2·
25 days ago“Where are they getting money to pay for sponsorships and what are their motivations”
AtHeartEngineer
Aspiring polymath. Applied R&D @ Privacy and Scaling Explorations #maker #Ethereum🦇🔊🐼🐍🟨🦀 Trying to make the internet better. Opinions are my own and subject to change
- 0 Posts
- 7 Comments
Joined 2 years ago
Cake day: June 20th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Just some background on the cryptography going on:
Its a hash of a fingerprint of your iris that isn’t used for access, it’s used for Sybil resistance, which is a bit different. You wouldn’t use this to prove you are eligible to vote, only that you haven’t voted already for a specific election.
Under the hood, the iris scanning ball thing is just adding you to a membership registry. When you actually go to use your membership, you are generating a semaphore proof, which is a zero knowledge proof that you are in the registry with some nullification output so you can only participate in certain events some number of times (like voting once). You wouldn’t use this by itself to prove that you are eligible to vote.
Generating secret keys from public data (iris)
These aren’t exactly secret keys, but, yes, I agree. Also the Minority Report vibes weird me out.
They use a grounded faraday cage around it. Video on it where he touched on that https://youtu.be/fyai_kUYhLs
That just would allow a malicious attacker to fake being the server, it doesn’t actually compromise the TLS session. So you are talking about a much more sophisticated multi stage attack that needs to be actively executed. This wouldn’t at all allow them to record traffic and decrypt later.
The certs authenticate that you are talking to the real server, the symmetric session keys that are usually derived from a diffie helman key exchange have nothing to do with certs. That’s two separate (but connected) parts of the transaction to build a TLS session.
I work in cryptography, and I guarantee if that’s true “some person you know who worked in government security” would not tell you if they did know, or they are pulling shit out of their ass. There have been so many people that have looked at or worked on SSL/TLS implementations (including some of my coworkers), any vulnerabilities would have to be pretty subtle or clever, and that would be kept highly classified. Quit making shit up or repeating bullshit you heard.
I have, if you are nice it goes fine
Being for profit as a legal entity doesn’t necessarily mean they will exploit every angle they can to make a profit. When a company has to answer to shareholders, like when they go public or sell private share to raise capital, that’s when it becomes a real issue. It really depends on their bylaws and who’s running the organization otherwise.