Search content
Sort by
Showing 20 of 21 results by btyako
Re: Cracking the passwords: Don't blame the MtGox, USERS ARE STUPID
i'm sorry but not storing passwords without decent salts as well as decent hashes is the fault of mtgox.
getting access to a database that isn't salted is like hitting a goldmine because of the fact that so many people use the same passwords (iloveyou, password etc) when you get access to an unsalted hash user databaseit would look like this (sort by password, or whatever they call their password column):
8e6c488d2eb01fc691470ceb3a6f700c
8e6c488d2eb01fc691470ceb3a6f700c
8e6c488d2eb01fc691470ceb3a6f700c
746dd6c349cb2e97923be477e8d96423
746dd6c349cb2e97923be477e8d96423
(insert tons of other random md5's)
since they aren't salted you instantly see that there are multiple passwords that have the exact same hash (and therefore the exact same password) so if you crack one of them, you've cracked all of them..
with salted hashes you have a random salt combined with the hash up there to create a new salted hash, which generally means that every 'password' that a person who has access to the database sees is 100% unique (since each user gets a random salt and that salt is added to their password to create a salted password)
so if for example you have a database of 100,000 users all salted and hashed passwords, no 2 passwords will be cracked at the exact same time, it would take more time to crack a decent amount of passwords unlike with what happened to a bunch of mtgox accounts (which they admitted were there, but claim they are older accounts and their passwords are salted and hashed properly)
not only that but not requiring more advanced passwords is the fault of the site, not of the user.
getting access to a database that isn't salted is like hitting a goldmine because of the fact that so many people use the same passwords (iloveyou, password etc) when you get access to an unsalted hash user databaseit would look like this (sort by password, or whatever they call their password column):
8e6c488d2eb01fc691470ceb3a6f700c
8e6c488d2eb01fc691470ceb3a6f700c
8e6c488d2eb01fc691470ceb3a6f700c
746dd6c349cb2e97923be477e8d96423
746dd6c349cb2e97923be477e8d96423
(insert tons of other random md5's)
since they aren't salted you instantly see that there are multiple passwords that have the exact same hash (and therefore the exact same password) so if you crack one of them, you've cracked all of them..
with salted hashes you have a random salt combined with the hash up there to create a new salted hash, which generally means that every 'password' that a person who has access to the database sees is 100% unique (since each user gets a random salt and that salt is added to their password to create a salted password)
so if for example you have a database of 100,000 users all salted and hashed passwords, no 2 passwords will be cracked at the exact same time, it would take more time to crack a decent amount of passwords unlike with what happened to a bunch of mtgox accounts (which they admitted were there, but claim they are older accounts and their passwords are salted and hashed properly)
not only that but not requiring more advanced passwords is the fault of the site, not of the user.
The thousands of passwords that I ALREADY CRACKED are all salted ones.
It doesn't matter if it is Blowfish, SHA-1 or whatever algorithm, if you are using 123456 as your password, you'll be more more fuckable than a horny bitch.
you do understand the difference between cracking 1 password and unlocking 500 of them because they are the exact same password and being forced to crack all of them right?
thats my point.
Re: Cracking the passwords: Don't blame the MtGox, USERS ARE STUPID
i'm sorry but not storing passwords without decent salts as well as decent hashes is the fault of mtgox.
getting access to a database that isn't salted is like hitting a goldmine because of the fact that so many people use the same passwords (iloveyou, password etc) when you get access to an unsalted hash user databaseit would look like this (sort by password, or whatever they call their password column):
8e6c488d2eb01fc691470ceb3a6f700c
8e6c488d2eb01fc691470ceb3a6f700c
8e6c488d2eb01fc691470ceb3a6f700c
746dd6c349cb2e97923be477e8d96423
746dd6c349cb2e97923be477e8d96423
(insert tons of other random md5's)
since they aren't salted you instantly see that there are multiple passwords that have the exact same hash (and therefore the exact same password) so if you crack one of them, you've cracked all of them..
with salted hashes you have a random salt combined with the hash up there to create a new salted hash, which generally means that every 'password' that a person who has access to the database sees is 100% unique (since each user gets a random salt and that salt is added to their password to create a salted password)
so if for example you have a database of 100,000 users all salted and hashed passwords, no 2 passwords will be cracked at the exact same time, it would take more time to crack a decent amount of passwords unlike with what happened to a bunch of mtgox accounts (which they admitted were there, but claim they are older accounts and their passwords are salted and hashed properly)
not only that but not requiring more advanced passwords is the fault of the site, not of the user.
