Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What value would a blockchain add here over a database?


A breach-monitoring service could act as a data washing service, sic.

Especially if privatized.

Blockchain is Very overrated, but it could be useful in keeping data "safe" where the temptation would exist to index or obscure results. Especially where data collection and censoring / disclosure has value to certain markets, i.e. Timed/rated or delayed disclosure, sic.

IDK, it's not impossible, but it's not my wheelhouse either.

I don't see any reuse or value to old databases and hashes being public, so it's missing that purpose to exist or be used/shared. Like a lot of blockchain is. It's not enough to exist, it has to be shared and kept alive. I suppose.

Still, If you look at the way AV and user security is handled, there are potential vectors to prevent or anticipate, especially if the process of disclosure is censored or segregated.

Perhaps also if they proactively lean towards purges or spontaneous negative actions, in order to obscure their intent or actual content / behavior.

HIBP relies on disclosure, and if it were woven into a typical service structure, there would be a temptation to "alleviate" the workload for customers, offering to "feed the beast" with positive results and competitive, defensive tactics against 3rd parties offering a similar product.

Which could segment the disclosure process, so that you would have multiple options, much the way that AV and Malware is handled.

And now you have the same failures as AV and Malware being segmented domains.

The probability of a corporation being incentivized to airbrush a 3rd party listing in a semi-corporate "index" or offering "alternatives" to anxious, very large corporations to disclosure or remediation. Especially if they deal with financial or legal data, or specific disclosure requirements.

And have problems with timely disclosure, or any disclosure.

Imagine if a clearing house for disclosure existed as a Symantec or Kaspersky "Subscription", with tiers of access and disclosure prevention for corporate members, wrapped up in a daily routine app, such as a 2FA/Password manager.

So that a disclosure would be made silently by the subscription service, without disclosing details, or the level of breach, etc. The accounts or corporations breached, would just have their entire client accounts auto-reset and the updated password would be applied to your password manager within a batch process without the user(s), the press, the security agencies, or the hacker(s) being notified.

That, instead of revealing the time period, the hashes of usernames & passwords, or the name of the user, or their IDs, it would just be rotated on a regular basis, and invisibly managed.

Its a concept with some value, ie "paranoid" security features as a service, to prevent or anticipate disaster, sic. But handled via a handshake type batch process of cycling password management.

But this also has potential for occlusion and obfuscation, especially in examples where the breach would be a crime, or need to be disclosed to federal/state/police agencies, etc.

Thankfully, most security policy would prevent this kind of amorphous takeover, but for small businesses and large businesses, having access security taken away and handled by 3rd parties, for convenience, is inevitable.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: