This is one of those scary things with a cryptocurrency based society that I worry about. We want decentralisation (supposedly), but this is one of the benefits of centralisation where I can speak to and very my identify with someone with authority to access my funds should I happen to lose my password/key. Bank's provide this protection.
Perhaps I'm ignorant of other aspects/solutions. But this is my take with being solely responsible for access to my own funds.
I don't see how a "cryptocurrency based society" would actually work, but key management is not really the issue? You can give a copy of your key to a "bank" to hold (or even let them generate and keep it for you), use shamir's secret sharing schemes to split it for redundancy, etc. In a society where cryptocurrency was of any actual relevance, services and tools would be widely available to assist, just like you need to interface with and learn about banks today. Plenty of people in the world are still unbanked and even from those that are I would assume plenty "prefer to store cash in their mattresses".
Involving a third party in key management like a bank is entirely antithetical to the principles espoused in the white paper. Trustlessness is all or noting, and once you trust someone you are just doing what we do now but far less efficiently. A classically envisioned crypto society requires individual custody, or to borrow a turn of phrase “not your keys not your coins.”
Most people are unbanked not because banks don’t exist for them but because they don’t have money to put into an account. In the US online banks like Ally or Schwab are way better for folks who are legitimately unbanked than a crypto wallet - esp one they are unlikely to properly custody. Postal banking is an approach that has been historically hugely successful too.
Outside the US honestly I don’t know how folks wouldn’t be better served with for instance access to an account at circle.com vs USDC.
People not having money is a social problem that deserves a meaningful social solution - not digital magic beans.
> Trustlessness is all or noting, and once you trust someone you are just doing what we do now but far less efficiently.
Not true at all, as the GP explicitly mentions Shamir's secret sharing:
> Shamir's secret sharing (SSS) is an efficient secret sharing algorithm for distributing private information (the "secret") among a group so that the secret cannot be revealed unless a quorum of the group acts together to pool their knowledge. To achieve this, the secret is mathematically divided into parts (the "shares") from which the secret can be reassembled only when a sufficient number of shares are combined.
So you can trust various persons / entities such that m out of n need to come together before the secret is revealed. And each person doesn't need to have just one share out of n: if you trust one person more that you can give them two (or more) shares out of the n.
Bitcoin's trustlessness is not affected by people choosing to store their keys with a centralized entity; although the same can't be said about PoS coins. It's all about giving people the option to choose their preferred method of interacting with it, each with its own pros and cons.
Technically, "I forgot the key" access is not a difficult problem to solve. And because of they have digital contracts as part of their DNA, crypto currencies provide all the tools you need to solve it even without things like Bitwarden.
You are right about there being no "banks" in one aspect though. While there are any number of solutions out there to the crypto-currency key problem and some will do a better job than a bank, there is no easy and low risk way to find the solution that works for you. Certainly nothing remotely as easy and low risk as "walk into any USA bank and open an account". The real magic of a conventional bank is not all the protections in place (who hasn't been screwed over by a bank or credit card company at some point?), it is that it is a "well understand, everybody knows about it" convention.
> This is one of those scary things with a cryptocurrency based society that I worry about.
No, not really. It is the same kind of story as people putting all their money in a bag in a chimney to find out their family decided to finally lighten the mood by making a fire in long unused fireplace. It is an actual story about my neighbour when I was a kid.
People have been doing stupid things with money for thousands of years.
You can store crypto safely. It is essentially the same problem as storing encrypted backups. It has been solved.
As much as I hate cryptocurrency, I would actually be more at peace having lots of crypto than lots of stock on my account (if not for the fact that crypto is just a scam).
It’s like we have made laws/rules in society to prevent/solve a litany of edge cases when it comes to money. It has problems for sure, but crypto would just hard reset all that without even thinking about the consequences.
In happy magic future society, the community may decide to mint 232 billion ghost satoshis as a tribute, and they would accrue value out of sentimentality or whatever.
Something to keep in mind when talking to people about these ideas, they’re usually paired with some “apes together strong” kind of magnanimous idealism, where the community/market would come up with solutions.
How is this different than cash though? You need to be responsible with it or you'll lose it. No different than if he kept $232M in cash, buried it somewhere and forgot where.
When we don't want to be responsible with cash, we give it to a bank. Same with BTC.
Nor should they. That's an insecure, single point of failure to have all your cash stolen. Same with storing $232M in BTC on a single HDD. Of course, at the time it wasn't worth anything near that and he wasn't concerned. The point is, BTC should be treated as cash. If you can't handle it yourself, you give it to someone else to secure for you.
Some of these encrypted hard drive devices are weirdly secure.
However, I can't see any harm in offering a bug bounty of 1/4th of the stash, putting up the model and serial number of the drive, and seeing who can crack it the fastest.
I think you’d probably need a team that could clone the drive first and then you could do your attempts. From what I understand, that’s difficult here because of the encrypted flash drive he used (tho obviously not impossible).
I’m sure someone like Cellebrite or the other agencies that have done iPhone hacking could do something like this — or at least figure out how to clone the drive to do multiple attempts at getting into it - but I don’t know how many places would do it on someone’s word that the crypto is there.
Like, yeah, for 25%, I bet you could find people who could get it done. But I don’t know how many of those people who would undertake that work on a promise. What if it’s like Al Capone’s vault [1] and turns up empty?
IIRC this device was actually secure due to being developed/audited for use by the NSA as well as plebs, so it's not as simple as cloning something then doing unlimited attempts.
Yeah, it’s weird the guy hasn’t reached out to someone like Joe. Instead he just keeps sharing the story with the press, but like, you need to be going to white and black hat hackers and security professionals.
I understand why it isn’t in Kingston’s interest to try to help him out, but if I had that much money trapped on something, I think I would do everything I could to actually free it, including paying people to look for vulnerabilities in the drive and reverse engineer. Getting those people to take me at my word might be tough, but I would do everything I could to release $200m in a wallet.
Edited to add, it's also against the HN guidelines:
"Throwaway accounts are ok for sensitive information, but please don't create accounts routinely. HN is a community—users should have an identity that others can relate to."
What's interesting here that even if Kingston would be able to help, it might not worth for them to do it because of their reputation (and $13B revenue)
Reading between the lines I think he has some sort of weird ass hardware coin wallet/high security encrypted flash drive that has some anti tamper smarts. I think the journalist used the word encrypted wrong here:
>Thomas has just two attempts left to guess the password before it's encrypted and lost forever.
I suspect they meant the drive would wipe itself after another attempt.
You could attempt to pull the controller chip and decap to extract the secondary key which would allow you unlimited attempts
Offer someone 10% of the $200 million to find a zero day for it. That creepy Israeli company makes cracks for secure enclaves for lower prices than that, and for much newer security hardware.
If nothing else find a university with an election microscope and give some CS students a project of reading the key bits directly.
Enclaves keep out petty thieves, not determined attackers with unlimited physical access. Chapter 1 of cybersecurity is no hardware can protect against that.
It just isn't believable that you can have a storage drive sitting in front of you which contains both encrypted data and the decryption key (or at least the password-encrypted decryption key) and yet not be able to access the data.
what's the point of storing a wallet on a self encrypting device that can "self destruct" vs just storing the data encrypted on a normal storage device? It seems its cutting off your nose to spite your face to an extent.
Easy scenario, someone DoS you by causing the device to self destruct thereby you losing large amounts of money.
Perhaps I'm ignorant of other aspects/solutions. But this is my take with being solely responsible for access to my own funds.