getting access to a database that isn't salted is like hitting a goldmine because of the fact that so many people use the same passwords (iloveyou, password etc) when you get access to an unsalted hash user databaseit would look like this (sort by password, or whatever they call their password column):
8e6c488d2eb01fc691470ceb3a6f700c
8e6c488d2eb01fc691470ceb3a6f700c
8e6c488d2eb01fc691470ceb3a6f700c
746dd6c349cb2e97923be477e8d96423
746dd6c349cb2e97923be477e8d96423
(insert tons of other random md5's)
since they aren't salted you instantly see that there are multiple passwords that have the exact same hash (and therefore the exact same password) so if you crack one of them, you've cracked all of them..
with salted hashes you have a random salt combined with the hash up there to create a new salted hash, which generally means that every 'password' that a person who has access to the database sees is 100% unique (since each user gets a random salt and that salt is added to their password to create a salted password)
so if for example you have a database of 100,000 users all salted and hashed passwords, no 2 passwords will be cracked at the exact same time, it would take more time to crack a decent amount of passwords unlike with what happened to a bunch of mtgox accounts (which they admitted were there, but claim they are older accounts and their passwords are salted and hashed properly)
not only that but not requiring more advanced passwords is the fault of the site, not of the user.
Re: 500K BTC amounts to what % of total mass of existing BTCs??
who exactly had 500k btc?
are you referring to the person who had """""500,000$usd""""" worth of btc 'stolen' ?
that was 25k btc.... kind of a big difference..
are you referring to the person who had """""500,000$usd""""" worth of btc 'stolen' ?
that was 25k btc.... kind of a big difference..
the 11th of may someone had 297k BTC and another over 100k, i suppose now they've more..
http://bitcoinreport.blogspot.com/2011/05/bitcoin-top-100-rich-list-27th-may-2011.html
likely deepbit or slushes pool or one of the exchanges no?
pools pay the miner, so i think it's so hard they can have 300k, dunno mtgox volume at moment btw we're talking about a single address..
most mining pools take a percentage (2-3%), with pools like deepbit solving a block every 2-20min currently (average of 17minutes per block at the moment) (months ago it would have been way way way easier) thats 1.5btc every few minutes to them.. or maybe i'm misunderstanding their cut?
https://deepbit.net/stats
by the looks of that they are making a couple hundred btc every day from the fee they are charging
Re: 500K BTC amounts to what % of total mass of existing BTCs??
who exactly had 500k btc?
are you referring to the person who had """""500,000$usd""""" worth of btc 'stolen' ?
that was 25k btc.... kind of a big difference..
are you referring to the person who had """""500,000$usd""""" worth of btc 'stolen' ?
that was 25k btc.... kind of a big difference..
the 11th of may someone had 297k BTC and another over 100k, i suppose now they've more..
http://bitcoinreport.blogspot.com/2011/05/bitcoin-top-100-rich-list-27th-may-2011.html
likely deepbit or slushes pool or one of the exchanges no?
for those of you who haven't read it yet
http://nerdr.com/bitcoin-exchange-scam-bitcoins-are-worthless/
its at least an interesting read, especially if its true..
http://nerdr.com/bitcoin-exchange-scam-bitcoins-are-worthless/
its at least an interesting read, especially if its true..
I don't like it, but so many people use it and trust it.
There is another one too, KeepPass I think. One is better for online the other is better for offline. Or so I read.
There is another one too, KeepPass I think. One is better for online the other is better for offline. Or so I read.
I have been using it for months now and have never had anyone steal my passwords. There are a few different ones out there but I like lastpass.
keepass is quite good, and it also has a LOT of different os's that it has ports for, so its nice if you have an iphone or an android device etc.
my gf just had had 600$ stolen from her paypal account (getting the funds back of course), so have been in the process of changing all of my and getting her to change all of her passwords just to be safe, apparently facebook, twitter, paypal, and a few other sites have had their userbase exploited
http://www.cbc.ca/news/canada/prince-edward-island/story/2011/06/17/pei-lulzsec-personal-internet-accounts-584.html
I like BitcoinPlus except for this http://forum.bitcoin.org/index.php?topic=17099.0
So currently using Bitp.it even though it isn't perfect itself. Not too many alternatives short of writing something for myself, which I not have the time to do (as I'd have to learn a lot in the process about many things)
So currently using Bitp.it even though it isn't perfect itself. Not too many alternatives short of writing something for myself, which I not have the time to do (as I'd have to learn a lot in the process about many things)
thanks a lot sir
yea i wish i could sign up for bitp.it (but if you go to their site it seems they are no longer taking websites)... kind of dubious with bitcoinplus from your thread over there
maybe i'll give them a couple days try just to see what happens, not like it can hurt that much.
I'm just throwin' some ideas out there to chew on, so here's something else...
