Guys where is the 5000 BTC figure? If that is correct the only people making money out of this IPO is the Devs....
Who said about 5000 btc? Only bter added it as "cap". But i think it's impossible
|
|
|
Hey SyRenity, I'm about to invest some BTC, but first could you answer this question : Nevertheless from what I know about it is that it scales better, but it suffers when tasked to do mathematical equations etc. Considering that all digital currencies are based on cryptography which itself is extremely mathematical intense, wouldn't that hinder Crypti's ability to scale as Node.js just doesn't run mathematical tasks as quick as other languages. Node.js is very fast and can make calculations, but if you need more speed than nodejs you can write you module in C++ and connect it to node.js. Read this discussion for example: http://stackoverflow.com/questions/12195841/node-js-vs-c-for-mathematic
|
|
|
To be constructive, here is a simple proposal which includes 2FA for creating private key, run on the client:
result = hash('username', password'); private-key = hash(result, '2fa');
This way people can remember their details, and the overall length is high and hard to crack, whilst the resulting private key is as strong as whatever you choose for the hashing algorithm in terms of collissions.
If you want send private key via post over https to server.
Alternatively you can store the key locally using sessionStorage and sign transactions with it to send to server, then you can potentially use system as web wallet, as no keys ever leave the private device. Upgrade to RSA keys to fully encrypt instead of just sign.
Ok, username=test password=test var userpass = username + password; //testtest var hash = sha256(userpass); var keypair = keypair(hash); Good. But it's same that i will use as username = tes, as password=ttest var userpass = username + password; // testtest Same hash, same public and private key. About https, as i said, today we will add SSL.
|
|
|
You provide valid secretPhrase and you can send crypti okay I cannot help here. thank you - we will switch to post and ssl ASAP. Also, we are working to bring known security expert to do a security audit for Crypti.
|
|
|
The "third-party local program" argument is invalid because a malicious third party local program can read a passphrase input in to a web page also.
Input logging requires higher system rights than reading storage. And sometimes the attacker has remote access to the computer (through vnc or same) and if you have opened page and the password is stored in the browser - the money is taken away. Similar case has been described by one local forum. I understand that you have a huge IPO going on, but you owe it to those buying to ensure that their data is safe. This is your "authentication": http://crypti.me:6040/api/unlock?secretPhrase=lksdjfhsdkfjsdhfksdjfhsdkjfhsdkjfhksjdfhkjsdfhksdjfhaskdjfhksadjfhaskldfThat is SCARY that is not authentication, that is a passphrase being sent in plain text in an url, over plain http. I cannot stress how bad this is, I have never seen anything so insecure in my entire life. WTF? authentication isn't even used.. here view my balance: http://crypti.me:6040/api/getAllTransactions?accountId=15413165176907764021CYou need to do something about this now, people are buying with huge amounts of BTC!And yes, you can see balances of accounts. Blockexplorer too. But, we will add SSL today and move operations with secretPhrase to POST requests.
|
|
|
And we will hire security auditing soon, next 2 weeks.
|
|
|
I cannot stress how bad this is, I have never seen anything so insecure in my entire life.
Considering that the devs do not want to distribute a beta client before the official launch which is understandable... I believe it is best that we provide the checksum hash of our passphrase instead of having to retrieve our account number online... regardless of whether SSL will be available or not. SSL will be added today
|
|
|
What do you mean, what about the raised BTC in bter until now, is there any bonus? I have been following this thread and know it had started from the posts this morning.
30% bonus will be given for all investments raised today and tomorrow. How will I get the bonus if I buy on BTER? Yes.
|
|
|
The "third-party local program" argument is invalid because a malicious third party local program can read a passphrase input in to a web page also.
Input logging requires higher system rights than reading storage. And sometimes the attacker has remote access to the computer (through vnc or same) and if you have opened page and the password is stored in the browser - the money is taken away. Similar case has been described by one local forum. I understand that you have a huge IPO going on, but you owe it to those buying to ensure that their data is safe. This is your "authentication": http://crypti.me:6040/api/unlock?secretPhrase=lksdjfhsdkfjsdhfksdjfhsdkjfhsdkjfhksjdfhkjsdfhksdjfhaskdjfhksadjfhaskldfThat is SCARY that is not authentication, that is a passphrase being sent in plain text in an url, over plain http. I cannot stress how bad this is, I have never seen anything so insecure in my entire life. And? NXT had same. We can move to POST request. But how it add a lot of security?
|
|
|
devs, are you guys russian?
