Comment on US Government Almost Kills Critical Cybersecurity Database
giacomo@lemm.ee 6 days agoThat works too, but who controls the servers, and how is the authority handled? Backing up the data is one thing, and that can be easily done I believe. But what about for future advisories? They are published via one of the authoritative servers and synced to the other authoritative servers? How is that information verified to ensure bad actors aren’t publishing bullshit information?
I don’t think blockchain is necessarily the answer. The whole thing can just be done with signing keys, yeah?
I know everyone hates on blockchain, but I think its kinda neat and would like to see some cool applications with it one day.
echodot@feddit.uk 6 days ago
That’s an easy problem to solve you just hash the database. Blockchain is good at solving the problem when you don’t have a reliable Central authority but if you do have a reliable Central authority there’s no point adding blockchain to it.
And we already have the reliable central authority, we have the original database.
valkyrieangela@lemmy.blahaj.zone 6 days ago
Doesn’t block chaining a massive database like this also open the doors for bad actors to insert BS entries to the chain, or making illegitimate copies of the chain and redistributing them as a “genuine” copy? My understanding is that the chain may be genuine but the human readable data attached to it could be falsified, so it may be unique but it would be useless or malicious.
echodot@feddit.uk 6 days ago
Exactly, blockchain technology doesn’t do anything to prevent people from just straight up lying. I’ve heard people suggest that blockchain could be used to create a distributed Wikipedia, and somehow it would be immune to trolls because “blockchain”.
Also blockchain is susceptible to something called a 51% attack, where if you can compromise more than half of all of the nodes then the illegitimate version becomes the trusted version over the legitimate version, without ever having to compromise the original version, (because 51% of the vote is 100% of the control). The only reason that doesn’t really happen with cryptocurrencies is that there are so many people who use cryptocurrencies that the numbers required to pull off at 51% attack would be unachievable even for a nation state.
However I can’t believe that this database would be anywhere near that distributed so a committed actor could very well achieve a 51% attack.
It’s not as if other nation states don’t maintain their own versions of this anyway (it would be stupid to trust the United States exclusively even if it weren’t for Trump), as do a lot of the cyber security companies. So it’s not really a problem anyway.