Bitcoin Forum

Hey guys,

Made a post a while back regarding a peer to peer bitcoin lending website.  Well I finally got most of the code done.  There is still a lot of work to do, but if you want to help me work out the bugs I would really appreciate it.  There is a short video on the first page that should answer most of your questions.

Check it out....
lendmecoin.com  *** this is not working at the moment.

use this...
72.181.135.42:81

Site down: http://www.downforeveryoneorjustme.com/lendmecoin.com

Well I guess I am off to a bad start.

Looks like my ISP is blocking 80.  I will deal with this in the morning.

*Sigh* I know, but I have this computer here and why not use it?  It is already set up, just need to get this port forwarding business cleared up...

Nah I made a workaround.  Just had to forward port 81 and make some changes on my WAMP.

If you want to check out the site you can visit it here.

72.181.135.42:81
The domain should work after 24 hours.

I also couldnt help chuckle a bit after going to that page. :'(

You don't have to use it if you do not want to.  I am not a super experienced programmer, but I had a lot of feedback suggesting that I just release the website and that users would help me out.

Normally I would take more time and consideration before releasing, but people wanted me to release it.  As far as Facebook verification system is concerned... I had the option not to use this method, but it would require last 4 digits of your social.  So that being said I felt users would be more comfortable with this method.

SHA1 is horrible easy to brute force.

One example:
http://nsa.unaligned.org/

This guy built at home a SHA1 brute force engine which can brute for every possible 8 digit password in less than a day.  Yes all 6,095,689,385,410,820 in less than a day.

Security is a mindset not something you bolt on at the end.  Passwords should be hashed with a strong hashing algorithm use per account random salt (min 64 bit) to prevent parallel and pre-computational attacks.  The optimal method would be some proven algorithm which slows down brute force attacks through the use of key strengthening like bcrypt, scrypt, or PBKDF2.

Changed the password deal, so this is fixed.

First thing before releasing a website is proofreading for errors.
For example, change all instances of 'garentee' into guarantee.
Your site has the potential, but you'll still need to work on it to iron out stuff and improve the general usability.

Thank you for pointing that out.  I really wasn't planning on having people use it right away.  Just give me shit for what I have wrong.  Best way to improve it in my opinion.

Hi thanks for making a site.

1. I suggest displaying interest as weekly, I think this is already the standard. Daily will require dealing with fractions more often.

2. I suggest getting out of the middle altogether and have borrowers pay the lenders directly.  It will make life a lot less stressful for you since you won't need to worry about being responsible for others' bitcoins. You can send borrowers the BTC address of their lenders directly, and then monitor the blockchain to see when a payment has been made.  Sorry if you were planning to make money by taking a cut, but consider a different way to receive bitcoins without handling other people's money.  For example, I believe you can create a "bitcoin:" URI that does multipay.  Or you could ask to be paid up front, or bill people later, or any number of other ways.

3. You have a script set to monitor payments to a hot wallet and send them somewhere?  See #2 for why you don't need a hot wallet.  If you need one, though (and you may already do this), at least make sure it's on a computer completely unconnected to your website: Use the blockchain and monitor the payment from somewhere else. If your website has no bitcoins controlled from it, you can't lose any even if someone breaks into it.

4. Please consider including an option to link the account on your site to a bitcoin-otc rating and GPG identity. I suspect all you'd need initially is allow users to provide a GPG public key (which you can match to the one they use on OTC).  Then at minimum, publish the key ID with a link to the OTC ratings when displaying information about other users  on your site.

Yes this is actually the next thing on my to do list.  I want to give users the option for both using hot wallet and their own as well.  I was thinking about using bitcoinabe to download the blockchain into a database where I can process transactions without a wallet.  It will be more difficult for users because they would need to enter in their payment information everytime a loan is repaid or paid out.  I do appreciate the idea.

Great idea, I like the plain-ness of the site but this is TOO plain, fonts seems a little too big also. Try to get the URL working and I hope it'll get popular. Seems like a great way to loan coins and build rep.

I am hiring a programmer to rebuild the website from scratch.  The next release should be more impressive.

broke it!
http://i.minus.com/i7zQ6NoGLKpOe.png

are you high? how does setting a textbox to a "password box" indicate whether the passwords are hashed or not?

It doesn't  but if your careless with little things like that then how careless are you with the backend? And as that predicted he uses sha1 no salt it is careless.