What do you think, will running a site like this be profitable ?

[pooya87]

i have two questions.
1. why use MD5? why not use SHA256 which is also safer and just as fast?

in this case the use of the algorithm is not for security purposes, but to generate a unique hash for all users.
so, MD5 or SHA-256 will work the same way.
but if later many people suggest replacing MD5 with SHA-256, we will consider replacing it.

security is the first thing that you should consider and a hashing algorithm that was deemed insecure back in 1996 since a collision was found back then is not a safe thing to use in 2019.

if everyone understands like you, maybe it will work, but our users may be from many backgrounds where they are not friendly to hexadecimal numbers.
we try to make it more friendly to everyone, so we need to convert the hexadecimal number to decimal so that it can be better understood by many people.

you are still converting a hexadecimal number to a decimal number and compare it. you are just doing it with 5 bytes instead of 32. that is why i said "why bother"!

[clouddreaming]

i have two questions.
1. why use MD5? why not use SHA256 which is also safer and just as fast?

in this case the use of the algorithm is not for security purposes, but to generate a unique hash for all users.
so, MD5 or SHA-256 will work the same way.
but if later many people suggest replacing MD5 with SHA-256, we will consider replacing it.

security is the first thing that you should consider and a hashing algorithm that was deemed insecure back in 1996 since a collision was found back then is not a safe thing to use in 2019.

we don't avoid collisions, which we avoid is the same user producing the same number so if the numbers generated are very high, he can manipulate TOP HASH.
And it is impossible for us to avoid collisions because the range of our hash numbers is 0 to 100000
it means that if 100002 Hash Games have been played, then at least 1 collision has occurred

if everyone understands like you, maybe it will work, but our users may be from many backgrounds where they are not friendly to hexadecimal numbers.
we try to make it more friendly to everyone, so we need to convert the hexadecimal number to decimal so that it can be better understood by many people.

you are still converting a hexadecimal number to a decimal number and compare it. you are just doing it with 5 bytes instead of 32. that is why i said "why bother"!

Our main goal to do all that, is to make it easier for users to prove that this is a truly fair game.
5 bytes hexadecimal number is large enough to produce a unique hash number in our game.
if we use 32 bytes hexadecimal number, then if it is converted to decimal for the user to understand, it will produce a very long decimal number and it will be difficult for most users to be able to prove this game is fair, because most calculators can only accommodate 16 digits .

but we will still consider replacing the algorithm according to your suggestion, because maybe MD5 is indeed inconclusive.

if you have time please explore our site, so we can improve if you think we have to fix it

Thank you very much for your attention
 

[pooya87]

another flaw in your design is that nothing is stopping you from doing something like this:

Code:

user name: ipifpa
ip: xxxx2.611
user seed: mravpc
final hash: d8415729ed19f93e42bbc8ff61e22f50
final number: 84,474 > 66282

this took me about 5 minutes to code and 3 seconds to find a hash bigger than the one you posted. with a little bit of effort you can find a better looking username!

edit: here is another one with your forum username:

Code:

username: clouddreaming
ip: xxxx4.340
user seed: nimetx
final hash: d99e03a1ddaebbf1cee257a0c4f46531
final number: 85,006 > 84,474 > 66282

another one with a longer seed and bigger number (took ~ 30 seconds):

Code:

username: clouddreaming
ip: xxxx3.982
user seed: jynbnyef
final hash: fffbbd4f40b508789e04a9a9af8fad2e
final number: 99,993 > 85,006 > 84,474 > 66282

[clouddreaming]

another flaw in your design is that nothing is stopping you from doing something like this:

You have missed the server seed that we kept secret.
The purpose of keeping the server seed secret is to prevent someone from doing repeated experiments.

Try to get a big number on our site, so you really understand the whole process.
Later you can tell us again if there is a hole that can be used by someone to be able to get a big number easily.

[pooya87]

another flaw in your design is that nothing is stopping you from doing something like this:

You have missed the server seed that we kept secret.
The purpose of keeping the server seed secret is to prevent someone from doing repeated experiments.

Try to get a big number on our site, so you really understand the whole process.
Later you can tell us again if there is a hole that can be used by someone to be able to get a big number easily.

i didn't say the users are going to exploit it, i said "YOU" are capable of exploiting it since you already have access to the server seed and can create any combination that you like to come up with a result that always wins the pot!
there is a simple solution to it although not perfect, you should add the following steps:
1. set a deadline for participation and after it ended, release the list of all participants and their seed,... so it can not be changed
2. take the first bitcoin block that is found after this deadline and use its block hash as the server seed so that YOU also don't know the server seed.
3. do the rest of the steps for everyone to calculate the winner.

[UserU]

You might want to work more on the design and like the others have mentioned, URL. It's not going to fare well in rankings.

Also, a page like that without further explanation on how to win BTC is pretty much a turn-off. At a glance, is it a faucet or GPT? You get the idea.

[Patatas]

What do you think, will running a site like this be profitable ?

this is the website : https://afreething.000webhostapp.com

NO because people are not going to open that site in the first place. Secondly, profitable for whom? The investors or you? In both cases, it looks like a ponzi scheme to me. Well, thought Ponzi I'd say. I can't really understand the technical implementation as well because all I can read is stuff being hashed over and over again.

[clouddreaming]

i didn't say the users are going to exploit it, i said "YOU" are capable of exploiting it since you already have access to the server seed and can create any combination that you like to come up with a result that always wins the pot!

Sorry, I'm too focused on your suggestion to replace MD5 with SHA-256, so I miss the word "you" in there.
I think MD5 or SHA-256 will be the same because we hid Server Seed.
However this is a simple, centralized game and users still need trust in us, but if the number of users is very much later, our chance to cheat is very small.

there is a simple solution to it although not perfect, you should add the following steps:
1. set a deadline for participation and after it ended, release the list of all participants and their seed,... so it can not be changed
2. take the first bitcoin block that is found after this deadline and use its block hash as the server seed so that YOU also don't know the server seed.
3. do the rest of the steps for everyone to calculate the winner.

it's a good idea but it will eliminate temporary pleasure when a user gets a high number.
besides that we also want competition continuously, so that the game is fun.
but we are very interested in applying this idea to other games that we might add later.
previously we also had ideas that were a bit similar to this but might be very complicated to implement now.

[clouddreaming]

You might want to work more on the design and like the others have mentioned, URL. It's not going to fare well in rankings.

Also, a page like that without further explanation on how to win BTC is pretty much a turn-off. At a glance, is it a faucet or GPT? You get the idea.

yes, we have to improve the design and have a good domain.
that's what we got from the opinion of many people here.

thanks for your opinion

NO because people are not going to open that site in the first place. Secondly, profitable for whom? The investors or you? In both cases, it looks like a ponzi scheme to me. Well, thought Ponzi I'd say. I can't really understand the technical implementation as well because all I can read is stuff being hashed over and over again.

Investor or Us are the same subject in this case.

No, we do not ask for a deposit from the user, so it confirms that this is not a ponzi scheme.

thanks for your opinion
 

[Renaldi blackspadeteam]

yes it is beneficial for those in the top 10, and do you know, I read the name of the website that makes me dare not to click it, maybe I am the type of person who is alert, you better replace it using  .io domain because most projects use domains. .io