Courtesy recap of potential winners:
| delaria | BTC70 | | alexuk | BTC65 | | JHenderson | BTC63 | | JHenderson | BTC63 | | JHenderson | BTC63 | | jgarzik | BTC63 | | marto74 | BTC62 | | BlackLilac | BTC62 | | LainZ | BTC62 | | otter | BTC62 |
Time left: Timer removed. End time: 2013-04-19+16:00:00
|
|
|
|
I also want to know exactly how this works. If the encrypted blob is just sent then all anyone ever needs to do is visit the wallet URL one time and they have your encrypted blob.
I would assume that the process goes like this: a) ID and 2FA transmitted via plaintext (https of course), and the password is hashed before being transmitted. b) Server compares the three variables (ID, 2FA, PW), if either one does not match (even if the other 2 matches), the blob is not sent to the browser. c) Password at the local browser is used to decrypt the blob. the source code is here: https://github.com/blockchain/My-Wallet/blob/master/wallet.jsthe wallet clientside javascript sends the 2FA and the ID over and gets an encrypted wallet blob back - the password is never sent to blockchain.info Sounds like enabling 2FA does defend against a certain class of offline attacks, especially when your wallet has an easily guessable identifier. Will Oh, I forgot this is open source. Thanks for the clarification - I was under the assumption that the PW hash are compared before the blob is even sent. Guess everyone should stick with long hard passwords now - a service like LastPass or KeePass would be useful. I disable Lastpass for the site. Seems dangerous to use it- no? I don't trust LastPass that much! I personally use Lastpass for the site, including a 2FA Gauth as I trust Lastpass. |
|
|
|
|
Spam is a bannable offense.
|
|
|
|
Forgive my ignorance (I haven't bought shares before), but how exactly are shares "sent to the winner"? Thanks...
(Assumptions here)
DiabloD3 will create a contract signed with his GPG key... including a bitcoin address and a promise to transfer X shares to you at an address you specify, along with an email address (for contact information from friedcat). After you send payment (or establish escrow) he will send an email to friedcat asking for the shares to be transferred to your address.
|
|
|
|
|
Can I not see -yet- another xcoin when I visit this subforum once per couple days? Now it's Feathercoin ....-_-;
|
|
|
|
IMPROPER DATE FORMATTING!
Edited. Oh, you date nazis.  |
|
|
|
How much for you to start camping in front of the BFL offices with a megaphone yelling at Josh for status updates?
I LOL'ed so bad.  That said, if this is really done (and pics/ vids are up to prove), I'd guess that many people will tip for this. |
|
|
|
I also want to know exactly how this works. If the encrypted blob is just sent then all anyone ever needs to do is visit the wallet URL one time and they have your encrypted blob.
I would assume that the process goes like this: a) ID and 2FA transmitted via plaintext (https of course), and the password is hashed before being transmitted. b) Server compares the three variables (ID, 2FA, PW), if either one does not match (even if the other 2 matches), the blob is not sent to the browser. c) Password at the local browser is used to decrypt the blob. the source code is here: https://github.com/blockchain/My-Wallet/blob/master/wallet.jsthe wallet clientside javascript sends the 2FA and the ID over and gets an encrypted wallet blob back - the password is never sent to blockchain.info Sounds like enabling 2FA does defend against a certain class of offline attacks, especially when your wallet has an easily guessable identifier. Will Oh, I forgot this is open source. Thanks for the clarification - I was under the assumption that the PW hash are compared before the blob is even sent. Guess everyone should stick with long hard passwords now - a service like LastPass or KeePass would be useful. |
|
|
|
I recommend block bids from these 3 post count bidders, they are high risk non-paying bidder since they have nothing to lose, also it gives impression of shill bidding to the other bidders. I suggest a minimum post count of 50 to be able to bid here.
