I was just reading an article on Forbes.com describing how with the black market for dollars in Venezuela, traders refer to the bills as "green lettuce”, “fresh avocado” or “your Benjamins” instead of "dollars". "It’s best not to talk about it at all – the government is likely to take a dim view" is was how the reporter phrased it. "The bolivar has weakened by 6.4 per cent this year to 9.23 to the dollar, hitting a record low on June 5 when it sunk to 9.27." - http://blogs.ft.com/beyond-brics/2012/06/07/venezuelas-dollar-crunchAnother article, this one from Bloomberg, on the situation: Venezuelans buy dollars on the black market either by exchanging cash or sending a transfer to banks outside the country. While this is illegal and can lead to imprisonment, people find ways to sidestep the controls, Segura said.
“Where there’s a will, there’s a way,” Segura said. - http://www.bloomberg.com/news/2012-06-07/chavez-losing-out-to-benjamin-as-venezuela-seek-dollar.htmlSo, let's say the government of Venezuela or of any other judisdiction takes a "dim view" of bitcoin as well. Will you give your dollars for some of that GPU Nectar? Or will you perhaps be feeding your family from the proceeds of your golden carrots? Nah, those names suck. Can anyone come up with some good code names that could be used? |
|
|
|
From the Yubico blog: Clarifications about YubiKey system security
2012-06-07
by jas4711
Recently, there was a discussion on the Bitcoin forum about the security of the YubiKey system.
As we understand the claimed problem, it is said that there would be a chance of about 1 in 65.000 to guess a valid OTP from a YubiKey. This would indeed be a very serious problem. We have verified that in the two current implementations supported by Yubico, the probability to correctly guess a valid OTP is less than 1 in 10.000.000.000.000.000.000. Considering the fact that guessing would have to be done over a network, and the latency involved in OTP validation, this is not a feasible attack. Based on what we have learned so far (see details below) we do not believe there is cause for actions for any of our customers or users.
Yubico invites further analysis of our solutions as it builds up confidence in them. We will update this blog entry as new information is available.
The vulnerability that has been described is that it is possible to create fake OTPs by trying OTPs until one of them succeed, and that this for some reason this will work with non-negligible probability. Before we proceed, we want to note that similar attacks is possible with any OTP or even password scheme, attackers can always try authentication many times. For example, with 6-digit OATH TOTP there is a 1 in a 1.000.000 probability to guess the current OTP for a particular user. We’d also like to note that nothing so far has even suggested that the AES key can be recovered.
The YubiKey algorithm is documented in the YubiKey Manual. Section 2 covers the basic steps, where a byte string is prepared and encrypted using AES in ECB mode and converted to a series of characters. Section 6 explains the details of the byte string. For more in depth discussion about security properties, see our YubiKey Security Evaluation.
The claim that has been made is that if you attempt random OTPs, validation of them would succeed with non-negligible probability. To protect against this attack, the YubiKey technology employ a couple of mechanisms. In typical scenarios, the Yubikey OTP is sent from a client to a centralized server for validation. The validation server will decrypt the OTP ciphertext to get a plaintext. Since AES in ECB mode is used, decryption will always succeed, for all random inputs. The next step is to validate the 48-bit private ID field and the 16-bit CRC value. For random inputs, the probability for the fields to match is one in 2^(48+16)=2^64. This is less than 1 in a 10.000.000.000.000.000.000. We believe this makes the attack unlikely to work in practical scenarios, since attackers rarely get a chance to attempt this many authentications. Note again that there is no risk that the 128-bit AES key is discovered this way. We are aware that CRC-16 is not cryptographic secure hash value, and this is intentional and the security of the YubiKey is not dependent on any cryptographic properties of the CRC-16 function.
The claim has been that validation software does not compare the 48-bit private ID field, turning the likelyhood of success into 1 in 2^16 or 1 in 65.536. This would be serious, but we have been unable to confirm this. Because Yubico’s server-side software is Free and Open Source (FOSS) we can provide pointers to the code and the relevant code is here for anyone to analyze. As you can see, it compares the internal identity with what is stored in the database. For the YubiCloud service Yubico employes hardware-based YubiHSMs to perform the decryption, as does several of our customers, which uses the python-pyhsm server software — however, in that scenario, the YubiHSM is responsible for performing the UID comparison. We have verified that the YubiHSM properly implement the comparison.
Finally, we’d also like to note that if a server implementation incorrectly did not perform the 48-bits internal ID comparison correctly, an attack normally result in a Denial-of-Service against the user’s YubiKey. This is because with random OTPs, the counter values will normally be far higher than what the YubiKey device has, and thus any real OTP from the YubiKey device will no longer work. - http://status.yubico.com/2012/06/07/clarifications-about-yubikey-system-security |
|
|
|
Are you using a client that lets you spend coins on 0/unconfirmed? (e.g., Blockchain.info/wallet?) Anyway, the problem is the coins that are used in that transaction themselves had not confirmed. So, it will eventually get sorted out -- probably by SatoshiDICE re-creating payout transactions. As a result, the transaction you see will probably never confirm, you'll get a new payout transaction. That could take a full day for them to do that. |
|
|
|
My Wallet in Blockchain.info can be used offline to do this. The code that does this is in Javascript. You do need to have logged into the wallet in the browser previously, but from that browser wallet, the transaction can be performed offline. - http://blockchain.info/walletThe transaction then can be transported and used with their pushtrx page (or with RowIT's Bitsend) The instructions are: "To complete the transaction open one of these pages blockchain.info/pushtx or bitsend.rowit.co.uk. Copy and paste the text below into the textarea and press submit to complete the transaction." And the links are to: - http://blockchain.info/pushtx - http://bitsend.rowit.co.ukArmory has instructions how this is done with their client as well: - http://bitcoinarmory.com/index.php/using-offline-wallets-in-armory |
|
|
|
Received a $100 Visa Vanilla prepaid gift card as a birthday present, would like to exchange for BTC. Offers?
If you can't find a trade here, there's always Get-Bitcoin which takes prepaid credit cards: - http://www.Get-Bitcoin.com |
|
|
|
I'd like to know how much bandwidth does btc mining take up? is it in the hundreds of megabytes?
About 100MB / day. You could do it on dailup if needed. Latency is more important though, so a 3G connection would be bad, wi-fi even may give a disadvantage. |
|
|
|
The fact that a company would take that stance is proof enough that they can't be trusted with personal information. Honest companies don't act in that way.
They posted and communicated their Dwolla AML (need photo id to use Dwolla) policy. Ya, it sucks, sorry you weren't aware of it. In addition, the Mt. Gox terms of service say they can require ID at any time for any reason. But they aren't going too change because there is a lot of whining on the BitcoinTalk forum. There are several other exchanges which can be used nearly as easily as Mt. Gox. Next time you want to send funds to an exchange, don't make the same mistake, ok? |
|
|
|
- Openness: The bitcoin project itself is open souce. The protocol and the code is open to public scrutiny and analysis.
