The user's question was about AES but key strengthening can be used to make your brute force example infeasible.

Lets use the example of 1 hour on a high end rig to brute force all 8 digit passwords using a SINGLE SHA-256 hash.
Using a Key derivative function one could make the stored hash (or key for AES) not the output of a SINGLE SHA-256 but the output of 50,000 SHA-256 hashes.  At that point (if we use your 1 hour example) the cost is now 50,000 hours or say 6 month using 10 high end rigs (40+ GPUs).

The TL/DR I added sums it up better

The issue with AES-256 isn't in brute forcing strong passwords.  If you password is strong (not on any dictionary, longer than 8 char, mixed symbols, uses a large random salt) it can't be bruted forced at any reasonable cost.  If it is 12+ char includes all 4 symbol classes or simply is a random string it can't be brute forced at any cost.

The issue with AES-256 is it is a very faster cipher.  For weak (or marginal) passwords it can be bruted forced.  How complex of a password is vulnerable depends on the resources available to the attacker and how long they are willing to to wait.  

So if we consider a weak password to be one that (at least in theory) could be compromised by a dictionary, modified dictionary, or brute force attack using a computing on the magnitude available:
1) anything found in a standard dictionary or leaked/common password list (various lists usually in the tens of millions of pwd range).
2) anything with less than 8 characters.
3) anything all lower case with less than 10 characters.
4) anything not encrypted using 64bit or larger salt.
5) anything which has less than 3 substitutions from something listed above (p@ssword! vs password)

The reality is end users likely don't know if their password is strong or not. So developers should prevent users from hurting themselves.  As a developer you can implement a large salt and could require a minimum of 8 characters (don't impose special char requirements).  At that point brute force and precomputation are off the table; so the largest risk comes from dictionary or modified dictionary attacks.  There are lists of millions of previously compromised passwords.  If the password used is on one of those lists it can be found in a matter of minutes.  If you are paranoid about your user's security you could check their password against a list of known compromised passwords.  An alternative would be for someone to develop a webservice which took a hash (HMAC) or all known/weak/compromised passwords.  Users could send a HMAC hash of their potential password and get a "known" or "good" response.  

One further step you could take is key stretching using a key derivative function. The bitcoin wallet does this.  Rather than simply use the passphrase it takes multiple iterative hashes of the password (generally thousands of tens of thousands).   So instead of key = passphrase it is key = SHA256(SHA256(SHA256(passphrase))). This increases the length of time necessary to try one key and thus reduces the throughput of the attacker.   Understand that if user's password is very weak (under 6 char or on a dictionary list) this is unlikely to help because even 2000x a 1 sec search is unlikely to stop an attacker.  

The key stretching function (hash) used by the wallet is SHA-256 which is well optimized due to this thing called mining.  Security could be enhanced by replacing the key strengthening function with another one (say bcrypt of even PBKDF2 using SHA-512 or RIPEMD).

http://en.wikipedia.org/wiki/Key_derivation_function
http://en.wikipedia.org/wiki/Key_stretching
http://en.wikipedia.org/wiki/PBKDF2
http://en.wikipedia.org/wiki/Bcrypt

TL/DR:
It depends. Using a combination of:
a) require at least 8 digits (makes brute force prohibitively expensive)
b) use a large (64bit+) random salt (prevents precomputation attacks)
c) check password against known/compromised password list that hackers are likely to be using (prevent quick dictionary based attacks)
d) use key strengthening (reduces the attackers throughput by a couple orders of magnitude).
e) use an algorithm other than SHA-256 in the KDF to prevent "re-use" or mining research

Yes and no.

Technically if you absolutely know there are no further spends after block X then you could submit a valid transaction as long as you are synced up to block X.  The problem is that if after block X (say at block Y) you made a transaction and then restored from an older backup the client would be unaware those unspent outputs are now spent until it processes blocks up to and including Y.  That means that if you sent a transaction prior to syncing up to block Y it potentially could be a double spend and be seen as invalid.

As a result the Satoshi/reference client won't send until it is synced.  You could patch/fork it to override that safety feature and the transactions would be seen as valid by the network as long as the outputs chosen weren't involved in a future block and unknown to the client because its history is incomplete.

Low self-esteem scammers? Don't have the confidence to steal $500 so they try for $20.

or

Multitasking scammers? Make 100 sockpuppet accounts steal $10 using each and you got a cool grand.

9% would likely be fine but you chargebacks are probably going to be in the 20% to 30% range.  If you get unlucky and some organized crime picks up on your operation you could see a situation where essentially 100% of orders over a period of time are fraudulent.

  Bitcoin didn't steal your money.  Do you also hate the USD now? 

Nothing lawful works.  GreenDot will only intervene in documented cases of theft/robbery (i.e. someone puts a gun in your face and takes your moneypak) or failure of their system (i.e. you buy a MP, try to use the code and it was already used).

Note for those accepting MP they still aren't 100% scamproof as the person sending you the MP could claim they were robbed or the MP was hacked.  Having them write your name on the receipt and email it to you makes those stories less plausible.

