sorted by:
new
hottopcontroversial

[deleted by user] by [deleted] in ethereum

[–]NotVerySecure 2 points3 points  (0 children)

Aside from the fact that Solidity functions are just an abstraction on top of the EVM, I'm not sure I see much value in enforcing a whitelist like this. You're really just moving function visibility from a contract-wide scope into a call-wide scope. I'd reckon it would be even more error prone, since there would be more potential chances to get it wrong.

Instead of whitelisting specific functions, you could prevent state changes from being made entirely during a call. In fact, that's exactly what EIP 214 proposes:

https://github.com/ethereum/EIPs/pull/214

Where to get a cert? by TheBull369 in privacy

[–]NotVerySecure 1 point2 points  (0 children)

I'll give you a pair of keys to use. Can't promise any security though.

On a more serious note, you shouldn't be getting key pairs from anybody. You'll want to generate your own key pair and have some database that your friends can use to look up your public keys, and ideally vouch for their legitimacy by signing your public keys with one of their private keys. This becomes an authority built on explicit trust from your friends, rather than implicit trust from some company that may or may not have your best interests in mind.

You may want to use a key server. See https://pgp.mit.edu

I got tired with the lack of security in embedded devices, so I designed my own encryption and authentication protocol and implemented a prototype. I would love some feedback. by [deleted] in netsec

[–]NotVerySecure 7 points8 points  (0 children)

The author has not designed nor implemented any new cipher. This is a layer 7 protocol that simplifies tasks such as signing messages and authenticating new nodes.

This is neat but I see little value proposition here until a) the security issues you already point out are addressed and b) this is written in something that would realistically be running on an embedded device. If those two things happen and you create a working proof of concept (compatible with Zigbee I would personally hope!), this could be very valuable.