Brute force / dictionary attack the username/password
ok, so despite all ork servers, etc, ultimately the security comes down to strength of user's password, correct? Because with that, the private key becomes assembled (somehow).
So in a real world scenario, phishing attacks, keylogging, etc would apply. yes?
re brute force attack: do you limit the number of failed login attempts and/or notify user of such?
This sounds very interesting. Can you elaborate on that? What did you mean by "every user record modification could contain the private key"?
I just meant that if you were to simulate user logins/actions in order to make the contest more "real" and dynamic then each time a user creates or updates a record, it could contain the same 1BTC private key (as opposed to my previous suggestion of splitting the 1BTC into lots of pieces, ie divided between users). no big deal.