Google shows how websites should look like:
- White background - Mostly text - Colors and images where it actually makes sense
Blockexplorer is best. Bitcoincharts is worst I remember.
|
|
|
Besides, MtGox was "hacked" by the only side nerdness can't do nothing about: the HUMAN factor. Wouldn't make a difference other than slow the attacker a bit to use SHA-512 or any other hashing/crypting flavor. As obvious M'Tux had no clue his db was compromised, so the attacker actually had all the time in the World to do whatever he needed to do.
It's not that nobody thought of that, it's that there are problems that cannot be solved. That's why the whole concept of MtGox was flawed. The whole point of bitcoin is that you don't need websites doing such jobs like money transfer any more. But what did they come up with? A typical site with the same crap we know from banking sites, paypal etc.
|
|
|
Deflationary currency is theft from holders of assets.
No it's not. People are not entitled to other people's money. You may believe that, but don't expect this idea to get broad acceptance. Money is not a natural thing, but artificial. We create it to serve certain purposes. The wished purpose defines how the money is like, not the other way around.
|
|
|
But [an encrypted VM] doesn't protect you any more than a regular encrypted volume. But its way more a waste of ressources.
Good point. Except, maybe, the trojan/virus/worm/whatever has to hijack the VM controller's memory and instruction stack aswell. So it wouldn't stop a determined attacker, but it might stop more casual opportunists. You don't have to crack anything, the host has full power to manipulate the guest as he wishes. That's why you can control the guest from the host. Protection in that direction does not make any sense, VMs were never supposed to have that. It is not that there may be vulnerabilities, there are just no barriers.
|
|
|
Everybody who had a crackable password in the first place is screwed when his wallet is found anyway.
The only way now is to generate a new wallet in a secure space and send the coins there.
Huh? What does this discussion have to do with Wallets? If you used the same password for mtgox and encrypted wallet backups, you have to create a new wallet.
|
|
|
So basically you don't know if/what "bcrypt" does anything different than "gpg --cipher-algo BLOWFISH"?
Yes, I never heard of it. I think I personally wouldn't trust anything other than GPG and OpenSSL. But that's because I know them and I know that they are well reviewed. There can be tools with similar standards that I just don't know of.
|
|
|
How can I verify if I'm using data=ordered or data=journal? This is my partition on archlinux:
/dev/sda4 /home ext4 defaults,noatime 0 2
@bcearl: I assume you don't use shred right? If so then how can you securely use GPG encryption? It sounds useless to me if I'm leaving traces behind in my disk whenever I decrypt to use my wallet.
You don't want anything other than data=journal. You should not store secret information on unencrypted volumes in the first place.
|
|
|
Everybody who had a crackable password in the first place is screwed when his wallet is found anyway.
The only way now is to generate a new wallet in a secure space and send the coins there.
|
|
|
Don't trust e-mails now. Your address is public, it's the perfect opportunity to fool you.
|
|
|
They cannot reverse BTC transactions anyway. All they can reverse is their local books. That should tell people a lesson what it means to trust book keepers instead of the P2P net.
|
|
|
So, MtGox does not us salt... It's really bad. The only good thing they can do is to reset all passwords and revalidate accounts through emails. But in case of passwords that match email ones situation becomes even worse... Salt does not help weak passwords.
|
|
|
Yeah, I am glad to see that at least ONE bitcoin site has security on their minds!
They work with real money - not with worthless FED bills.
|
|
|
Ukrainian government - ROTFL
|
|
|
Ironically I described exactly this case this morning in my guide about passwords: Note that an online password of a website can become an offline password, e.g. when the website is hacked and the password hashes that the operator stored are leaked. http://forum.bitcoin.org/index.php?topic=19360.0
|
|
|
If the salt hasn't been compromised, then the passwords should be safe, no?
That sentence doesn't make sense at all.
|
|
|
Everybody with password lengths of less than 8 characters are totally screwed now.
Change your passwords everywhere as soon as you can!
|
|
|
You should not trust secure delete for the same reason you should not trust GNU shred: Modern file systems don't write data in place.
|
|
|
The site says: IMPORTANT!!! What this calculator is NOT . . .
It is NOT a “Password Strength Meter.”
|
|
|
I wrote a little program that creates totally random passwords, with same probability for every printable ASCII char: From "SPACE" to "~".
Nice and simple, yet most distros should have a package for pwgen, which has extra options (easier to memorize, charset, etc.). Yes, there are lots of tools. The user account configuration in Ubuntu (or maybe it came with Gnome 3 which I installed) also makes password proposals and measures how strong your password is. I wrote it myself because I really wanted to have a guaranteed equal probability for each character, and no character should be independent on another.
|
|
|
You have to read a lot and have a good memory, my favourite password system is to take either the first or last letter from a memorable sentence in something you have read, will never forget and has a tedious link to the site/file you're logging into. For example, you could associate a gambling account with a couple of lines from If by Rudyard Kipling: If you can make one heap of all your winnings And risk it on one turn of pitch-and-tossCould make the password "IycmohoaywAriootopat", which you're unlikely to forget. If you read a lot you'll have an endless supply of fresh, very memorable and extremely long passwords! Now, knowing this, can you crack an old password of mine from the book Fight Club? Clues: It's 14 chars long, it's based on the first letter of each word in two sentences and includes punctuation. Here's the md5 sum: 7de46151e06abe0ad53c4513d22e9a43 I know about that trick, but I don't trust it. I use it for some passwords, but not important stuff like my wallet.
|
|
|
|