Yes they were salted, no that's not gonna protect you if using a ridiculous insecure "pa$$w0rd". I fail to see how a hacker with access to the DB could have created the price bubble.

Yes. Low liquidity and a front loaded bitcoin distribution with a few very potent early adopters will do that. If don't like the ability of these people to crash the market at will, stay away from Bitcoin.

Maybe 2^128 harder, for a 128 bit static salt ? Therefore making the first two brutefoce attempts practically impossible ? Therefore requiring knowledge of the static salt stored in a source configuration file, in order to crack the hashes in the database ? Yes, that's precisely my point.

The blacksmith can hoard a sizable portion of the monetary base only if:
1. He is in a good market position; competition will quickly move to erode his advantage and he will spend profits to become more competitive, thus this situation is temporary
2. He has a monopoly from the town sheriff, a "patent" on blacksmithing, "intelectual property" on the design of horse shoes, owns the only iron mine etc.

Everybody that works hard and it's good as what they do should at least for a while have the right to be in situation 1. So the source of the apparent trouble is most likely no 2.  - a natural or artificial monopoly. There's no way to fix social injustice through monetary means. Even if you start the printing press, the owner of all iron or all land will still be extract inflationary money of everybody else, and use them to buy very stable assets in return.

So the question is, what do you want the blacksmith to own: papers and bits (money) or everything else ? Fudging with the money supply will not achieve social justice.

I say run the printing press just at the right rate to keep the rich man's stash stable. He'll accumulate allot of money, and we will be able to afford to buy things without being crowded out in the market. When he thinks about spending them and crashes the market therefore his own wealth, we'll move to some other fiat currency.

If you take the time to read my post carefully you will see I've acknowledged that the static part does not improve protection against brute force. It ensures that to even attempt brute force, the attacker must have read access to the source, not just the database. That's a different class of attack, a significant speed-bump for the attacker from a layered security perspective.


Edit:

This seems to be the source of our quarrel. You seem to imply that the static salt can be inferred without reading the source. For a static salt that has enough entropy (128 bit), that should be impossible. Since this is selected once by the website owner, the condition is easy to meet. For example the MD5 and SHA1 based crypt algorithms can use a salt of any length.

The salt should have a random part per user stored in the database and a static part per site stored in some include file.
The first part prevents massive parallelization, rainbow tables etc.
The second part keeps the password secure when only the database is leaked (ex. a SQL injection that does not escalate to code execution). In the case of MtGox it wouldn't have helped since the read-only account probably had source access too.

Extending this idea, email can be stored using reversible encryption. Thus a simple database leak is not sufficient to compromise all emails, you need local access to the source.

Yet spammer are doing it for years, and for decades before the internet. Maybe they don't realize how much are they loosing ?

Seriously, pump and dump works, it's about gaming the emotional response of the market. In a perfectly rational world the manipulator would have nothing to gain, but in the real world people are just to gregarious - it's in the genes. When everybody's fleeing it takes a very cool mind to chose reason over instinct.
That's because most of the time when we were evolving, the instinct was right: if every ape is running, then probably there's a lion just around the corner. The manipulators are just playing big-bad lion.

A web of trust crossed with a public blockchain in which traders announce their cash-transfer capabilities (Ex. PayPal, Bank, face2face near Lat. X, Long. Y etc.). All trades are instantaneous and recorded in the blockchain at the then current price. When it's time to cash out or deposit money, you use a client program that matches someone who needs cash with someone who wants to deposit cash. The primary distinction from Bitcoin-OTC is that the persons trading cash are not also exchanging bitcoins, each has it's own time and price at which the trade took/will take place.

When a match is found, the users exchange contact credentials encrypted with each other's private key and do the out-of-blockchain money swap. If the PayPal, face 2 face etc. swap was fine, the receiver of the money credits the giver in the blockchain and each is on his way. If not credited, the giver can publicly complain and reduce the receiver's rating. The system automatically computes ratings and updates the web of trust. Highly trusted individuals could ask for a premium for their services, so they are incentivized to stay honest. The bitcoin settlements are automated and the exchange chain refers to the bitcoin blockchain by requiring traders to prove their identity using the bitcoin wallet keys.

The system would also require trusted arbiters that hold the excess cash and bitcoins needed to provide liquidity to the market. These could be selected from the highest rating individuals.

Just a very rough draft, it probably has millions of flaws that scammers can abuse. But I wouldn't call it a pipe dream. Face 2 face traders would only announce themselves in friendly jurisdictions, otherwise law enforcement can quickly single out individuals with good history and take them out based on the proof of past transactions.

