Cryptographic vulnerabilities in IOTA
Neha Narula
6K58

Disclosure: I’m an advisor to IOTA.
Neha — I applaud you for taking a serious look at an emerging technology and trying to find where it could have flaws, communicating that to the development team, and seeking to make it better.

However, I have to say that, in this era of ‘fake news,’ it’s very dangerous to have a title that implies there are vulnerabilities. It makes for good click bait, but as you point out in your post, they don’t exist anymore, which leads to an intra-post contradiction that, one might say, potentially undermines your credibility and calls your motives into question.

And while I’m not a lawyer, I wonder if one could argue that your article is actually libelous)? Per the definition, you made a knowingly false statement (as you have pointed out yourself in the body of the article). Furthermore, it’s not inconceivable that your post is causing materially damage (in terms of the token value) to IOTA. At a minimum, I think it deserves a retraction/apology…not for the effort to find the security flaws (that was great), but for how it was presented and now disseminated.

Now, I don’t think you are out to destroy IOTA or the team.

I think you have genuine concern for the evolution of the decentralized space. To that end, I’d like to propose that you modify the title (though damage has already been done to IOTA’s reputation) to reflect the fact that the vulnerabilities have been fixed and there are no known vulnerabilities.

If you want to say something like “Lessons learned/best practices about crypto-security while looking at IOTA’s crypto algorithm,” that might be better. It is less aggressive and more focused on the health of the eco-system.

I think it’s also worth noting that, from what you are saying, the IOTA team responded quickly and patched the issue. AS for disagreement, they are certainly entitled to it, but they showed their objectivity in fixing what was clearly an issue…I would think that is worth some note.

We’re all at the beginning of this journey and, I think, we all believe in the power of decentralization, so it’s preferable to focus on building and collaborating.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.