IIRC those cards (and many other prepaid cards) are limited in that you can ACH funds in but can't ACH funds out.  No technical reason it can't work both ways but the prepaid card companies want the money to only flow in (so they can rack up the fees both from the user and merchants).

The 0.00000001 is from a different transaction (notice it comes from 1dice5ww....).  You lost.  The 0.00000001 lets you know you lost.

The 0.034 is your bet being returned (not a win or loss).  It likely was over the maximum allowed bet for that option.

For those freaking out about instant account verification ... PayPal has used it for over a decade now and Amazon payments does the same thing now.  The reality is that 99.9% (likely short one or two nines) of consumers have an attention span of about two minutes.  The verify by deposit and wait 3-5 business days results in profiles that are never completed.

It isn't some insane conspiracy.  If you want instant access you give up private info, if you don't you wait for the deposits to clear.  Both types of consumers win.   The major issue isn't verification it is chargebacks.  Dwolla got anhilated by charge-backs and they had both 8 figures in funding to absorb it and the ability to pawn those losses off on merchants (Tradehill, et al).  Coinbase has neither.  Will be interesting though.

Even if true it doesn't change the fact that having a "2 factor" method which can be compromised along with the 1st factor is stupid.  How the user was hack doesn't change the vulnerability.

Lets pretend this plan has no flaws ... it isn't free you do realize that.  It is $2M in opportunity costs (i.e. someone could invest $2M elsewhere).  Add to that the risk of loss both from the trading system and from an exchange hack and the cost is most certainly >0%.

TL/DR:
Yes with $2M one can generate income using a variety of sources.

However that is the WHOLE POINT of 2FACTOR.  If you use a strong password and your computer is never compromised you never need the second factor.   For blockchain.info to offer a "second factor" which can be compromised in the same manner as the first one is just poor design.  If the user for example was using google authenticator (which he may have used if blockchain.info DIDN'T offer a weak re-use of MtGox yubikey) a compromised system wouldn't mean a compromised google authenticator.

This.  Putting cash into someone account is not different than handing them a bag of cash.  If they decide to scam you there is no "chargeback" option.  Obviously that is why some sellers use it but it works great for scammers too.  Ask yourself this "would I trust this guy to hand him a bag of money and walk away knowing he will give me the BTC later?"  If the answer is yes there is no risk in making a bank deposit.  If the answer is no ...

Since we are necroing threads after consulting with legal counsel I am sure that Bitcoin can not meet any definition of "stored value".  Stored Value requires an issuer/redeemer.  When you buy a starbucks giftcard starbucks gains the cash (asset) and the obligation to pay (liability).  The regulatory oversight with stored value comes from the potential for an issuer to spend/lose/steal the asset and thus be unable to pay the liability.

None of that exists with Bitcoin.  No Bitcoin is the liability of any other entity.  A MtGox code however is clearly stored value.  If someone were to make a redeemable bitcoin gift card it would be stored value.   I believe however a bitcoin card which contains the private key on the card wouldn't.

No problem.  You might want to invest in a low end light box/tent.  Good lighting can make even the worst photographer look better.  Trust on that.

I think you misunderstood.  He said with raid you increase the chance of losing "everything".  That is true of all forms of RAID even RAID5.  The risk of losing something decreases but the risk of losing everything (broken array) increases.

If you have files on 5 drives it would take 5 failures to lose everything (although only 1 failure to lose something).
If you have files on RAID 5 (using 5 drives) it would take 2 failures to lose everything.  The risk of losing everything has increased.   One is trading availability for data security.  In the Enterprise world given the cost of downtime for mission critical applications that is a beneficial trade but it is still a tradeoff.

I didn't mean to imply you were advocating not backing up or anything else.  Just correcting your correction.

 

 
+1 on material info.  Also can you get some more photos?  Most of the items have a silvery finish but the cufflinks look "orange".  Are they brass or a brass like material or is that just a camera effect?

Also you should put them on bitmit.net.  Much easier to order and free advertising.  Lastly (and this may require more sales) do you have the ability to make the bitcoin cufflinks out of sterling silver?  I am going on a cruise soon and that would be nice for formal nights.

How many disks do you have.  Number of spindles matter a lot.   If you only have 3 or 4 disks then you may not get much improvement.   If you have 16 or 20 or 28 disks then high end cards can show amazing improvement in throughput. Spindles matter.  10TB array made up of 5x2TB disks is going to have less performance than 10TB array made up of 20x500MB disks.

SSD are making that less relevant though.  Technically there is no reason why a 1TB SSD should be any slower than 2x500MB SSDs.  In the real world limits on controllers, cache, etc mean that often 2x500MB in RAID ARE faster than a single 1TB SSD but that doesn't have to be true.  Some high end enterprise SSD have massive amounts of cache and actually perform worse in RAID.

Yeah by GPU array is like a cancer patient that knows he is going to die but getting a couple more months can only been seen as a good thing.