Not all.
|
|
|
1. You can't expect users to write 100+ characters each time they pay (authorising each transaction individually).
1. We can't, because in this way we need to store your passphrase in cookie browser. It's dangerous. Every transaction need sign. You can. Use localStorage in the browser, this is a reasonable solution which requires no usage of cookies. The passphrase is stored in the users local browser. You may want to wrap it so that a traditional username and password creates the key which is used as the passphrase. Use Public key cryptography for this. It is an existing proven approach, look at how ripple has implemented it. I wish for your users this had been discussed and asked before going live. Localstorage dangerous too, all you passphrases will be stored in your browser. Passphrase create public and private key. We can try to save passphrase in memory, then create something like session. But we need to see how far it is safe.
|
|
|
I tried beta web wallet. Seems to be working, incredibly fast and smooth. But with real transaction fees sending cryptsi will be much less fun questions: 1. You can't expect users to write 100+ characters each time they pay (authorising each transaction individually). 2. web wallet should be https 1. We can't, because in this way we need to store your passphrase in cookie browser. It's dangerous. Every transaction need sign. 2. Yes, we will add SSL today. 3. About fees read first post. Fees decreases with each increasing amounts volume
|
|
|
I'm aware of it, and you could actually try to do the same with Crypti code, once the Crypti node is released to download after the pre-sale ends. NXT is not obfuscated, Crypti and Qora is obfuscated on start. It's not same. NXT is open source in fact, others two - not. This is for clarity only. I am not against obfuscation. Source will be published in 3 month after release. Before it will be just js obfuscated code. Nxt was builded. JS can't be builded.
|
|
|
Code will be released in quarterly milestones, in order to give competitive advantage against clones (this actually how NXT did as well).
You not right about NXT. NXT code has not been obfuscated, in at least in December-February. I decompiled NXT, changed the code and launched its as own version of NXT for various experiments. NXT was in fact open-source. I have question about Crypti client. 1. Can you describe how difficult it is to run it? Can I run it in one click as bitcoin QT? Do I need to install any dependencies? Can I launch it using binary launcher? 2. What size of setup file? I remember that some users did not like the way the NXT launch (by jar file), they had some problems with it (for example with version of jre). 1. For Crypti you need Node.js, for NXT you need Java. 2. Yes, you will run it via one click and then open your browser with http://localhost:6040 for example. 3. In future we will provide binary launcher, now it's zip archive with bat/sh file to run. 4. Sources around 500 kb + modules around 2-5 mb.
|
|
|
Today will be update: - Ledger. - OpenSSL for wallet. - Fixes in UI.
Wait for news. We collect 55 BTC now, it's very good.
|
|
|
The bonus works for bter too?
As i know yes, but i need SyRenity to accept my answer too.
|
|
|
Will you provide a direct option to purchase CRYPTI without using the escrow services that require 1% fee ?
At this moment - no, but if a lot of guys want to send btc without escrow, we can provide address. Now I'm very suspicious. And? Just send to escrow or bter. We didn't announced address without escrow, but if a lot of guys don't want to use escrow, maybe we can add new wallet without escrow.
|
|
|
Step twoCreate a new Crypti wallet at: http://crypti.me:6040 NOTE: make sure to save or write down your password! Without the password, you won’t be able to access the wallet and your Crypti will be lost! Is there any chance we will be able to perform this step through a beta wallet locally? Wallet will be published only after pre-sale. But if you sent your passphrase ( test passphrase), i will install node for you (on Sunday, Monday) and send address of you wallet. What is the reasoning for only releasing wallet or code after the presale? What is the reasoning for giving bonus for early buying? I dont understand. Why cant we see what we investing in and why try to force people to invest early without this knowledge? 1. Wallet working online: http://crypti.me:6040. 2. Because it's interesting, rivalry, and first buyers usually our first adepts and we want to reward them 3. We will post ledger, you will see how much guys sent.
|
|
|
|