|
I was a lurker since January of last year but after three months of laughing at how ambitiously crazy this idea is and came to like Bitcoin and signed up. It will be a year of sign up next month(if i remember right)
|
|
|
|
Thats more like "How to use electrum" I was under the assumption we were talking about how to help develop with eletrum kind of docs... |
|
|
|
|
Well me... heres my two cents.
I'm an aspiring entrepreneur, and computer developing wizard where all my past USD businesses flopped because of some restriction mostly high barriers of entry put in place, how ever I found Bitcoin with the intention to make money off my CPU cycles, after much question asking I found out that Bitcoin is far my wildest dreams -- It presented me with a free market, an opportunity to cut the cord from the system that forces me to be apart of and spread my own wings.
Back down to earth,
Im' just a regular 22 year old that does nothing but program/contribute Bitcoin projects all day(besides my PIPBOY 3000 project but that project will also have a Bitcoin app so hehe )
|
|
|
|
About 2,120,000 results (0.15 seconds). That's the point I was trying to bring home.
2nd and 3rd entries: http://lmgtfy.com/?q=ellet+walletThat's good enough for a start. Imagine if/once it actually ships. It's already up to 1st and 2nd. I love how SEO' specialists always try to relate high amount of search results with the "difficulty" of reaching the top rank.... lol |
|
|
|
Store half of seed on the device, and other half on the paper and the other half is your password you manually type in.
So the seed has 3 halves? Sounds complicated. Like I implied only for "serious" purchasing security that would be required to prevent large amounts of bitcoins being stolen in the event that you get the device stolen. |
|
|
|
 Anyone know of a website or something that could explain this formula in some kind of dumbed down English, I understand encryption practices fairly well I've always wanted to know what the formula it self is doing be hind the since I just don't know Alien math quite yet  |
|
|
|
nothing on it -> can't make ecdsa signatures -> can't send bitcoins.
Load everything from from microsd card or paper seed-on-paper approach -> steal paper.
Store half of seed on the device, and other half on the paper and the other half is your password you manually type in. or store nothing on the device, store half the seed on paper(QRcode or microsd card) and the other half in your brain that you manually type in upon wanting to load. (This is obviously not the one size fits all solution as everyone has different security preferences but since we are down this road) |
|
|
|
As a dedicated, encrypted and hardware locked device, the Ellet is safe from hacking, malware, and even if stolen, cannot be used to take your money.
do you even self believe that? Anything, can be hacked. I don't care about nice and funky hardware features: it will be broken, FAST. I believe it, its very feasible to have Ellet device not store anything at all and still be able to send bitcoins. Thus in the event of a stolen ellet device there is nothing on it to steal. The wallet seed could be stored by some other means(laminated paper, manually typing it in, or inserting and SD card,etc) and when the ellet device user is ready to send they load it up(This level of security is obviously for only people that hold alot of BTC in their device and/or use it for business transactions) |
|
|
|
|
I will be selecting a winner on the 15th of Friday (pacific standard time). I have Bitcoin shirts, Cassius coins, and some Bitcoin silver coins to give away.
Active Merchants and Customers apply.
|
|
|
|
People who think the resources which are used to provide certain services in the traditional banking system magically appear out of thin air are going to be confused about why it doesn't work the same way in a Bitcoin economy.
I think i might stick that in meh sig.... well said! |
|
|
|
I don't understand how so many long and seemingly secure LinkedIn passwords have been brute-forced? Will somebody help me understand how they're decrypting 20+ character passwords? Last I read over 60% of the leaked hashes have been decrypted. I can understand that being the case if most of them were really short and simple passwords, but it looks like a lot of them followed password security standards pretty well. Help me understand.
Rainbow tables. Longer answer. By not using salt they made passwords deterministic. The SHA-1 of "password" will ALWAYS be 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8. The password can be precomputed. It is made worse by the fact that SHA-1 (and SHA-256) are insanely fast. A single GPU can has up to a billion passwords per second. In a year one can pre-hash and store 31 quadrillion passwords with a single HD 5970. The use of a fast hash algorithm & no salt dooms even the longest and most complex passwords. They are already "pre-cracked" the hackers are simply looking them up in a lookup table. Now using salt changes that. The SHA-1 hash of "password" with a salt prefix of "123456789" is aa2cc735aa01f661a39d6a03214d2e551eb0d8ad The SHA-1 hash of "passwrod" with a salt prefix of "123456780" is 5571911de78b7bdffcfa11ef75d93a6cab3d6540 Precomputation becomes impossible. Now SHA-1 is still very very fast algorithm (which is bad) but salt at least makes the attacker work "in real time" which gives users with more complex passwords time to change them. Using "slow multi-round password function" (like bcrypt) AND a pre record salt eliminates all the short cuts. The only option is to sllllllllllllllllloooooooooooooooooooooowwwwwwwwwllllllllllly brute force the passwords one record at a time. That means exhaustively trying say all 8 digit passwords for a single account takes weeks if not months. All but the weakest of the weak are just not economical to even attempt to attack" And now I know why people prefer Bcrypt  Might have to update my Cheaper In Bitcoins Library to have this option. |
|
|
|
I don't understand how so many long and seemingly secure LinkedIn passwords have been brute-forced? Will somebody help me understand how their decrypting 20+ character passwords? Last I read over 60% of the leaked hashes have been decrypted. I can understand that being the case if most of them were really short and simple passwords, but it looks like a lot of them followed password security standards pretty well. Help me understand.
