Polygon’s chief information security officer Mudit Gupta took to the stage today at the Ethereum Community Conference (EthCC) to talk about the differences between theoretical security and practical security in the crypto space.
The EthCC event, conducted in Paris, saw the executive of the L2 scaling solution lay out the pros and cons of private or mnemonic keys. While these keys offer many advantages for security, they also pose tricky practical issues.
When it comes to theoretical security, the space is “running so fast”, Gupta said. However, when it comes to practical security, the executive believes the space to be “so far behind”.
He then explained how private keys are more difficult to keep safe than passwords. A single mistake would compromise everything as these mnemonic keys can be changed if they get leaked. They are therefore just a “one-time thing”, making the safety of private keys quite a problem.
As a result, lost keys have already cost the loss of billions of dollars. Due to the continued lack of proper security, Gupta thinks that much more is at risk. “There are billions of dollars in the wallets of users that are incorrectly secured,” said the executive.
Nobody can access another person’s fund if they don’t know their private key. While Gupta noted that private keys are theoretically 100% secure, he also recognised the practical problems that could come up.
“What if you die for some reason? How can your loved ones access your funds? So that’s a tough problem to solve. Then, there is the key rotation problem. What if, for whatever reason, your key is compromised?” he explained.
Working in the security field, Gupta also talked about the challenges one has to face being a defender in the crypto world. They don’t have an easy time compared to the attackers, like hackers and exploiters.
He further said: “As a defender, you have to cover every single point. If you leave any hole, someone will get in. As an attacker, it’s easier. You just ignore the secure system. You find a way around. You just have to find one way to break in, and that’s it.”
The Ethereum Community Conference (EthCC) is the largest annual European Ethereum event focused on technology and community. The four intense days of conferences, networking and learning featured many prominent speakers from the industry. They covered different subjects and addressed different levels of comprehension of the blockchain technology, through conferences and workshops.