You are viewing a single comment's thread from:

RE: How @supercomputing was able to dominate the mining queue and how the bug was fixed.

in #steem8 years ago

Notice that by getting rid of the user-choice of the private key, the mining account's active private key is no longer necessary to find a PoW

Did we opened the floodgates for botnets?

Sort:  

I don't think so, because smart botnet operators weren't really at risk in the previous system either. All they needed to do was make sure their active miner accounts only held Steem Power and no liquid funds (i.e. no STEEM and no SD). Then exposing their active keys to their victim's computers is not really a risk. They could have changed it back at any time using their owner key, which they would not have to expose to their victim's computers.

In short, nothing has really changed for botnet operators.

I tried to think of various solutions to a new mining algorithm that could significantly deter botnets, but wasn't able to come up with anything that didn't also seriously weaken the security of legitimate users' accounts.

No because the hasher could at least take some of the reward and even have evidence of an account linked to the hack. Generous robinhood hacker could use my account name to ruin my reputation.

I personally i think the algorithm should not care about the source of the compute power , much like it doesn't really care about the posts content , users do , but not the code