This assumes that LinkedIn didn't really salt their passwords or take any kind of salting precautions but, TO put it simply when you encrypt a password like "duck" you get a constant output like "2d2370db2447ff8cf4f3accd68c85aa119a9c893effd200a9b69176e9fc5eb98" Now the act of salting is appending some random but knowable data. so if my salt was "123" (with out the quotes) then my password would like like this, "123duck" and the server would save the encrypted password output as "50a7b5d4016f61fae2a9d86368db862971c0ef4c83e01f3a88d12a78febff81a" With out a (very long 512+ character) salt its really easy to brute force but just for the sake of a simple example even with a small salt like 123 in front of a password makes the encrypted output completely different. So back to my point, even with a 255 character password (with out a salt) Its easy to bruteforce with something called a rainbow table (which is a huge database of precomputed encrypted password ouputs). hope that makes more sense and i just wanted rambling (Ps. With out a long salt the rainbow table most likely will contain the output that was appended to the password as if their was no salt. so even if linked in did use a salt it wasn't long enough and the rainbow table contained the precomputed out put). |
|
|
|
My opinion is that documentation is often better when non-devs contribute to it.
Not because developers are always bad at writing docs, but because someone with an external look, who does not share the developer's implicit goals, can provide better explanations
Thats right! Yeah that's true but it also looks lazy to most people or personally to me it looks like the developer is just programming that program just for fun. Albeit if you provided a wiki page with 20% complete information others would help contribute over time page by page. Heck if their was something I could write on I might even contribute right now.... How do I help contribute to documentation is their a page I can be referred to?? |
|
|
|
Seriously tho if you really trust that all smartphone manufactures are not hiding packets of data that send statistical usage and data behind your back(without your consent) then please continue to use the smartphones to trust your money with it.
Why should the average consumer trust this new device any more than existing devices? Because Bitcoin!  That's a very good point, thanks for bringing that up. Now I can explain why this device should be open source with justification but I can't declare I have any control to make that decision for this product but someone else had to bring it up(besides me) to make it real. |
|
|
|
I personally think there is some fallacy in thinking "Why would someone carry another electronic device when their are smartphones that already facilitate Bitcoin transactions?" Wish i could remember which one it was called tho.... http://en.wikipedia.org/wiki/List_of_fallaciesSeriously tho if you really trust that all smartphone manufactures are not hiding packets of data that send statistical usage and data behind your back(without your consent) then please continue to use the smartphones to trust your money with it. I know for a fact that after seeing all these hackings with Bitcoins I guarantee their will be businesses(more like scammers) in the future that their sole purposes is to sell cheap smartphones with some (mischievously-altered) open source operating system preloaded on it that will send your private keys to the server and the worst part of it all is that they will encrypt the data so you don't even know what they are sending and those businesses will succeed from selling private keys to other companies and of course on top of selling smart phones to all those who think that fallacy above is true. -- That is all. Ps. Heck in the future when Bitcoins hits masspopulation/mainstream their will be college kids saying "Hey bro you wanna make some money?", "Sure how?", "lets sell our (altered)phones to innocent people and when they receive Bitcoins on their smartphone they will be automatically sent to us instead" |
|
|
|
|
I can vouch that this product does in fact exist.
|
|
|
|
Great to see CheaperInBicoins stick to their mission. Sandisk Cruzer 16GB in Hot Deals for 6.8BTC/37USD, Amazon can go stuff their greedy ass corp with their silly 11USD offer.
Some merchants prices are tied to the USD rate while others are fixed on BTC price. |
|
|
|
The apply to be a merchant link on the site itself doesn't seem to be working.
All applicants are manually approved (in the future it will be automated). Sign up as a customer and PM me with your customer username and I will enable merchant status. This is because merchants are more prone to communicate with me for suggestions or bugs or anything they need help with. |
|
|
|
http://CheaperInBitcoins.com salts its passwords with 254 random characters uniquly per account, along with appending another salt that is the customers ID# multiplied by an undisclosed number on top of requiring users/merchants/customers a password of 10 characters or more. so to visualise the hashing it would look something like this in pseudo code hash("sha512", <random 254 characters> (<user_id> * <undisclosed number>) <customer/username password>)
|
|
|
|
It would be a nice surprise to see bitcoincard in the next issue of Bitcoin Magazine  Fat chance, apparently MNW is developing a competitor to it that he doesn't want anyone to know about, so he probably wouldn't allow such an article to be included. My thoughts exactly...  |
|
|
|
|
Show Posts
