Open ultratidepod opened 4 years ago
.----------------------------------------------------.
| |
| _ .-"-. .-"-. .--. _ _ _ ____ |
| ,'` | | ._ `.| ._ \| / ,' '\| | _ .' ) | _|_|__
_|_ / /| | | | \ '| | \ | ; / ., || || || ; | |_(]___`\
/___[)' | | | | '-`/ | '-`/| | / /_| || || | \ `\| '(]____ '
| ____[) '-' | | |-' | .-' | |/ || `' | ; | |"(]___ |
; ___[)| .-. | | | | | | '-./`| || | / /| |__(]_ /
\ _[) |_| \_' '_| ._| '---' '--'`.__.'(_,' |_____||-`
`-| |
'----------------------------------------------------'
\ ' /|// /|/\,>7/|\>/\ \ / ,'
\ '; |/|; | .--. .--. \ | / ,'
' | |\| / '__________' || ,-' ,'
| | .-' [ \"" /: "/ ]'.,' /
'. '| | `-' \-' | | ,'
| .'.__.' | | '._' /
| `\|| \ / | .`
| || `--' | /
| \\__ __ | '
'. `===(__)`.__.' ; |
| \ \ /| |
.| \ `._ ,' | |
| . `-.__,-' ; .
| \ ,\_/\ / '
| `..' |\\ `-' _.-\ \
,'._ | :`. .-` \ ;
| ` | ' \ \ __,-' \|
/ | \ \ \ ||
`-._ | '-' \ _,'|
`--. : | `'` ,/
`--._ '.__; _/
``-.___..___....----'"`
That is some remarkable work, @ultratidepod ! Well done and thanks for the invaluable contribution to strengthening the protocol.
We’ll soon be posting a public analysis of this first phase of the H4X initiative including your findings and other contributions made throughout it. We’ll also be releasing a new version of the Protocol on the H4X site along with a new bounty to spice things up! In the meantime, we wanted to address some of your input and provide some relevant context on the broader vision and mission for the community.
The first H4X system released is not the final Tide Protocol. It is merely the first public PoC implementation of the authentication– specifically, a showcase for the splintering mechanism. It’s important to note that the Protocol has been in research and development for the past 2 years and there’s significant work (and rigorous testing!) to come, before it’s commercially ready. As a PoC, we intentionally exposed as much as possible to ensure that community focus was on the authentication component.
It is also worth mentioning that shortly after we launched H4X, we were already working on issues we identified or that others reported, as well as improvements and expansion requests to be added. However, we didn’t apply those updates on the public H4X system since it would have been unfair to our bounty participants. The only changes made to the H4X system was the continuous, intentional reduction of security – such as turning the throttling mechanism off and elevating privileges to API users to have access to the encrypted data. We wanted the focus on the core elements of the protocol, rather than protection of the Vendor’s site – where we’d rather assume a worst-case scenario.
Another critically important piece of context is the initial focus on securing against mass server-side database attacks (e.g. a malicious or compromised ORK operator) – as those have the potential to yield the greatest scope of damage. That’s not to say that the Tide Protocol doesn’t address individual account attack vectors, only that those were not the primary focus of the Splintering mechanism nor for the first iteration of the H4X campaign.
One special mention we’d like to pay homage to was your remarkable discovery of the false shares tell-tale using an input overflow. Stating “This hinges on the ORKs leaking zero information about which fragment is the correct one” is spot on and if we had one and one purpose only in the H4X campaign, it would be to identify leaks like that. That single contribution made all our efforts on the initiative worthwhile and we’re grateful to you for reporting it! Particularly as the bounty was simply there for the taking and there was no obligation on anyone’s part to provide such a professional and in-depth report.
When embarking on a decentralized approach to overcome the flaws of centralized environments, there’s both new opportunities and challenges presented. Those new challenges require new approaches, where existing methods are proving inadequate. Together with the community, that’s where our efforts are focused, with a view to creating infrastructure that addresses the commercial needs of organizations we entrust our sensitive data and our (individual) sovereignty rights. To that point, the comparison of the relative system security to “a traditional user/pass salted DB setup” only holds true if trust in the entity who’s managing the environment is assumed. We take the baseline decentralized premise that assumes the salted DB in a centralized environment is, at the very least, to be regarded as potentially malicious, if not already entirely compromised by virtue of the need for trust. In saying that, the next generation of our authentication scheme is now geared to supersede the security of even a trusted centralized salted DB – and we’ll be putting our money on that on the next H4X iteration!
As mentioned, we’re preparing a more detailed public analysis of all the feedback and planned next steps. Appreciate the brilliant contribution and hope you stay involved!