Sigh, I'll probably ask friedcat to require deposit for users <50 posts or something equivalent in future auctions. I'm trying to prevent shill/joy bidding here too - guess the state auctions have yet be in such situations then.  |
|
|
|
is it 50 more or change price to 1.041? Change price, of course. |
|
|
|
Sorry guys, I went to bed early so I could be awake when the auction ended.
Since these are real ASICMINER shares, upon receipt of the money, I'll PM friedcat to transfer the shares. Hes busy setting up more hardware in the farm, but the transfer should happen before next dividends.
Since I'm a founding member of the community and a mod of the forum, I think that sidesteps the need for the overhead of GPG signed contracts and escrow (if anything, people often come to me to handle their escrows).
I trust Diablo and will send first for my bid, if that means anything. Also, 50@1.041 |
|
|
|
Can you confirm that the server will NOT send the encrypted blob until 2FA is successful (assuming it is on of course)??
Also for clarity can you state how 2 level encryption could have possibly helped this scenario?
I cannot see how that is possible. Everything happens in the browser. So, I imagine, the encrypted blob must be sent to the browser once it visits the URL. Then what is the point of 2FA? In that scenario how does it protect you? You can't base the encryption off the 2FA value because it is ever changing. I also want to know exactly how this works. If the encrypted blob is just sent then all anyone ever needs to do is visit the wallet URL one time and they have your encrypted blob. I would assume that the process goes like this: a) ID and 2FA transmitted via plaintext (https of course), and the password is hashed before being transmitted. b) Server compares the three variables (ID, 2FA, PW), if either one does not match (even if the other 2 matches), the blob is not sent to the browser. c) Password at the local browser is used to decrypt the blob. |
|
|
|
i do not recall reading that someone cannot withdraw their bid in the OPs original post before the auction ends.
correct me if i am wrong.
if i am correct the person is well within his rights.
if the auction ended and he did not want to pay.. that is something else entirely.
so saying you will hand out scammer tags for such a thing is mighty hilarious when obvious scammers on this
forum never get one and operate to this day.
If you read my post correctly, I stated that I will start a thread in the scammer accusation subforum - not to hand out the tag directly. There is a lot of documentation and evidence collecting work to be done before a scammer tag is handed out. Please post at the relevant threads for that if you are unsatisfied with the scammer tagging process. Also, please read up on auctions - bids are normally considered as binding. There's a reason why the posts in this subforum cannot be deleted. I acknowledge that running such an auction without requiring a deposit is an error in itself as I underestimated how low people would go to. |
|
|
|
I wanna buy a ASIC rig, so If I can get a trustworthy escrow service-then by all means, I am down.
Just drop me a PM when you need this. I'm currently escrowing 2 different ASIC deals now. |
|
|
|
I was just wondering if someone could explain why the price of the ASICs is so high.
People are paying the same price as an avalon batch 3 for something that's only 1/6 of the power.
Also apparently BFL jalapenos will be shipping in the next couple of weeks which have half the hashing power but cost like 20-30x less.
Is it just that ASICMiner are the only company with Asics ready to go now (Avalon having sold out and BFL doing their usual).
Don't get me wrong, i'm only too pleased people are paying so much for the asics, the price of my ASICminer-PT stock has shot up. I'm just curious as to why
People are sick of waiting for their ASICS and having BFL stringing them along for so long. |
|
|
|
Courtesy recap of potential winners:
| delaria | BTC70 | | alexuk | BTC65 | | JHenderson | BTC63 | | JHenderson | BTC63 | | JHenderson | BTC63 | | marto74 | BTC62 | | BlackLilac | BTC62 | | LainZ | BTC62 | | otter | BTC62 | | bajanboost | BTC61 |
Time left: Timer removed. End time: 2013-04-19+16:00:00
|
|
|
|
where can i rent and asic miner if it's even possible?
if not, are there any services that offer mining for you instead?
thanks.
You'll have to pay much more than what the miners can earn. Does not make much sense to rent AFAIK... |
|
|
|
|
Can anyone post PM's/ posts by him as evidence for the scammer tag?
|
|
|
|
|
Show Posts
