4月17日,比特币圈子出现了一条消息受到比特币玩家们的关注,一个名叫 Large Bitcoin Collider的众包组织称,他们通过暴力破解,成功打开了部分比特币钱包。虽然他们没能找到多少比特币,但这一举动也让比特币的安全性受到质疑。
On April 17, a story in the Bitcoin circle came to the attention of Bitcoin players, a crowd group called Large Bitcoin Collider, who claimed that they had successfully opened some bitcoin wallets through violent cracks. Although they could not find much bitcoin, this move also called Bitcoin’s security into question.
保存着价值750万美元的比特币硬盘进了垃圾场
2013年的11月,比特币还不是那么火爆的时候(比特币诞生于2009年),英国的一个叫豪厄尔斯的年轻小伙儿,用自己的笔记本运行一周“挖”到了7500个比特币,这在当时,价值750万美元!当然,比特币在当时,相对而言是很好挖的,在今年,除非你有很高级的设备才有机会挖到比特币。(大家看看2016年年底关于比特币挖矿的新闻就可以知道,那是相当耗费硬件和电力的一项“挖矿”技术。)
In November 2013, Bitcoin was not so hot (bitcoin was born in 2009), a young British fellow named Howells ran a week “ dig ” reached 7,500 bitcoins, which were worth $7.5 million at the time. Bitcoins were, of course, relatively well dug at the time, and this year unless you had access to highly sophisticated equipment. (See the news of Bitcoin mining at the end of 2016, which is a & ldquao; mining & rdquao; technology).
不过,这位小伙儿因为换电脑的缘故,不得不把原来的硬盘拆下来保存,但因为在整理抽屉时的一次失误,他把这块硬盘丢到进了垃圾篓,最后进了垃圾场……750万美元就这么没了。有人说,不对啊,我们换手机,没说手机银行的钱就没有了啊?依然在银行啊。
But this guy had to take the original hard drive down and save it because of the change of computers, but because of a mistake in cleaning the drawers, he threw it into the garbage dump & Hellip; & Hellip; $7.5 million. People say, no, we change the phone, we don't have the money for the mobile bank. Still in the bank.
是的,我们的钱当然不会因为换了手机而受到影响,除非你的网银账号密码被黑掉了。而在比特币的世界里,硬盘之所以那么重要,是因为硬盘保存着比特币拥有者的账户私钥。
Yes, of course, our money will not be affected by a change of cell phone unless your Internet-based silver account code is hacked. In the world of Bitcoin, hard drives are so important because the hard drive holds the private key to the account of the Bitcoin owner.
因此,电脑硬盘丢了,你的钱还会在银行安稳地躺着,但存在里边的比特币就从此和你说拜拜了。
So, your computer hard drive is missing, and your money is still in the bank, but the bitcoin that's inside is here to say goodbye.
比特币的安全更新成本比银行高
Bitcoin's security upgrade cost is higher than banker's
比特币现有的安全设计主要是使用了sha-256、secp256k1。目前来看,我们有理由承认这些加密算法是安全的。因为我们的银行、金融机构包括美国国家安全局也都在用这种算法。
Bitcoin’s current security design is mainly based on the use of sha-256, secp256k1. For now, we have reason to admit that these encryption algorithms are safe. This is also used by our banks, financial institutions, including the US National Security Agency.
不过,这里需要强调的是,银行之所以是银行,是因为它自身是一个中心化的机构,有一个中心化的系统,如果银行的系统需要修正或者更新,或者修补漏洞,一个整体升级就可以解决了。但是,比特币是去中心化的,他要修正起来十分费劲,而且几乎不可能进行大修大补。基于这一点,笔者很为比特币在未来的信息安全大战中的防护表现担忧。
Here, however, it should be emphasized that banks are banks because they are a central institution, with a central system that can be addressed if the banking system needs to be modified or updated, or the loopholes fixed. But, because Bitcoin is decentralised, he has to be hard to fix, and it is almost impossible to make major repairs. On this basis, I am very worried about Bitcoin’s protection during the future Information Security War.
因此,如果你是个比特币的持有者,就务必要小心保护好自己的硬盘,硬盘里的账户私钥是唯一可以证明这笔钱属于你的印鉴。
So if you're a Bitcoin holder, be careful to protect your own hard drive, the private key to the account in the hard drive is the only way to prove that the money belongs to you.
技术高手们都知道,从技术上讲,只是把文件删除甚至格式化硬盘,都无法保证你的数据安全,而“物理消灭法”才是最根本的解决手段。
As technologists know, technically speaking, simply removing documents, or even formatting hard disks, does not guarantee your data security, and & & & & & & & & & & & & & & & & & physical elimination are the most fundamental solutions.
因此,如果你是一个比特币玩家,那么你在更换电脑的时候,就必须得对自己的旧电脑下死手了,你得想办法把原来电脑的硬盘彻底砸烂或者烧掉,最后扔到河里喂鱼(鱼肯定是不会吃的,但一定会沉到淤泥里腐朽掉)。如果你不小心让别人拿到了这块硬盘,那么,呵呵,这笔钱就不再属于你了。
So, if you're a bitcoin player, you're going to have to kill your old computer when you change it, and you're going to have to find a way to smash or burn the original computer's hard drive and then feed the fish to the river. If you let someone else get the hard drive, that money doesn't belong to you anymore.
