Bitcoin Forum
May 27, 2022, 01:17:01 PM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
  Home Help Search Login Register More  
  Show Posts
Pages: [1]
1  Bitcoin / Bitcoin Discussion / . on: September 21, 2012, 04:13:38 PM
2  Bitcoin / Development & Technical Discussion / Password Hashing and Storage on: August 16, 2012, 02:43:16 PM

A good outline of why website password schemes often fail to protect users and what developers can do to fix things.

Let’s take a quick step back before talking about what’s wrong with the hashing algorithms of today. The problem that cryptographic storage of passwords is trying to address is to limit the potential damage of unintended disclosure of passwords in storage. Now of course all the good upstream security practices such as mitigating against SQL injection vulnerabilities and protecting your backups still apply, this is about what happens once things go really, really wrong.

It's a bit .NET-centric, but the lessons apply to any framework.
3  Other / Politics & Society / Worker-Owners of America, Unite! on: December 15, 2011, 05:52:12 PM

Some 130 million Americans, for example, now participate in the ownership of co-op businesses and credit unions. More than 13 million Americans have become worker-owners of more than 11,000 employee-owned companies, six million more than belong to private-sector unions.

And worker-owned companies make a difference. In Cleveland, for instance, an integrated group of worker-owned companies, supported in part by the purchasing power of large hospitals and universities, has taken the lead in local solar-panel installation, “green” institutional laundry services and a commercial hydroponic greenhouse capable of producing more than three million heads of lettuce a year.

Local and state governments are likewise changing the nature of American capitalism. Almost half the states manage venture capital efforts, taking partial ownership in new businesses. Calpers, California’s public pension authority, helps finance local development projects; in Alaska, state oil revenues provide each resident with dividends from public investment strategies as a matter of right; in Alabama, public pension investing has long focused on state economic development.

Bitcoin or similar system will definitely be a part of the future economy. It can play a supporting role in worker-owned and operated industry.
4  Other / Politics & Society / This is a war. Do you realize it? on: December 10, 2011, 02:29:49 PM

Occupy Wall Street is a peaceful, nonviolent movement, but, like it or not, it’s still one half of a class war. You would be in denial if you pondered over the events of last fall and thought of them as anything other than an unsuccessful military campaign, smashed by superior numbers and resources, but walking away in tact with important tactical victories against the propaganda of the “1%,” as a little TET Offensive on American soil. As painful as it is even for someone as cynical as I am (and that’s pretty cynical) to acknowledge it, that’s the way the bought and paid for municipal governments of the “1%” and their heavily armed bands of blue uniformed mercenaries think of it.

You may have voted for them, but they do not work for you. They do not care about you. They care only about the “1%” who funded their campaigns and who promise to offer them high paying jobs after their terms expire. When they think of you, if they think of you at all, and they probably think of you only rarely, they think of you as the dehumanized enemy, as slopes, as gooks, as Hajis, as niggers at the bottom of the slave boat, or as those annoying native American tribes who are occupying the land they want to use for a government subsidized railroad.

You also scare them. They know they won a short term victory. They also remember that the French, in the short run, won the Battle of Algiers. The goal of the “foot cavalry of the 99%” this winter is to maneuver while remaining together as an army, not to scatter but to redeploy in anticipation of the weather turning warm next spring.

What is the role of a distributed currency? How can it be used to finance an ideological war - truly, the most effective type of war. All soldiers need equiment. They need comms, information, and weapons - in this case ideological weapons to counter the sea of corporate propaganda which washes over us each day.

This is only part of the picture, but you had better see what is going on around us. You can be sure that central planners of the establishment are paying attention. They are very aware of what is going on and are doing their best to obscure it.

Spring is coming. Now is the time to expand networks of finance, intelligence, and communication. This is the role of the IT worker.
5  Other / Meta / A public service announcement on: September 11, 2011, 10:17:20 AM
Use BCrypt, Fool!

This forum stores passwords as weak hashes derived from weak salts using fast hash functions. It is amateur hour at

Stop using MD5 or SHA. They were never designed to store passwords and protect them from offline attacks.

For example, MTGOX foolishly stores passwords as SHA512 hashes. It should use bcrypt(). It is amateur hour at MTGOX and probably most other exchanges. The notable exception is bitcoin-central, which does use bcrypt.

Salts should be generated using proper random number generators.