We already have this concept of a node in the P2P network, which is essentially a machine running the Bitcoin client. And that Bitcoin client has a certain role in all this, which is well established. Maybe we need to introduce some sort of new concept. Perhaps a collection of nodes could act as exchanges.
Part of the problem, with regards to scalability, is staying within the limits of the $1,000/$10,000 trading rule.
One way to work within that limit is to make it easier to build exchanges, such as I suggested with some sort of OS framework that could be easily implemented, both quickly and cheaply.
Or, perhaps we need to add some new concept to the P2P network, where the work of the MtGox type exchanges could be off-loaded to some sort of anonymous, decentralized network. I'm sort of weak on implementation ideas on that option though.
We already have this concept of a node in the P2P network, which is essentially a machine running the Bitcoin client. And that Bitcoin client has a certain role in all this, which is well established. Maybe we need to introduce some sort of new concept. Perhaps a collection of nodes could act as exchanges.
Part of the problem, with regards to scalability, is staying within the limits of the $1,000/$10,000 trading rule.
One way to work within that limit is to make it easier to build exchanges, such as I suggested with some sort of OS framework that could be easily implemented, both quickly and cheaply.
Or, perhaps we need to add some new concept to the P2P network, where the work of the MtGox type exchanges could be off-loaded to some sort of anonymous, decentralized network. I'm sort of weak on implementation ideas on that option though.
well... real markets do have safeguards in place (automated) that if something like this were to happen everything would be suspended pretty quickly and locked down, specifically because of something like this happening.
being that much higher profile website useraccounts have been exploited recently (paypal, facebook, twitter, sony online etc) this is just par for the course at the moment in my opinion, the amount of security at mtgox is kind of a joke with the amount of money being thrown around it to be honest.
Right, I agree, this is not some sort of signal about the failure of bitcoin, this is about the failure to apparently provide adequate security at one particular exchange. The real negative in all this is that having just one web site compromised caused such havoc in BTC value and trade volume. If we're gonna run a decentralized network, then let's run a decentralized network.
Yea I see what you are saying, at the moment tho I agree with the other poster and you that they might want to get some people like was said to work together and get a framework established and start using that framework to create other exchanges, since by the looks of it mtgox's programmers well... noone should have trusted them with real money by what i've seen.
I see bitp.it no longer allows new registrations for their java applet for mining coins, does anyone know if there are any other providers that are doing this, or are thinking of doing this? The reason I ask is because I am the webmaster for a fairly large website and would like to test this out on our users to see how successful it is.
The concept is much nicer than shoving ads down their throats in order to pay for gigabit connections and multiple servers in my opinion.
The concept is much nicer than shoving ads down their throats in order to pay for gigabit connections and multiple servers in my opinion.
being that much higher profile website useraccounts have been exploited recently (paypal, facebook, twitter, sony online etc) this is just par for the course at the moment in my opinion, the amount of security at mtgox is kind of a joke with the amount of money being thrown around it to be honest.
I'm having problems to connect with slush's pool, I'm using Phoenix 1.51 in Windows.
Is slush's pool server down? Anyone can help me?
Thanks in advance.
http://i51.tinypic.com/348g3zs.jpg
Is slush's pool server down? Anyone can help me?
Thanks in advance.
http://i51.tinypic.com/348g3zs.jpg
from what i've seen in the past 24 hours both deepbit and slush's have been ddos'd, there was a post about it somewhere, essentially they both make up over half of the current mining pools out there..
yet at the same time both of them were down the network hashrate was actually about the same... was quite odd...
http://www.symantec.com/connect/blogs/bitcoin-botnet-mining i wonder if there is something like this brewing...
it might be time to start having pools use tor or something...
Less than 24 hours for a transaction to process isn't really that bad compared to normal bank payment processing times. In fact, I'd go as far to say that it is quicker than most.
yup, not only that but places like paypal/credit cards/etc all someone has to do is put in a complaint within 30(some places 60) days and quite possibly get all their money back out of your account...
not to mention the crazy fees you have to pay..
0.074$ in average (Moscow/Russia) on 3-timezone counter.
But I have 50% discount, so it ends up at 0.037$
Guys with electrical ovens(instead of gas ones) have another discount.
PS. Burning 2100 kW/h per month
But I have 50% discount, so it ends up at 0.037$
Guys with electrical ovens(instead of gas ones) have another discount.
PS. Burning 2100 kW/h per month
holy f...
we have 4 computers running 24/7 in our house... plus central air running pretty much constantly because of the heat and our top bill i've ever seen was 900kwh...
so you are using well over double the power we use and paying like 1/3 of what we pay
and you probably get tons of perogies to boot!