Basic long-term security musings

MilanMilan San Diego, CAMember Posts: 46
I was thinking last night about the simple trust fund contract I've read about a bunch of times. Something like:

Once the beneficiary is old enough, send them $x per month.

I would assume you'd have to program their public key or address into the contract? What if it gets compromised? Does the contract then pay the wrong person forever? Otherwise, someone would have to be able to change who gets paid. In that case, what if they or that ability is compromised?

Has anyone thought through how to secure such a contract, without opening up new vulnerabilities in the process?

How do you ensure that the right person gets paid properly for decades? I know it's early days, but how do you think this will shake out?

Comments

  • mlacortemlacorte Los AngelesMember Posts: 27 ✭✭
    Off the top of my head, I'd think that you could include what is essentially a "forgot your password" form. Upon creation of a contract, you'd run a password through an expensive hashing algorithm like Scrypt. You'd then store the hash inside the contract along with an Ethereum based equivalent of the hashing function you used. Anyone could then make a "Lost your key?" request by sending the password, their public key, and the hash of a new password of their choosing. Ethereum would then validate the password by running the password through the stored hash function and comparing the results. If it's a match, it would then update the the contract to use the new password hash and public key.
Sign In or Register to comment.