Again, Use BCrypt, Fool!
6  Other / Politics & Society / Insights into the workings of the American Corporate Machine on: September 07, 2011, 02:39:06 PM

I'm not particularly surprised by the cable, although some of you may find it informative. What I find interesting are the implications of the loss of control of finance and IP to centralized power. Bitcoin/Namecoin present major obstacles to corporate interests who would prefer to control all conduits of creating, distributing and profiting from all different types of IP. "Finance" is the only real remaining power center in the US, and it relies on IP (media/propaganda) on a fundamental level. This probably explains why the state department is being used to bully countries like Sweden with "super 301."

To an unprecedented degree, bitcoin/namecoin unlock the corporate deathgrip on information. I am sure that "finance" has recognized distributed currencies as lethal threats to its existence. The attacks will be fast and furious. In particular, beware the threat of infiltration and its potentially paralyzing effect on organization and progress. Don't trust; only build infrastructure that doesn't require trust.
7  Bitcoin / Bitcoin Discussion / GnuPG versus TrueCrypt on: June 13, 2011, 12:06:19 PM
I see many people recommending TrueCrypt for backing up and securing wallets. I think it is important to protect wallets, but I suggest that GnuPG would be the better tool. As BTC become increasingly valuable, it becomes more and more important to use the best tools to protect your stash.

GPG is more than a tool facilitating symmetric crypto. It is a standardized and well-tested suite of tools that permit encryption/signing of arbitrary data such as files and email. Basically, anyone looking to get deeper into the bitcoin economy would be well-advised to understand and use GPG to develop and maintain a cryptographically strong reputation. TrueCrypt just isn't as flexible. GPG also follows an established standard, and it interoperable with commercial software. TrueCrypt does not. TrueCrypt also isn't available for nearly as many platforms as GPG.

TrueCrypt's novel feature is the "deniable" filesystem. Bruce Schneier has published some work on it and stated that he "wouldn't trust it."

Then there is the small matter of licensing. GnuPG is licensed under the GPL. TrueCrypt has a non-free license.


The TrueCrypt License has not been officially approved by the Open Source Initiative and is not considered "free" by several major Linux distributions (Arch Linux,[35] Debian,[36] Ubuntu,[37] Fedora,[38] openSUSE,[39] Gentoo[40]), mainly because of distribution and copyright-liability reasons.[41]

How to use GPG?

gpg --compress-algo BZIP2 --bzip2-compress-level 9 --encrypt -a -o text_crypt_wallet.txt wallet.dat

This will compress and then encrypt your wallet using your private GPG key. The -a flag tells gpg to give you ascii-armored (printable) output. The -o flag tells gpg to name the output file "text_crypt_wallet.txt". You can then print this out. The file will look something like this:



<lots of stuff>


I recommend first moving bitcoins to a fresh wallet with a single address via a single transaction, so as to have as small a file as possible. Otherwise, you may end up with many pages of output.

Make sure the font is OCR-readable ( and large enough to avoid scanning and transcription errors. Also, make sure to keep track of page numbers.

If you don't have a GPG key, you can encrypt it via just a symmetric cipher and password:

gpg --compress-algo BZIP2 --bzip2-compress-level 9 --symmetric -a -o text_crypt_wallet.txt wallet.dat

Just don't forget your password.

By default, GPG uses CAST5 as the symmetric cipher. Note that you can always specify which symmetric cipher you want to use (all of gpg's ciphers are considered strong) with one of these flags:

--cipher-algo 3DES
--cipher-algo AES128
--cipher-algo AES192
--cipher-algo AES256
--cipher-algo BLOWFISH
--cipher-algo CAMELLIA
--cipher-algo TWOFISH

To recover the wallet, you can scan the document and OCR it to a file. Then decrypt it:

gpg --decrypt -o wallet.dat scanned_text_file.txt

If you are running GNU/Linux, you probably already have GnuPG If you have windows, you can get GnuPG here:
8  Economy / Economics / From real to virtual... then back to real on: February 12, 2011, 08:00:11 PM

How Fake Money Saved Brazil

This is a story about how an economist and his buddies tricked the people of Brazil into saving the country from rampant inflation. They had a crazy, unlikely plan, and it worked.

Perception is key.
9  Other / Off-topic / Re: The Free State Project (split) on: February 08, 2011, 03:51:29 PM
I see that the teenaged suburbia-dwellers are out in full force.

These sad people are deluded into thinking that disarming themselves against large companies (concentrated power and wealth) will make them free. It should come as no surprise that such propaganda comes primarily from corporations themselves. Luckily, most people understand that democracy is probably the only way that we (humans) can coexist in relative freedom and decency.
10  Bitcoin / Development & Technical Discussion / Ripped off by a pool? on: December 20, 2010, 08:26:01 AM
If you have not been paid by a pool server, post here. As of now, I have not seen any money from slush's pool for work which began on 17 Dec.
Pages: [1]
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!