更重要的是,千万不要把比特币的私钥保存或者发布到什么各种云、邮箱、网络收藏里。因为,如果有网络管理员有点点坏心,写一个正则表达式(简称“正则表”,又称规则表达式,计算机科学的一个概念。通常被用来检索、替换那些符合某个模式、规则的文本。)就能把这些东西都找到,然后这笔钱也不会再是你的了。
More importantly, don't save Bitcoin's private keys or publish them in some kind of cloud, mailbox, web collection. Because, if there's a network administrator with a bit of bad heart, write a regular expression (&ldquao; regular & rdquao; also known as rule expression, a concept of computer science.
比特币交易网站自身就存在安全隐患
Bitcoin trading site itself has security concerns
有玩家会说,不会啊,我就不挖矿,不用纠结硬盘的事儿,只要找个靠谱的交易平台就可以了。其实,严格意义上说,现在所有的比特币交易网站,都是不安全的。他们只承担道德责任,从法律上讲,他们可以任意的把你帐户的钱转移走,并可以让你无法追查。
Some players would say, "No, I don't dig, I don't have to do hard drives, just find a solid trading platform. In fact, strictly speaking, all bitcoin trading sites are unsafe. They only have moral responsibility. Legally, they can move your account money at will, and they can make it impossible for you to trace it.
2015年,香港比特币交易平台名为Mycoin忽然关闭,带来的直接影响是,有近3000名投资者随时可能血本无归,涉及金额高达30亿元港元左右,关闭之后,平台被媒体报道称,怀疑该平台有传销性质。所以,比特币虽然号称是通过区块链技术来实现的解决信任的一种“虚拟币”。但实际上,比特币在交易买卖的诸多环节都肯能存在漏洞。
In 2015, Hong Kong’s Bitcoin trading platform, known as Mycoin, was suddenly closed, with the direct effect that close to 3,000 investors could lose their lives at any moment, amounting to about HK$3 billion. After closing, the platform was reported in the media as being suspected of being marketable. So, even though Bitcoin is known as a & ldquo; virtual & rdquo; and, in practice, Bitcoin can be flawed in many aspects of the trade.
这里,笔者举个自己亲身经历的了例子吧。之前因为参加某个活动,免费获得国内某比特币交易平台(原谅我这次不能耿直地说出它的名字)的部分比特币,笔者饶有兴致地在上面做了部分操作,但仅仅一周之后,再上去看,你发现自己的账户上什么都没有了,这就是坑。当然了,人家说这是体验币,就是我自己在平台上玩玩儿就行,不必当真,而且现在比特币被玩家们炒得这么贵了。
Here, let me give an example of my own experience. Before I took part in an event, I got a bitcoin part of the country's Bitcoin trading platform for free (forgive me that I can't say its name frankly this time), and I did some of it, but just a week later, I went up and saw it, and you found nothing on your account, that's the pit. Of course, they say it's the currency of experience, and I'm just playing on the platform, so don't take it seriously, and now it's so expensive for the players.
而且之前不少平台因为被黑客攻击,导致大量比特币被盗,这也带来技术平台信任被大打折扣的问题。一个典型的例子是,2014年,世界最大规模的比特币交易所运营商Mt.Gox于2月28日宣布,因交易平台的85万个比特币被盗一空,公司向日本东京地方法院申请破产保护。
A typical example is Mt. Gox, the world’s largest Bitcoin exchange operator, who announced on February 28, 2014 that the company had applied for bankruptcy protection in Japan’s Tokyo District Court for the theft of 850,000 bitcoins from trading platforms.
去中心化不能解决一切信任问题 也无法彻底断绝安全问题
It's not going to solve any trust problems, it's not going to shut down any security problems.
我们在技术领域,没有人会一直是绝对权威,因为,就技术更新而言,没有怀疑,就很难有大突破和进步。区块链技术,去中心化特性并不是解决信任问题的绝对神器。
None of us in the technical field will ever be absolute authority, because, in terms of technological renewal, without doubt, it is difficult to make breakthroughs and advances. Block chain technology, decentralizing characteristics, is not the absolute myth of trust.
在比特币这种非中心化的系统中,这些环节中任意一个被攻破,对于整个体系来说都是崩溃式的。以往,我们的信息安全领域迷恋md5的加密技术,曾一度认为md5绝对是牛逼的密码技术。但它偏偏被山东大学的王晓云老师给攻破了,一时间大家感觉网上的大多数东西都在没羞没臊地裸奔着。
In a non-centralized system like Bitcoin, any of these links are broken, and they are collapsing for the system as a whole. In the past, our information security field was obsessed with md5 encryption technology, which used to be thought of as a powerful cryptography.
因此,我们可以设想一下,如果比特币生成的secp256k1被攻破,那就相当于破解者拿到了所有人的比特币账号和密码,更让人头疼的是他们还不能挂失,所有的比特币就全都归破解者持有了。所以,我们不要说比特币私钥无法破解,量子计算机破解比特币私钥只是产业化的时间问题。况且前文提到的破解比特币钱包的,还没有用到量子计算呢。
So we can imagine that if the bitcoin-generated secp256k1 were broken, it would be equivalent to the cracker having all the bitcoin numbers and passwords, and it would be more painful if they were not dead and all the bitcoins were held by the crackers. So let's not say that bitcoin's private keys cannot be broken, and the quantum computer's cracking the bitcoin's private keys is just a matter of time before they are industrialized.
总结:区块链技术很好,但别太沉迷技术!除了能洗钱,很难被监管之外,去中心化的比特币并不比银行账户安全。不服来辩?
Summing up: The block chain is very good, but don't be too obsessive about it. Decentralized bitcoins are no safer than bank accounts, except for money laundering.
微信订阅号 听茶看雪(tea_snow) 授权中国电子银行网发布。
micro-mail subscription to listen to tea_snow (Tea_snow) to authorize distribution on the Chinese e-banking network.
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
发表评论