Though this one point about openness wouldn't mean much without the others, the others wouldn't mean much without openness. Mass collaboration plus open systems changes everything. Six years ago Don Tapscott pointed this out in Wikinomics, where mass collaboration was "changing the way businesses communicate, create value, and compete in the new global marketplace". While Square, which was formed after bitcoin had already been started, has amassed a hundred million dollar warchest to build and operate its payment system, it does not benefit from the community plugging away at improving their system the way that Bitcoin has. When PayPal became a Square competitor, Square's efforts are only for the benefit of Square. PayPal's efforts are only for the benefit of PayPal. With Bitcoin, ... we are all building these things together. We are all collaborating in the Bitcoin ecosystem. There are tens of thousands of stakeholders in bitcoin. There is either no barrier to entry or a low barrier, depending on the topic. Look at some of the innovations arriving in the past few months. Lots of improvements to the Bitcoin.org software and other clients. Then Coinapult's SMS wallet -- bitcoin's version of M-Pesa (for U.S. and Canada only, for now). And the multiple new bitcoin sellers and cash-out services. And SatoshiDICE (see how large Mem's List has gotten http://bitcointalk.org/index.php?topic=75883.0 ). Look what is happening on mobile, with Paytunia and the others ( http://en.bitcoin.it/wiki/Category:Mobile ). And also GLBSE (v2) ... just like how "crowdfunding" broke the mold and became signficant, this "cyber-equities" is a whole 'nother category for the financial world to discover. I could go on and on, These aren't being built on venture capital, or necessarily a whole lot of angel / seed money. The innovation is coming from individuals, sometimes very young (e.g., Zhou tong/Bitcoinica, Forrest Voight/P2Pool), sometimes very skilled, technical, disciplined and dedicated (e.g., DeathAndTaxes, Cypherdoc, and the developers of clients including those listed on http://bitcoin.org/about.html ) and others just happened into this after trying something new. But not a one of these is taking marching orders from the Bitcoin strategy and central planning organization (because there is none). It is a self organizing, living, thriving, meritocratic ecosystem forming. This is not much unlike what the web looked like roughly 20 years ago. Bitcoin's ecosystem can evolve and progress even faster than the web did though. Bitcoin is not only universal (the data is usable, no matter what language, location, time zone, etc.) it gets stronger with each additional bit of involvement as well. The network effect will start to have a greater impact on the number of bitcoin-related goods and services in the Bitcoin ecosystem. This doesn't happen on such a large scale without the combination of mass, global collaboration using an open system. |
|
|
|
But every other thread about MTGOX is - liquidity problems - people wait for transfers... so things does not add up... ~$4M on balance and no withdrawals.
No withdrwawals? There are lots of funds being withdrawn near the normal schedules. (SEPA withdrawals, 2-3 day, for instance, I'm told). But your general point makes sense. |
|
|
|
My dad is blocking bitcoin related websites. WHY??
Maybe he doesn't know about BitcoinTalk.org forum. Maybe you can post there? |
|
|
|
I don't think FinCEN has produced any written declaration on Bitcoin but TangibleCryptography LLC has asked for an administrative ruling on the "Application of the Money Services Business Rule to a Company that Issues Prepaid Access to Digital Assets".
Their response will be interesting. Because instead of acquiring bitcoin with the expectation that it has no value unless it is converted back to fiat, it really isn't a prepayment of value. It is instead just a purchase, just like if I were buying bananas. If I buy bananas at the store to trade them with you for whatever you are selling then there's no prepayment of value. The seller of the bananas to me is not asserting that those bananas will have any value. |
|
|
|
I would keep everything in Bitcoins when running the site.
Remember, Bitcoins isn't real money, it's not even backed by any government!
By keeping everything in Bitcoins, there is technically no money for them to seize. Let the players figure out how to convert it.
You can store them in such a way where if you do get busted you can still have a third party honor all of your players withdrawals.
The only way you will get busted is if you get pretty big and actually start making out pretty good, once that becomes the case you will also be in a better position to defend yourself, especially if your resources can’t be illegally confiscated.
Not only that, but the US government is basically going to have to make the argument that gambling with fake money is somehow illegal, and if that's the case, well, they better go after all of those online MMORPG's that have ways players can gamble fake money. You might want to add a disclaimer that these are your opinions. I will add the disclaimer that this probably isn't very good advice. I will also add that SatoshiDICE does not use the web for its gambling platform. I can play SatoshiDICE without ever touching their web site or connecting to their servers. Because of Bitcoin's architecture, it is not technically possible for SatoshiDICE to detect where I am wagering from. |
|
|
|
Maybe a person doesn't really want to meet up with a stranger to exchange cash for bitcoins or vice-versa. If there were a local courier service, the buyer could give the courier cash, the courier delivers it to the seller, and the seller sends the bitcoins to the buyer. HipSwap enables this (only in L.A. or New York City so far). So the LocalBitcoins.com listing could describe how to to start the process. Here's a post on HipSwap: - http://bitcointalk.org/index.php?topic=74912.0 |
|
|
|
|
Show Posts
