It stretches the key by performing 100,000 sha256 rounds.

A Radeon 7970 can do about a billion sha256 / second. With this it's reduced to 10k hashes/sec. At this rate you can do the ECDSA part on the CPU (in C of course, not python) since it's at least 40 times faster than that.

So you don't even need an ECDSA GPU implementation.

So you do know part of the password? What brute force scheme would you like to run? If you don't know anything about the password and it is more than 8 characters forget it.

ECDSA GPU code is here btw:
https://github.com/samr7/vanitygen/blob/master/oclengine.c

But that's only part of the equation. The key derivation function used will make it a lot slower.

Thanks! Downloads should be even faster now.

Javascript's security has nothing to do with bitaddress.org's security. If you are concerned about the latter, you should download the entire page (it's a single html file), verify it with the author's GPG key and always run it locally.

As for Javascript's security you have to understand that there are many implementations, basically each browser has their own engine so a possible attack will have to target a specific browser. There have not been any Javascript 0-days that I'm aware of lately, simply because most engines take security seriously and implement sandboxing correctly.

Java is just a bloated language that didn't evolve to support the browser client model and maintained by a company that doesn't really give a damn about open source software. You should not be running Java on the browser. If you do, only enable it for websites you trust.

+1

Have you turned off automatic updating? The current version is 24.x

It is worth noting that even if ECC were to fall today, cold storage addresses would still be secure.

Of course if that were to happen the price would plummet making your cold storage (at least temporarily) worthless.  

If you intend to use this on a live CD make sure you aren't generating keys on a freshly booted machine.

See http://eprint.iacr.org/2006/086.pdf and http://eprint.iacr.org/2012/251.pdf

Live CD distributions boot with a preset entropy pool. In theory, generating keys right after you boot will greatly reduce the 256bit keyspace since you have only added a few bits of mouse and IO entropy. You probably need to leave the system on a for a while - maybe even seed /dev/random with microphone data. OpenSSL seeds its PRNG with data from /dev/urandom plus the process ID of the current process.

On a normal system this isn't an issue since all distros will save some bytes from /dev/*random on shutdown and use them on startup to seed the PRNG.

You're doing it wrong. This should not be about role models or having a weewee or not. Our goal as a community is to make Bitcoin mainstream. If it becomes more popular then more women will use it. Simple as that.

0.8 will largely solve this. It should sync within a few hours.

Right now the biggest problem with easily integrating bitcoind into an ecommerce website is the lack of transactional info and callbacks.

AFAIK the best practice currently is:
1) Use -blocknotify=<cmd> to receive notifications on new blocks. Your command can simply CURL your application server and provide %s (the block hash).
2) Use RPC getblock on the block hash you got from blocknotify.
3) Iterate through the tx array returned with the RPC call gettransaction and store the txid of transactions to your addresses along with the amount on your database. If you require X confirmations you will need to poll the txids until they reach that point. Make sure that you aren't processing the same txid's amount twice.
4) You will probably need to find a way to replay blocks that you have missed (app server downtime?)

Alternatively you can poll the server with getreceivedbyaddress for every address you're watching, which isn't very scalable. Although it can work with a simple limitation: require the user to perform an action whenever they are about to send you a payment. This way you can poll that address with minconf=0 every 10 seconds to get the unconfirmed transaction, then switch to polling minconf=X every 10 minutes until you get X confirmations at which point you stop polling for that address.

In PHP you'll probably need to have a pool of worker processes (php-fpm) to perform that kind of task. Don't daemonize PHP unless you know what you're doing.

I would like for someone to make a sane argument as to why a startup should use proprietary closed source software like .NET ASP/C# and MSSQL.

Hehe.

Still gonna mine on my petty GPUs. You still have factor in appreciation in your profit calculations.

Bitfetch is a new torrent download service designed to make downloading torrents from your browser a breeze.

Many ISPs have adopted the practice of violating net neutrality and heavily throttling BitTorrent traffic along with every other protocol they deem inappropriate. There have also been many incidents lately in which ISPs have shown a blatant disregard for the privacy of their end users by inspecting their traffic or giving out their information to 3rd parties without due process. There is a way around this.

How it works:

• Add a torrent URL, magnet URI or otherwise upload a torrent file. You can also type something in and search for it.
• When your torrent is added its cost will appear on the right side. Click on Deposit and send a Bitcoin payment to the address listed.
• Once it is done downloading you will be provided with a fast direct HTTPS link to the file(s).

Anonymous
Payments are only accepted in Bitcoin. We do not log IPs or any other data that may be used to identify you. There is no account to register - you are identified by a randomly generated unique token which you can use to access your balance.

All connections to Bitfetch - including downloads - are encrypted by default. Torrents can either be deleted manually by you or automatically after 48 hours (torrents over 10GB in size are deleted after 10 days).

Automatic zipping
You can choose to have torrents zipped so there is only a single file to download.

File selection
Need to download a small file out of a big collection? No problem!

Cost is 0.001 BTC per GB.


-

Some additional info:

Connectivity & upload
The server is on a gigabit connection so your torrent will be downloaded at the highest possible speed. Each torrent has a 8 MB/s upload allowance with 20 upload slots. Slow or stalled torrents are the result of low or nonexistent amount of seeds.

Slow downloads from the US
This applies to browser downloads only. As a cost-cutting measure some US ISPs (Comcast, Verizon) will limit the throughput of transatlantic TCP connections. To get around this you can use a multithreaded download manager such as DownThemAll.

Ratio
Ratio is not guaranteed to be 1, in some cases it will be much higher or lower. It all depends on the amount of leechers on the network. Average ratio of all torrents ever downloaded is currently 1.618 (BT total bytes out / BT total bytes in). I am open to suggestions on how to handle ratio for people that use private trackers.

Should the internet close on the weekends?

Confirmation by MrSambal and danieldaniel that their accounts were renewed.

Therefore this is legit so I'm deleting my original post.

A new address will be generated to hold the change.

+1

Down with fiat!

In fact getting hit by an asteroid is more likely to happen than creating an invalid private key with random data, even if you create millions of them during your lifetime.

There's a range:
https://en.bitcoin.it/wiki/Private_key#Range_of_valid_private_keys

Still less than a 1 in 2¹²⁷ chance of missing it if I calculated this correctly.