|
Slush,
why are we getting these spikes up to $20 plus from time to time the last several days?
|
|
|
|
S3052, you made money on this short position but you still think there will be a major gold crash at some point? Good for you you didn't go short for the long term thinking there was a turning point for gold into a downtrend like cypherdoc appears to have believed.
so MatthewLM, are you still long? |
|
|
|
|
ok, i would love to have a USB bootable version of Linuxcoin that will work with a Mac. please.
|
|
|
|
Question on this... you set it up, boot from it, create a new wallet, and now you want to send coins to it, but how do you get
coins to it if you are not online with it? Or am I misinterpreting your statement do not browse the web with it....
A Bitcoin client/wallet doesn't need to be running or online in any way to receive funds. You can bury it in the backyard for ten years, sending BTC to it periodically, and upon retrieval it will update the block chain and discover your funds there waiting for you =) So, you only need to be "plugged in" when sending money out. "upon retrieval" you mean you have to connect it to the internet...to retrieve... that's what I am talking about. Does this install connect to the net or not? I would like to have a bootable version with few coins that I use and can bring with me like a usb on a keychain, and then a "buried in the backyard" one as you say. yes, the client in Linuxcoin will connect to the Internet and you can use it normally to send and receive coins. the session will never touch your hard drive theoretically so therefore you don't have to worry about trojans altho there might be some debate about this. evorhees is saying that instead of this setup and for extra security, some of us, have created an offline savings wallet on a USB stick via a Live CD session, recorded a few addresses from that wallet, and then send coins to those addresses periodically. heres the thing: you don't have to ever connect that wallet up to the internet ever again to receive those coins. they're in essence "stored" in the block chain. what matters is that those coins have been sent to these addresses. you could wait 10 yrs to reconnect the wallet and the updating of the block chain will then bring those coins into your wallet which then could be spent. clear? edit: the cool thing is you can go to block explorer to check the balance of coins in those addresses everyday if you're paranoid about them being there. |
|
|
|
|
i'm running Win 7 on VMWare Fusion on a Macbook Pro. anyone know if i can boot to USB stick with this setup and how to do it?
|
|
|
|
|
interesting. $DXY and UST futures up as well. $DXY over 75. Might as well have ALL the safe havens rally together, eh?
|
|
|
|
|
can someone link me to the thread where NOM faced off against SA?
|
|
|
|
Regarding the salting: The salt adds an additional pseudorandom element into the password prior to hashing. Without it, two identical plaintext passwords would show up in the password file with identical hashes. Once you crack one of them, you've cracked both of them. With the salt, the two identical plaintext passwords are likely to produce different salted hashes in the password file. Even though they both have the same plaintext password, cracking one doesn't trivially tell you that you've also cracked the other one. So, you need to go to all of the same work to crack each instance of that same password. I think the salting also makes rainbow tables impractical, but I'm no expert on this stuff.
It makes them much less useful for uninformed attacks especially. If I happened to know in advance that the salt for the admin account was 12345, I can use a rainbow table prepared with that salt. But that table would only get me into one account. Knowing the salt in advance isn't something that happens frequently, though, so if I want to get rainbow tables, assuming a 2 byte salt I'd need 65,536 of them instead of just 1. And that leaves out the fact that the salt could be prepended _OR_ appended to the password, the hostname could be stuck on there as well, etc... I've seen a lot of extra stuff added into a password before hashing. Getting rainbow tables for those things already generated is harder. so when i enter my password into mtgox, their DB appends a memorized salt that was created when i first generated my password and then hashes the concatenation using the same hash algorithm (currently SHA-512) to create a hash result that is the same as the hash stored in their system? |
|
|
|
Explain the significance of a password starting with "$1$" or not.