It seems it's the most profitable way to "mine", at least for this evening

The passwords before ID 3000 that were not changed are plain md5 hashes. Almost all are easily cracked. Example:
id: 642
name: shlax
hash: de434a6e3a01de06657454e07349535c
password: pretorian

The ones starting with $ are MD5 crypt passwords. The 1000 MD5 iterations add about 10 bits of apparent entropy, and the salts prevent parallelisation. If they are good, such passwords survive, but any less than 10 character alphanumeric password is in danger. Any all numeric under 20 digits, and all single case under 15 letters may be also in danger. If it's a dictionary word, forget it.

IMO there's no way to reopen MtGox without forcibly resetting the password on email and/or require proof of ID, coupled with a few weeks frozen accounts in which those who can't access the accounts can complain to support.

A good password stretching technique can go a long way to secure a short password. Reverting a 50 bit password hashed with SHA1 is trivial. Reverting the same password encrypted with 65.000 iterations of SHA1 (PKBDF2) for a total of 66 bits is much harder, feasible with GPU crackers. Reverting a 50 bit password stretched with a memory hard algorithm such as scrypt is probably not worthwhile for most any bitcoin wallet.

This is not a directly useful to the end-users, but I would hope the authors of wallet encryption will take notice.

What is the relevance of changing the algorithm (effectively, an alternate blockchain) in the context of ASICs for mining the current blockchain ? Are you implying you can anticipate such a change and future-proof your device ? You do know what "ASIC" means do you ?

I love that I'm simultaneously accused of making predictions that are both random and obvious
Yes the LargeCoin thing was announced, no they don't have anything to show for other than a Google spreadsheet. Not even a website. There's some controversy if the company that produces the first ASIC would sell it, it seems so damn profitable to seize the opportunity and become the top miner. Regardless if LCs become available for sale, I expect a huge difficulty rise in about 3 months - but only if the price stays over $10.

The part about 100:1 over a GPU is based on my technical insights and my day job, I've detailed the numbers in another thread:


I'm obviously estimating the orders of magnitude, not exact numbers.

Not as stupid as the mantra of the Bitcoin crowd: If the quantity of goods and services in the economy will grow by X%, then the value of the currency in relation to other currencies and goods will grow by X%.


Makeshift money are just goods. Money designed for the purpose of being money have infinite supply and are not controlled by politicians.

OP is not a troll, just wrong. Trolls seem to abound in 500+ posts category.

GPU miners have 100:1 gain over CPU, and ASICs have 100:1 over GPU. You need 10.000 CPUs to catch up to a single $50 ASIC, so it follows energy prices are not relevant, it's mostly best tech wins. Building a 100.000 or 1000.000 computer botnet is not free, and has a black market value higher than the equivalent ASIC mining. I predict ASICs will arrive in ~ 3 months if the price stays stable.

Here's an idea for a new currency: RIM stock ! It's nicely deflationary, can't be printed by the government, and it's backed by a thriving technology company. It's just like Bitcoin, only with dividends ! We'll call the new currency the RIM. The payment mechanism is 100% secure provided by the Stock Exchange, and in due time a portable device will be available to transfer rims for the average user. The device will be manufactured by RIM !
One caveat: don't be jealous on the early adopters that saw the great potential of rims early on. If you want your own rims, you have to work for them, you need a job that pays in rims (a rim job).

allinvain walks into a bar, and hooks up with a gorgeous blonde.
Next morning: "Hey, WHERE'S MY WALLET.DAT ??!!!!"


You have my permission to turn this into an Oscar nominated movie script. It has drama, love, betrayal, historical references and jews.

Will the preponderance of stupid people make all smart people kill themselves because it's all in vain ?

There's absolutely no need to mimic the GPU, which is after all an array of generic cores. All you need to implement high speed SHA2 circuits are basic elements: logic functions, adders and registers. A 1 cycle/hash fully unrolled SHA2 design is in the hundreds of Kgates, so a 1GHz, 10 million gates chip can pull at the very least 20GHash/sec, possibly even 50-100. A single chip could be equivalent to all of "newly minted idiot's" hardware and a rackfull would rival the whole current Bitcoin network.


Once one group has a working design and grabs most of the mining revenue, the entry barrier for a second ASIC miner is much higher, if the first aren't too greedy and reinvest most of the revenue. I don't know why the price would stay stable, it's a working scenario.


In my company a mask iteration costs about 1 million $, to fix some silly mistake. With design and all, we're talking about an investment of a few million. At current prices the monthly mining market is a few millions $, so there's no need for $100+ prices, just a few months of $10+ to get big players interested.

Using bitcoins is just about the same as using euros. What Greece is looking at right now is either:
1. Flip the finger to it's creditors, and restructure it's debt (read "default on it")
2. Monetize it's debt by printing drachmas
3. A combinations of the above

The failure of Greece if not a monetary fiasco, it's a fiscal, governmental and democratic fiasco.