|
Yeah, the /q pages are there for the benefit of automated services, so feel free to use them. Please use the caching features of that page where possible, though (HTTP ETag and the "block stop point"), and don't refresh data more than every few minutes.
|
|
|
|
|
Yeah, I'd guess isolation. Unless the network really did produce no other blocks in that timespan.
|
|
|
|
So, basically, in terms of "confirmation values", confirmations that are longer are more valuable in situations where an attacker has exceeded 51% (The "match the network" part) and is about to retroactively edit past blocks ?
It also works for attackers that have less than 50%. I gave average values. It's possible for an attacker to get lucky and solve enough blocks to match the network even with less than 50%. I don't think there's any advantage to longer confirmations if the attacker is only trying to maintain control and is not replacing historical blocks. |
|
|
|
Does this mean the Church of Scientology knows about bitcoin and wants to push out their own version; complete with celebrity endorsement?
I wouldn't be surprised if the Church of Scientology does use Bitcoin some day. LRH hated governments, so he probably would have loved Bitcoin. One of the questions on the whole-track security check is, "Have you ever debased a nation's currency?"  |
|
|
|
|
Maybe someone with a better knowledge of probability will prove me wrong, but this is my understanding:
To replace 6 blocks, you need to make the same number of blocks that the network makes over a period of time and then re-do the blocks you want to replace. So currently with Bitcoin it'd be 12.5 Thash/s to match the network plus a fixed (7,500,000,000,000,000 * 6) hashes to replace the last 6 blocks.
If Bitcoin had a larger block interval, you'd have the same 12.5 Thash/s to match the network, but replacing the last blocks would take many more hashes. So confirmations would represent more work and be somewhat more valuable.
|
|
|
|
You can only hash one user at a time if you operate under the constraints you've outlined.
Right. Because there's a salt, so rainbow table attacks are prevented. You said: Gat3way detailed it fairly well, which explains why salts (when properly implemented) offer some protection against bruteforcing and, as you correctly stated, rainbow tables. However, a properly implemented salt system increases the compute requirement for bruceforcing dramatically, slowing own the bruteforce by a factor inversely proportional to the complexity of the salt. So you're saying that salts are helpful against attacks that do not use rainbow-table-like attacks. That is, you're saying that an attacker trying to reverse a single hash without looking at other hashes (a brute-force attack as opposed to a rainbow table attack) is worse off when there is a known salt present. This is false. In almost all password systems, salts are less than 32 characters, which does not make brute-forcing of a single hash any slower. If you're trying to slow down brute-forcing, you typically increase the number of hash iterations, which doesn't require you to store more data. |
|
|
|
|
I just received a handful of these. They're pretty cool. I'm going to give one to each of my nieces and nephews.
|
|
|
|
However, a properly implemented salt system increases the compute requirement for bruceforcing dramatically, slowing own the bruteforce by a factor inversely proportional to the complexity of the salt. (I think that's how the formula works out, but in any case, it does indeed offer protection against brute force attacks.)
No, it doesn't. The attacker always has the salt, so he doesn't need to bruteforce that, and hashing differently-sized data has no difference in speed when both sizes take up the same number of hash blocks. All password+salt strings under 512 bits take the same amount of time to compute with SHA-1. Gat3way described how you can create rainbow tables for password sets when you don't use unique salts for each password. |
|
|
|
|
78 days, 1 hours and 27 minutes
~10 more days online and I'll overtake Kiba as #1!
|
|
|
|
|
Solo miners and pool servers, which need all unspent transactions, will probably eventually figure out some system of downloading only unspent transactions. A list of spent transactions will become "common knowledge", perhaps.
Clients are expected to mostly use headers-only mode, which is safe as long as an attacker doesn't have >50% of the network. Clients could also rely on the network only to verify spends of very old transactions, and verify new blocks themselves.
If it really becomes a serious problem, it's possible for >50% of the network to implement something like demurrage in a backward-compatible way, which would allow the network to forget really old transactions, even if they are unspent.
|
|
|
|
I do however don't think that using the username as a salt helps scince the attacker would already know that the forum is salted with usernames..so wouldn't they just point their brutforcing problem to query for the username first before the bruteforce attempt?
Salt offers no protection at all from bruteforcing. It is only used to prevent attackers from using rainbow tables. |
|
|
|
|
In English, it is acceptable to use "masculine" words when the gender of the person is unknown. This is often the best stylistic choice. For example, it is better to say "he" than "they" when talking about a single person with unknown gender.
|
|
|
|
|
The best communities (Wikipedia in its early days, 4chan's non-/b/ boards, etc.) make it very easy for people to "drive-by contribute". I would like to allow this as much as possible, so I do not want a required fee. (Obviously the newbies board is not optimal for this. I've always planned to remove it.)
|
|
|
|
|
Transactions are not guaranteed to be free.
|
|
|
|
|
I've seen it a few times on this forum, though I posted this topic after reading it used (in the simplest, most stupid form) in a highly-rated comment on Reddit's Libertarian section.
|
|
|
|
No offence, but I have no idea what you are talking about. What situation? Your original post was about the quote angering you; you didn't even mention a situation.
Any situation. As I mentioned, people usually just write the quote and then imply that they're bound to win because it's possible to place themselves somewhere within the sequence. You need to prove it. It would be valid to use the quote and then explicitly draw parallels between your situation and Gandhi's situation. But I've never seen anyone do this, and I wouldn't do it because the quote is still a cliché. |
|
|
|
|
Show Posts