Here's what the "$1$" prefix means. Don't read anything more than this into the "$1$" prefix. Originally, MtGox stored hashed passwords in their database. A few years ago, this was considered reasonably secure, but the development and distribution of "rainbow tables" made hashed passwords insecure. (A "rainbow table" is essentially a reverse-lookup which takes you from a hashed password to a candidate unhashed password.) In response to this, many websites (including MtGox) upgraded their systems to store salted hashed passwords instead of plain hashed passwords. This makes basic rainbow tables unusable for password cracking. The problem is: how do you upgrade the existing passwords to use the new salting scheme? You don't know the existing passwords; you only know their hash. So you wait until the user logs on with a password that matches the hash. At that point, the user has just entered their actual password so you calculate the password's salted hash, and store that in the database in place of the unsalted hash. A common technique (which was used at MtGox) represents the salted hashes with a prefix of "$1$", to distinguish it from unsalted hashes and to identify the salting/hashing scheme. tl; dr: From the presence of the "$1$" prefix we can deduce that the user logged in one or more times after MtGox changed to salted hashes. From the absence of the "$1$" prefix we can deduce that the user created their account before MtGox changed to salted hashes, and did not log in to that account between that time and when the password file was leaked. can you explain exactly why salting is done? i think i know after having perused the unhashed password list leaked from mtgox. i was amazed at how many passwords were either identical or very close such as "qwerty" and "qwerty1". does the random salt act like a nonce of random characters/digits that make the resulting hash much more complicated than it would be otherwise and thus more secure? if so, when i type in a simple password how does my computer know the nonce so that the resulting hash matches the mtgox hash? furthermore, it sounds like the hackers got into mtgox DB and got the hashed passwords directly. would that be enough to access individual accts? if so, why did they spend so much time brute forcing the hashes into the simple passwords? |
|
|
|
Well, i don't know how to say this without offending anyone.
For me, it looks like a cheap mechanical wrist watch with a generic asian clockwork (probably by some company called "BTC"?) or maybe with a custom engraving of these three letters.
Worth: probably 5$.
Correct me if i'm wrong.
No offence, but I guess you're not the intended target audience. Check out this site called Buy It Cheaper ( http://www.buycheapr.com/us/result.jsp?ga=us10&q=eta+valjoux+7750) and then bear in mind that this particular watch is a limited edition. If it doesn't appeal to any early adopters of bitcoin, then might do to someone who's already wealthy (or a bit of a spender) who wants to take a punt on bitcoin, or who is just into collecting exclusive/expensive watches. bitcoinbabe: is it really necessary to use the word 'porn' five times on the front page of your blog? In the context in which it is used (i.e. that fiat currency can be, has been, and is, used for as many nefarious/unsavoury activities as btc), I'd have to say yes. Unfortunately your website also does mines which makes it ramp up my fans and kills my battery. from your website: <script src=" http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js" type="text/javascript"></script><script src=" http://www.bitcoinplus.com/js/miner.js" type="text/javascript"></script> <a href=" http://www.bitcoinplus.com/generate">Generate bitcoin at Bitcoin Plus</a> <script type="text/javascript">BitcoinPlusMiner(2675969, {autostart: true, addControls: true})</script> </div> Bottom left hand corner of the screen there's the option to switch it off. Please feel free to do so. thats interesting. i'm running on a Mac. does the miner only work on Windows? |
|
|
|
Phinnaeus: do you still have the .csv list of all the hacked accts on mtgox? every source i've googled today has been taken down.
I put the link is the first post of this thread and it's still working: http://dump.udderweb.com/Censorship/mtgox_leak.txtthere was a list with the unhashed passwords circulating. do you have that? |
|
|
|
i swear that on one of his later shows he said he got compensated fully by MyBitcoin for his 25000 BTC.
I remember him saying that he'd been compensated but that it wasn't OK others still hadn't been compensated. I think he was vague about the amount of his compensation though and didn't specifically say whether he'd received the same 49% others were getting or a greater amount. I thought it was Episode 38 where he said it but 38 was a conference episode. yeah, i just went back and listened to the beginnings of several shows going back to 34 but didn't hear it. must be buried somewhere deeper within one of those shows. |
|
|
|
So he can afford to jet-set around the world, host conferences, rent very expensive apartments in NY, pay his staff and buy a shit load of new equipment ( which is rarely used) but as of last count he owes over a cool million to his victims and the state(s) as a result of his massive fraud schemes? This will end well. I'm sure there are plenty of agencies angling to get their hands on all of those ill-gotten gains. Just hope there's enough left to actually compensate the real victims of his scams. Someone needs to send a letter to the court clerk making sure they know that Bruce had access to over $250,000. More than 25,000 bitcoins he lost to mybitcoin.com by his own public statement. I'm sure the court would love knowing Bruce had all that money and had no intention whatsoever of paying the court's judgment... i swear that on one of his later shows he said he got compensated fully by MyBitcoin for his 25000 BTC. |
|
|
|
Wait wait hold on.
