How safe is GnuCash?

Buddha Buck blaisepascal at gmail.com
Fri Jan 13 07:52:31 EST 2017 

>
> Does any piece of software do what the original post is asking?  It
> may not be gnucash, but computing in general.  Some word processors
> have "roll back", some CAD programs can save the last 10 or 50
> changes, and wiki's by their nature show, keep and revert to changes
> in versions.
>

BitCoin, but that also shows how difficult it is to get the security
desired.

In BitCoin, each block of transactions includes a reference to a previous
block of transactions, and each block is identified by a hash of its
contents. As such, each block's hash is directly dependent on the contents
of all the blocks to date. This is the "block chain". You can verify the
validity of any particular block by (a) verifying that it internally meets
the rules for a valid block, (b) verifying that the transactions in that
block are valid, and (c) verifying that it links back to a valid block. You
can validate the entire block-chain by validating every block.

The trade-off is that the block chain, and all the transactions in it, is
public knowledge. It depends on multiple, independent, people validating
transactions and blocks, growing the block-chain semi-independently. This
leads to multiple block-chains in the wild, but the rule is that the
longest block-chain is "the real one", and shorter ones are discarded. It's
not secure if only one entity is doing the majority of the block generation
-- they can, in theory, change the past and regenerate the block chain up
to "now" fast enough that the new, altered block chain is the longest, and
is therefore "real". In order for a BitCoin-style blockchain to work, the
blocks can't be fully under control of a single entity; there must be
independent validation.

One thing which could work, for an in-house block-chain, is to publish to
an independent party the signatures of the blocks as they are added to the
chain. The contents won't be there, but an auditor can verify that the
block-chain is valid and hasn't been altered since the last published block
signature.




> Gordon
>
>

More information about the gnucash-user mailing list