Why do you need to use the non-Bitcoin key for anything?
Why not just sign a message declaring your name, email, etc, using your Bitcoin private key, then hash160 that msg+signature, and send 0.0001 BTC to it using the blockchain as a timestamp server? The inclusion into a block is all that is needed for timestamping, and it still can't be produced by anyone except for the owner of the Bitcoin address.
It is a 2 part protection, because it allows you to be identified as the owner even after the key is compromised. Certainly, you can sign messages to that effect prior to a compromise, but after that no message can be trusted. That last part (running a hash160 on it and sending a satoshi to it) was the part that could replace the timestamp server given in the example. |
|
|
|
How do you intend to prove that you didn't deliberately give someone the private key? Private keys have become a form of payment in their own right; for example, you can provide one to MtGox to fund your account. A key isn't necessarily "stolen" just because you had it first, and now someone else also has it.
So far as the bitcoin system is concerned, possession of the private key is ownership. The damage is in the unauthorized access to your computer, and for that you need to show that the key was copied without your consent.
That is where the RSA/PGP/GPG/etc key comes in. If you for some reason wanted to give a private key to someone (why?) you could create a message with your signing key to say that it was authorized. |
|
|
|
This could have been avoided by not using the standard bitcoind rpc interface. If you have your own custom interface in between you can add large amounts of security measures such as withdraw verification and grace time. The hacker will also not be able to look up how your interface works by going to Google.
How do you know? From what we have heard, it has nothing whatsoever to do with the cracking that took place. Or do you have some inside info? 18,000 BTC was withdrawn. If you had a custom interface you could make it piss red flags when it sees a transaction with such a large amount. When someone steals the actual keys, there is nothing you can do about that. |
|
|
|
lame comment is lame
 In other words, you sir are a fool. |
|
|
|
However, what makes you assume that if someone loses a private key from a wallet, they won't also lose the private key used for signing the private keys from a wallet?
Those keys are the same thing. But what this does is make it so that you can prove that you had control of that key first, otherwise the hacker could claim that he did, and there would be no proof in either direction. |
|
|
|
This could have been avoided by not using the standard bitcoind rpc interface. If you have your own custom interface in between you can add large amounts of security measures such as withdraw verification and grace time. The hacker will also not be able to look up how your interface works by going to Google.
How do you know? From what we have heard, it has nothing whatsoever to do with the cracking that took place. Or do you have some inside info? |
|
|
|
I am getting this message when I try to PM: You have exceeded the limit of 10 personal messages per hour. Do I need to become a donator to get rid of this limitation? I wanted to be a donator anyway, so if there are instructions on how to do that, let me know. If I could have the restriction removed otherwise that'd be handy because I do most of my debt collection work via PM. Thanks! Even the admins and mods are subject to that limit. Sorry. |
|
|
|
As a reminder, you don't have to use a "trusted" timestamp server. Instead, you could totally just use the single most powerful, decentralized, and provably unchangeable timestamp system on the planet. Given the name of this forum, I shouldn't have to tell you what that is...  Heh, I should have thought of that. I guess the final bit of the puzzle is how to make it very easy. |
|
|
|
For all that money bitcoinica could have rented dedicated servers and admins.
Or they could have hired some programmers to write multi-sig software.
Apparently, they made 50 k USD per month as profit. They should easily be able to reimburse with a couple of months of their profit. And I agree, if they don't reimburse, it is their end. Can you please stop coloring all your post text, it is extremely annoying. |
|
|
|
So username is my wallet?
I'm considering mining on this pool with cgminer, seems like the website is down so I'll try later.
It's up for me... |
|
|
|
Taken from http://GLBSE.comGLBSE is under very heavy load
We're aware of the recent break-in at Bitcoinica and believe that GLBSE is also being targeted
We've taken GLBSE offline, including our very small hotwallet(and every bitCent is accounted for), and are taking steps to further secure our system.
We've been operating for over a year without any security incidents.
While you wait, have some fun. "fun" links to gblse.com lol |
|
|
|
How many FPGAs are 'some'?
While you could produce a pcb artwork using open source tools you probably will produce one or two boards ($100 each) for testing before producing a (small) series which is quite costly. Then you need a ful version of quartus(42500) to produce the bitstream. Then you need someone whos assemles the boards for you which isn't (as far i know) so trivial due to high ball count and the 'heavy' metal heat spreader.
5 of them. This may have been a mistake, but that's alright. What I really need is a PCB design. I've read all the specs for these and I really don't have the technical capabilities to design the PCB. I just just don't know what a platform for mining really requires with regards to components. Can someone help me out with that? Eheh, damn. I was hoping you came across a truckload for $200 each, because you could sell out quick. Oh well. |
|
|
|
Hahahaha, bitcoinica.com has an A record pointing to 50.56.4.62. That's meatspin.
Like minutes ago I nslookup'edit and it was 69.50.131.117. Now when you visit that IP, it just says "Nothing to see" |
|
|
|
Warning message disappeared, but now I see balance 0 BTC and payment still not received!
You got banned. True adsense style, but without the automated warning email lol So can I ban all customers by clicking the fuck out of all the bitcoinadvertisers links with a few proxies?  |
|
|
|
Also, why is bitcoinica redirecting to meatspin? WTF Z, you have a lousy sense of humour  Wait what? I don't see this happening. |
|
|
|
Calling Bitcoinica a scam after they get robbed is like calling a woman a whore after getting raped. Have some class, and contribute something positive to the problem instead of busting out the S word just because something went wrong.
More like a bank that left their vault doors open and is now pondering over whether or not they should refund customers. I got the tag for refusing to refund - Bitcoinica/zhoutong/genjix should as well. Who says they are refusing anything? I assume there is a lot of postmortem cleanup going on FIRST to prevent other errors. |
|
|
|
I know the new version is "faster" to shut down, but how much faster should I expect it to be? I haven't really timed it, but the old version seemed to take between 30 sec and 1 min to shut down completely.
It depends on what caused the slowdown. While not syncing the chain, with no caches to write at shutdown, I often get shutdowns close to a second or less now. During chain download, it can be significantly more. Just during normal operation. I always figured it was doing some kind of shutdown sync, but that didn't really make sense because of my fast SSD and stuff. But the new version does shut down within 0.5 seconds for me now. |
|
|
|
Who said the server was hacked?
That is interesting if true. Wonder how that got out.
Zhoutong. (By hacked, meaning that the password was compromised and it was accessed). Yes, but was it the server password, the Bitcoinica administration password, the Rackspace management console password? He wasn't clear, that's true. Presumably the RS admin console password was retrieved via an email reset, allowing the cracker to then reset the root password on the cluster machines and then log in and fuck things up. |
|
|
|
I would like a USB enabled ring with both Yubikey and encrypted wallet.dat storage capabilities. Go.
Although I can't quite provide what you are looking for, have a peek at what Yubico just recently released. It is called the Yubikey Nano, and it is very awesome: http://www.yubico.com/yubikey-nano$40 bucks each though.  |
|
|
|
|
Show Posts