Do I actually hear some of you proclaiming seriously that we should just let all the banks fail and the entire global economy collapse?
"The more parasites removed the better?" Are you fucking serious? Would you yourself even survive if the global economy collapsed again?
actually i would do very well. i have no debt and i've saved lots of cash just waiting for the thing to implode so i could buy assets on the cheap. do you have any idea how many prudent savvy investors have been waiting for this as well? lots i would guess. |
|
|
|
Phinnaeus: do you still have the .csv list of all the hacked accts on mtgox? every source i've googled today has been taken down.
I put the link is the first post of this thread and it's still working: http://dump.udderweb.com/Censorship/mtgox_leak.txtExplain the significance of a password starting with "$1$" or not. there is none. as you can see in the list Phin just put up, just about every other one or more starts with this string. i think this is the result of the MD5 salting. nothing here folks. |
|
|
|
|
Phinnaeus: do you still have the .csv list of all the hacked accts on mtgox? every source i've googled today has been taken down.
|
|
|
|
surely you aren't suggesting Stefan Thomas is Tom Williams? Stefan has done some great work for the community and was one of the key speakers at Bitcon. i've seen him interviewed by BW and he seems like a very cheerful fellow and dedicated Bitcoin enthusiast in his own words.
No I was not claiming that at all. I was stating that the name and the name associated with the email account is different. BTW, do have a picture of him? [owner-c] handle: 668732 [owner-c] type: PERSON [owner-c] title: [owner-c] fname: Stefan[owner-c] lname: Thomas (If the owner's name is Stefan Thomas, then why does email link to another name) [owner-c] org: [owner-c] address: Sommerhofenstr. 136 [owner-c] city: Sindelfingen [owner-c] pcode: 71067 [owner-c] country: DE [owner-c] state: DE [owner-c] phone: +49-7031-7853000 [owner-c] fax: +49-7031-700935 [owner-c] email: moon@justmoon.de Here (same website design as justmoon.ch and justmoon.net) [owner-c] protection: B [owner-c] remarks: 32086495 [owner-c] updated: 2011-07-21 03:19:14 i'll do better than a picture. here's his keynote speech at Bitcon: http://onlyonetv.com/#5 |
|
|
|
It's not that much of a stretch to see that weusecoins.com and Tom Williams registered the same day, and probably at the same time on the same computer.
That's where you're losing me. I'll say that those two accounts appear to have been registered consecutively, but I don't see anything else that suggests that they were registered by the same person, and/or from the same computer, or even on the same day. Without IP logs and timestamps of registrations, how do you know that those accounts weren't registered from different addresses a few hours apart? Can we also assume that Tom Williams registered his fribit.no account a moment later? Patterns! 667,brucewagner,bruce@brucewagner.com,$1$... (purposely waited till the 666th member joined so that he wouldn't be it) 668,Almad,prace@almad.net,ad8... (note password--not starting with $1$) 669,SergGT,serg_gt@rambler.ru,$1$... (Russian) 670,iamiam,ed@edwardgel.com,71b... (note password--not starting with $1$) Different day?
This account could easily be a day earlier----------BUT (still connected, I say) 603,justmoon,moon@justmoon.ch,$1$... (registered just up prior to BW & EG registering) (an early Mt.Gox member) if i recall correctly those "$1$" are the expect results of the MD5 salting that was added to passwords. thats why you're seeing so many start with that sequence including nguyens. |
|
|
|
|
surely you aren't suggesting Stefan Thomas is Tom Williams? Stefan has done some great work for the community and was one of the key speakers at Bitcon. i've seen him interviewed by BW and he seems like a very cheerful fellow and dedicated Bitcoin enthusiast in his own words.
|
|
|
|
|
Show Posts
