writes "Researchers studying Bitcoin have determined that the level of anonymity of the cryptocurrency is low and that using Bitcoin over Tor provides an opportunity for a Man-in-the-Middle attack against Bitcoin users. (I must confess, at this point, that I can certainly see anonymity limitations helping expose what machine is linked to what Bitcoin ID, putting users at risk of exposure, but I don't see how this is a function of Tor, as the paper implies.)
It would seem worthwhile to examine both the Tor and Bitcoin protocols to establish if there is an actual threat there, as it must surely apply to any semi-anonymous protocol over Tor and Bitcoin has limited value as a cryptocurrency if all transactions have to be carried out in plain sight.
What are the opinions of other Slashdottians on this announcement? Should we be working on an entirely new cryptocurrency system? Is this a problem with Tor? Is this a case of the Scarlett Fish (aka: a red herring) or something to take seriously?"Link to Original Source
writes "Identity-based public key encryption works on the idea of using something well-known (like an e-mail address) as the public key and having a private key generator do some wibbly-wobbly timey-wimey stuff to generate a secure private key out if it. A private key I can understand, secure is another matter.
In fact, the paper notes that security has been a big hastle in IBE-type encryption, as has revocation of keys. The authors claim, however, that they have accomplished both. Which implies the public key can't be an arbitrary string like an e-mail, since presumably you would still want messages going to said e-mail address, otherwise why bother revoking when you could just change address?
Anyways, this is not the only cool new crypto concept in town, but it is certainly one of the most intriguing as it would be a very simple platform for building mostly-transparent encryption into typical consumer apps. If it works as advertised.
I present it to Slashdot readers, to engender discussion on the method, RIBE in general and whether (in light of what's known) default strong encryption for everything is something users should just get whether they like it or not."Link to Original Source