats the story there? Is it just a sales pitch?
Caleb Hughes
I don't get it. What did DCI do wrong? They showed them the vulnerability. They changed the hash function. They released their report.
CFB is clearly a retard. He wants to keep trolling along the conversation so they never had a chance to release their work to the public.
Andrew Taylor
Switching to Keccak doesn't prove shit other than "better safe than sorry".
Mason Martinez
>They showed them the vulnerability. Only, they didn't...
Connor Miller
I agree that only without the COO, will iota be taken serious as a decentralized censorship resistant crypto project.
Brandon Martin
Nope. Rigado supports Java on the edge router, but not on NRF52.
Very briefly: IoT market will chose the cheapest thing which can run IPv6 wireless mesh networking. We are talking $5 per chip or below. This is the domain of NRF52, CC25xx and Thread OS. The market is already moving in that direction. And the entire stack is written in C. So that's one thing.
Second problem is: these systems are very low power, so they don't have always-on connectivity. Why? Because radio receiver on NRF52 consumes 13mA. So you literally power up, do whatever you want to do, send your data, wait some milliseconds for acknowledgement and power down immediately. Now get this: the Tangle, to work, requires an always-on connection, as the node must listen for neighbor's transaction. That's an absolute killer. We are talking about applications such as door locks, where you are supposed to run on the same battery for years.
Third problem. Per-transaction POW. As I said, These devices are energy limited. That means they can invest very little energy into PoW... let's say something like 0.3W. Now, a desktop PC is 300W, so that's 1000x more, which means, that one PC can easily spam the network with 1000x the amount of signatures any legitimate client can make. This means double-spending at will.
So, there. To work, IOTA requires the exact three things that embedded devices do not have.
Caleb Walker
The PoW can be outsourced to nodes
Jonathan White
> The PoW can be outsourced to nodes
So why not just use Bitcoin Cash? Or Ripple? Stellar?
Kayden Rodriguez
This part of the ledger is still more decentralized. In iota, 1tx bundle confirms 2 previous txs = a block more or less. You cannot mine your own blocks on either bch, xrp, lum. Iota is also shooting for the moon with trinary logic gates on silicon (Jinn).
Leo Jackson
> trinary logic gates on silicon (Jinn).
And that IOTA chip is going to cost how much? I've seen an argument over putting $0.25 op-amp in a $100 product. Because over 1 million pieces, that $0.25 adds up to real money.
Matthew Hughes
I recommend the interview between Ivan on Tech and David Sonstebo. Dno when in the video exactly, but he talks about the plan for trinary on silicon and open sourcing the design, and that it is supposed to be really minimal cost. youtube.com/watch?v=GwhJQ67zxbg
Colton Flores
It's clear that very few people here understand the problems in designing an embedded device.I am with you on this anything that is iot coin must be implemented in c for it to be successful.
Austin Powell
Dominick just said they are in talks with central banks, as well as companies like Bosch and VW
Joseph Martinez
where did you hear central banks? link to interview?
Angel Martinez
they never showed proof they communicate to other parties besides IOTA that IOTA had a vulnerability they still haven't communicated with IOTA
Angel Morales
it's nothing buddy, go all in on link >IOTA has no future
Gavin Martin
> trinary on silicon and open sourcing the design
Jesus, just more evidence these people are deluded. So I now have to convince my chip vendor to integrate his shit at silicon level? Does he even realize how much money he is talking?
Jackson Morris
>never showed proof
Then what were all those collisions? They even forged a signature on a transaction they made without the private key.