|
You don't have forward the port to connect to other nodes.
|
|
|
|
Last edit: 23.05.2014You first have to trust a person, before you can trust this persons list, but anyways: successful trades so far: (this means there has been at least one trade with these people, it does NOT mean, you can trust these people blindly) Users: Sites: MD5-hashes of PayPal email adresses: - 2202d3ed20d9986cb50a9f09588286d4
- 27a03dee52adfccbf826c7f23d50a565
- 50524068d1acf5fed516a40f78a8f9df
- 5454fd104410683de72d5b5841379686
- 55369789466d7e1efaf7ad80e6cfeebe
- 574fce66f2d632d9b2a58131617372da
- 6c7bc5fffa5f2cc9262b00d626231d82
- c8d7a8bfcca7e634c4faacea5e4f00ce
- c975ee5caca381c16bddaaf34ff434b5
- d84842b0d6523c40ef4d73531b9b7e6c
- eafe4c42739d9c906ec595c761ad2059
- eec1e9c2298a2f85a24649f3fb381348
- f1c923621eaebb843b44e18b8f2b0b43
- fd065bad1afc67c2ae772051f31ba331
If someone does not want to be on this publicly available list, pls pm me and I will remove your name from it.
|
|
|
|
that's not really what I'm afraid of, but thats an issue too.
hmm, but still, in theory, it would be possible for someone with physical access to your RAM to read my password, wouldn't it ?
If an attacker had that much access, he could modify the login page to remove the password-hashing JavaScript. But than you make a change in the system. That can be suspicious. If you're just reading it from the RAM and using it, nobody will know. |
|
|
|
|
Not sure whether I want to donate to a site which is overflowing with ads.
|
|
|
|
|
the ip addresses aren't for trading purposes, only for staying in connection with the network.
|
|
|
|
afaik you can get the transaction fees even if you are not generating coins at all. Nope. You only get them when you publish a block. It's added to the 50 BTC created from nothing. oic |
|
|
|
|
that's not really what I'm afraid of, but thats an issue too.
hmm, but still, in theory, it would be possible for someone with physical access to your RAM to read my password, wouldn't it ?
|
|
|
|
|
afaik you can get the transaction fees even if you are not generating coins at all.
|
|
|
|
|
iOpus seems like a normal VPN provider, thats totally different from services like tor or i2p
|
|
|
|
It should work:
Browser -> send to server (pref SSL encrypted) -> server receives and directs to script -> script hashes (adding salt, pref static + dynamic) and saves to db or verifies from db This is exactly what I'm doing.  Maybe I'm, just too paranoid, but I think everyone who has physical access to the server on which your site is hosted can read my password out of the RAM if you only hash it once you receive it. and if he/she has my login data he could act as me and legally withdraw the funds in my mtgox account. why not just hash it before encrypting and sending it ?EDIT 2014-02-27:See this post https://bitcointalk.org/index.php?topic=444.msg3876#msg3876 |
|
|
|
|
when you modulo-devide it trough 50, the rest could be from transaction fee, he's running ~1000 instances (or at least cores) of bitcoin, so the probability of him getting transaction fees is very high.
|
|
|
|
|
I recommend using the torrent.
(Watch my sig)
|
|
|
|
Do I need to deinstall it before 0.3.2 installation? No, you don't. What about my bitcoins I already generated? Do I need to backup them and restore after installation? No, you don't, but it's always good to make a backup. |
|
|
|
|
it could be transaction fees.
|
|
|
|
SmokeTooMuch: Almost all sites do it this way. Are you worried that I personally will learn your password? You can just set your "password" to be the hash of your password if you are really worried.
(or use a different one for mtgox)
this won't prevent you from stealing your users cash and btc. pls correct me if i'm wrong.
and i say it again, i want you to delete my account and all associated data.
maybe i will re-register later, but for now i decided to not using your service.
sry for making you such a hard start into business, but it's 5 am here and i'm a bit stressed out.
will go to sleep now.See this post https://bitcointalk.org/index.php?topic=444.msg3876#msg3876 |
|
|
|
so how does it work ?
password --->encryption (ssl) ---> your site/server && decryption ---> hashing ---> saving/checking hash in db ?
as long as you receive the password unencrypted, it's just not an option for meEDIT 2014-02-27:See this post https://bitcointalk.org/index.php?topic=444.msg3876#msg3876 |
|
|
|
You can't use unhashed passwords at a site, that deals with money. That's just one big mistake you just can't make if you want to make such a thing. What if someone hacks your database ? He could steal the money and BTC funded in all your users accounts.SmokeTooMuch: It is a post over https. It is secure. I'll PM you about the login issue if that is ok. maybe the transmission is secured, but what's with your database ? Since you don't transmit hashes I guess the passwords get stored in clear text.EDIT 2014-02-27:See this post https://bitcointalk.org/index.php?topic=444.msg3876#msg3876 |
|
|
|
|
Show Posts
