Crypto Security Is Flawed

We all worry about identity theft. It is a real problem, but unless you are careless it is unlikely. The problem is the amount of careless you need is much less than it once was.

At one time, unless you left your banking information, your cheque book and a sample of your signature in a biker bar, the chances were pretty good, you would be safe. Today, a 12-year old using available technology could scoop up your bank password and credentials when you use an insecure network.

How security works.

The idea behind security is to make the cost to break in more than the value of what is inside. If you want to store a million dollars in a safe, it should be heavier, more complex, and hence more expensive than one that stores $1,000. You’ve seen bank vaults. Fort Knox is harder again.

At the same time, someone authorized must be able to access it easily. Not an easy balance of principles.

There are three factors involved.

  1. What you know – password for example. the longer the better.
  2. What you have – like a bank card
  3. What you are – like a fingerprint or iris scan.

One of them would be a little secure, a combination of two better, and all three quite good.

How digital security works.

Digital security uses passwords more complicated than the one you type in, although you may not be aware of them.

Two decades ago, I and others attempted to create a usable high security email system. It used Blowfish which was an algorithm that encrypted the message before transfer. At the time it was quite strong and it would have taken millenia for a super-computer of the day to break it. Digital security is usually in the form of bit count. Today banks use 256 bit security which means for any character there are two to the power 256 ways it could be encrypted. 2^256 is a fairly large number. It is a little more than 1 followed by 77 zeroes. A computer that could process 100 trillion tests per second would take 1 followed by 63 zeroes seconds to get the message. There are only 32 followed by 6 zeroes seconds in a year. So forever practically.

This kind of security is based on a key like idea. The key is two part, the public and private. Only someone with the private key can open the message. It uses the idea of factoring the combination of gigantic prime numbers.

But that’s using current computer technology. Thirty years ago 40 bit security, 12 zeroes, was enough because computers were less capable.

Cryptocurrency security

Crypto relies on two factors to work. The transaction must be visible and the authorizing signature must be impossible to duplicate. Despite how powerful conventional key-type algorithms may be, crypto doesn’t use them. They use another idea based on solving elliptic equations. Elliptic Curve Digital Signature Algorithm or ECDSA. ECDSA can provide the same security as bank security with a much shorter key. That improves the speed of a transaction.

As computers become more capable they will be able to break the encryption in real time and for banks that will be a problem. For crypto using a different method, not so much. They can just make the password much longer and increase the time it would take to crack. The transaction time might not change much because the computers are all faster on that side too.

But, what if?

What if computers became near infinitely fast at this kind of work? Like quantum computers may prove to be.

Quantum computing hasn’t hit the mainstream yet and it may not for some time. It promises very fast processing because quantum things are not like the things we deal with every day. They will solve problems differently than our experience tolerates.

As an example, suppose you are in a building with 1,000 offices and you leave your briefcase in one of them. You don’t know which. How would you find it? By visiting each office one after the other. If it happened an infinite number of times, on average you would visit 500 offices before finding it. That’s how conventional computers would find a password. Brute force. Look at everything until something¬† works.

A quantum computer would look at all thousand offices at once and “collapse the wave function” on the one that held the briefcase. Quicker right? For a thousand offices, equivalent to a 3-character password, not such an insurmountable problem. BUT, what if there were 10^77 offices. Conventional computing still takes forever, quantum computers will be still nearly instant.

How good is your password security now?

The future

Quantum computers may never reach this level of sophistication, but they will vastly outcompete our idea of a supercomputer today. Security using passwords, or even keycards and passwords combined, will be functionally useless.

As it exists now, your Bitcoin wallet will be about as safe as a paper bag with currency in it left on the bar.

The takeaway

Your digital security, if unchanged, diminishes in effectiveness every day.  It would be smart to know how quantum computers are evolving and how their encryption systems are advancing in sophistication. Maybe you can protect yourself for a while. Protecting forever seems a stretch goal.

Someday you might want to exchange your cryptocurrency for gold coins and hide them somewhere in Algonquin Park. For the record, Algonquin Park is a 1,900,000 acre parcel where there are more 4-year-old bears than people, even on the busiest day. The chance of someone accidently finding your horde would be immeasurably small.

Hiding your gold might not matter. How will you find it again. Drawing a map doesn’t seem very smart, GPS co-ordinates either. Maybe you could remember the co-ordinates using What3Words. Human frailty is such that hiding anything is not attractive. If it is secure from others, it’s likely secureu from you too. I have been known to put something in a safe place and effectively remove it from my life. I will certainly be unknown to your heirs.

Crypto is not as safe as you think and neither is any other digital money or access to money. You should be concerned but not worried yet. Pay attention, someday you should worry. And that will help. I had an outstandingly worried relative who told me, “Worrying works. Everything I worry about never happens.”

Risk is what’s left over after you think you’ve thought of everything.” Carl Richards

Be smart and cautious.


I help people have more retirement income and larger, more liquid estates.

Call in Canada 705-927-4770, or email don@moneyfyi.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: