Bitcoin Forum
April 16, 2014, 04:01:32 PM *
News: ♦♦ A bug in OpenSSL, used by Bitcoin-Qt/Bitcoin Core, could allow your bitcoins to be stolen. Immediately updating Bitcoin Core to 0.9.1 is required in some cases, especially if you're using 0.9.0. Download. More info.
The same bug also affected the forum. Changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 [31] 32 33 34 35 36 37 38 39 40 41 42
  Print  
Author Topic: bitfloor needs your help!  (Read 91903 times)
davout
Staff
Hero Member
*****
Online Online

Activity: 1148


1davout


View Profile WWW

Ignore
October 08, 2012, 07:44:44 AM
 #601

1) Making public information about how he created his cold wallet, or how it is stored, or where it is stored reduces his security.
Security through obscurity is not security.

3) Making them public reduces the effort of a compromise from "breaking into his server, obtaining root access to change permissions on backups, copying backups, finding the password" to "finding the password".  Regardless, no amount of crypto "magic" will allow parts of the encrypted data to be read or even verified, so it would be pointless anyway.  Hashing and encryption are two very different beasts.
Why not ? Say you hash the account identifiers (maybe with a per-account secret), pair them with their balance, sum the balances in a nice report.
Anyone can verify they are in the balance list, no one can look my balance up, I can check that the sum is consistent with the amount in cold storage.
That can also be seen as some sort of backup if properly signed, I'm sure the Bitcoinica folks would have loved to have something like that lying around.

1397664092
Hero Member
*
Offline Offline

Posts: 1397664092

View Profile Personal Message (Offline)

Ignore
1397664092
Reply with quote  #2

1397664092
Report to moderator
CoinReporting   A Portfolio Manager For All Your Digital Currencies
» Join Now For FREE «

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397664092
Hero Member
*
Offline Offline

Posts: 1397664092

View Profile Personal Message (Offline)

Ignore
1397664092
Reply with quote  #2

1397664092
Report to moderator
SgtSpike
Hero Member
*****
Offline Offline

Activity: 1106


Firstbits: 18tkn


View Profile WWW

Ignore
October 08, 2012, 08:23:34 AM
 #602

1) Making public information about how he created his cold wallet, or how it is stored, or where it is stored reduces his security.
Security through obscurity is not security.

Passwords are security through obscurity, so yes, it is.

Vod
Hero Member
*****
Offline Offline

Activity: 994


Licking my boob since 1970


View Profile

Ignore
October 08, 2012, 08:09:05 PM
 #603

1) Making public information about how he created his cold wallet, or how it is stored, or where it is stored reduces his security.
Security through obscurity is not security.

Passwords are security through obscurity, so yes, it is.

A password by itself is useless - you need the associated login name.

BTC: 12sTkefnDQTYQL9M1PmhsVSDMhQFYSGUgJ    LTC: LetWRnxuuEn6PVpnXxHZC6L8kzQXmWv67t
I don't need your coins - I will never ask for a loan.
davout
Staff
Hero Member
*****
Online Online

Activity: 1148


1davout


View Profile WWW

Ignore
October 08, 2012, 08:17:03 PM
 #604

1) Making public information about how he created his cold wallet, or how it is stored, or where it is stored reduces his security.
Security through obscurity is not security.

Passwords are security through obscurity, so yes, it is.

Ok smartass, let me just quote wikipedia for you Smiley
Quote
Security through obscurity is a pejorative referring to a principle in security engineering, which attempts to use secrecy of design or implementation to provide security.

A password by itself is useless - you need the associated login name.
Oh, and what are you doing here ? How about letting the grown-ups do the talking ?

giszmo
Hero Member
*****
Offline Offline

Activity: 1064


¡ɥɔʇɐʍ ʇsnɾ ˙ǝƃuɐɥɔ ɐuuoƃ s,ןɐǝɹ


View Profile WWW

Ignore
October 08, 2012, 09:03:04 PM
 #605

Ok smartass, let me just quote wikipedia for you Smiley
Quote
Security through obscurity is a pejorative referring to a principle in security engineering, which attempts to use secrecy of design or implementation to provide security.

A password by itself is useless - you need the associated login name.
Oh, and what are you doing here ? How about letting the grown-ups do the talking ?

Don't feed the troll.

SgtSpike
Hero Member
*****
Offline Offline

Activity: 1106


Firstbits: 18tkn


View Profile WWW

Ignore
October 08, 2012, 09:23:50 PM
 #606

1) Making public information about how he created his cold wallet, or how it is stored, or where it is stored reduces his security.
Security through obscurity is not security.

Passwords are security through obscurity, so yes, it is.

Ok smartass, let me just quote wikipedia for you Smiley
Quote
Security through obscurity is a pejorative referring to a principle in security engineering, which attempts to use secrecy of design or implementation to provide security.
The fact is though, revealing information about his cold storage procedures DOES reduce the effective security of said procedure.  One less unknown is one more factor a malicious entity could use in planning an attack.

I know the argument is that security measures should always be 100% bulletproof, so that even if all the facts were known, it wouldn't be possible to crack, but it is very rarely the case that such a scenario can be created.  Especially with regards to cold storage, the malicious entity would want to know where it is stored, how it is stored, how often and when it is accessed, etc.  Each of those unknowns is "security through obscurity", but each one, if revealed, would help an attacker with pulling off a heist.

Just my two cents.  Wink

toffoo
Sr. Member
****
Offline Offline

Activity: 347



View Profile

Ignore
October 11, 2012, 01:33:39 AM
 #607

Quote
bitfloor7:24 PM  -  Public

WellsFargo cash deposits are currently suspended. Due to this account suspension, ACH withdrawals will be delayed as the account is closed. These delays are outside of our control and we apologize for any inconvenience this may cause. We strive to process both USD and BTC in an efficient manner and will continue to do so after these delays are resolved.

We will post more information on the future of cash deposits as it becomes available.

Otoh
Donator
Hero Member
*
Offline Offline

Activity: 1022



View Profile

Ignore
October 11, 2012, 11:45:13 AM
 #608

ACH withdrawal was enabled on my account, it took a while but implemented earlier this week & just when I planned to test it out Wells Fargo go & break it, oh well I shall look at doing this in November now, I hope that Bitfloor will find the US banks more cooperative than the UK ones have proved to be for other Exchanges up until now. I guess that this explains why there's a 139 btc bid there atm for $12.20 while Gox price is just under $12 now, a nice arb op for someone who doesn't mind waiting to get the $ out.

BTC = $c²     LTC = $c³     BTC = 1otohotohMoQoxHuxLBveQiZcV3Pji3Tc     LTC = LQMHQ6haTzVa2uKkxFAaujEqmzkbHBzt7i     NXT = 9862336831998627827     

BITCOIN: ♦  Just-Dice.com  ♦   ♦  1% House Edge Dice Game  ♦   ♦  Play or Invest  ♦     LITECOIN: INTRO | CLIENT | EXCHANGE | CHARTS | MINING | FORUM | ASTRO | A REPORT ON LTC | NEWS | PRIZES | CHARITY | MY REP | DICE
SgtSpike
Hero Member
*****
Offline Offline

Activity: 1106


Firstbits: 18tkn


View Profile WWW

Ignore
October 11, 2012, 04:23:07 PM
 #609

Roman - any update on the potential investors/payback of the lost BTC?

whitslack
Member
**
Offline Offline

Activity: 112



View Profile

Ignore
October 11, 2012, 04:59:11 PM
 #610

Roman - any update on the potential investors/payback of the lost BTC?
I somewhat expected to start seeing my "held" BTC balance tick downwards ever so slightly as transaction fees are being collected, but it hasn't happened. Maybe it's a manual process now, but Roman should automate it. Continuous, incremental progress toward getting everyone paid back, even if it will take years, would be a welcome sight.
SgtSpike
Hero Member
*****
Offline Offline

Activity: 1106


Firstbits: 18tkn


View Profile WWW

Ignore
October 11, 2012, 05:02:57 PM
 #611

Roman - any update on the potential investors/payback of the lost BTC?
I somewhat expected to start seeing my "held" BTC balance tick downwards ever so slightly as transaction fees are being collected, but it hasn't happened. Maybe it's a manual process now, but Roman should automate it. Continuous, incremental progress toward getting everyone paid back, even if it will take years, would be a welcome sight.
Agreed, though I was also hoping he would find an investor to cover the losses.  Wink

BCB
CTG
VIP
Hero Member
*
Offline Offline

Activity: 728


BCJ


View Profile

Ignore
October 11, 2012, 05:52:00 PM
 #612

we tried....

https://bitcointalk.org/index.php?topic=112069.msg1212452#msg1212452
SkRRJyTC
Hero Member
*****
Offline Offline

Activity: 770


View Profile

Ignore
October 11, 2012, 07:42:51 PM
 #613

Roman - any update on the potential investors/payback of the lost BTC?
I somewhat expected to start seeing my "held" BTC balance tick downwards ever so slightly as transaction fees are being collected, but it hasn't happened. Maybe it's a manual process now, but Roman should automate it. Continuous, incremental progress toward getting everyone paid back, even if it will take years, would be a welcome sight.
Agreed, though I was also hoping he would find an investor to cover the losses.  Wink

Maybe its because confidence in security has not been restored.  I know mine hasn't.
TheButterZone
Hero Member
*****
Offline Offline

Activity: 658


Nemo me impune lacessit


View Profile WWW

Ignore
October 11, 2012, 08:00:35 PM
 #614

I was thinking of selling my debt, but probably wouldn't get more than 10 cents on the dollar for it, if that. Should have done it right away like TangibleCrypto did.

ΜΟΛΩΝ ΛΑΒΕ! I sell stuff for BTC here here and here | Flute & Violin & Piano For Sale | Voiceover for BTC | Copy editing for BTC
gpg_identity=http://pgp.thebutterzone.com | WoT feedback here & eBay feedback here | Buy BTC in San Diego, CA, or worldwide!
PayPal: Bitcoinese for "FU, I'm getting a chargeback up to 365 days later!" | Bitcoin voice chat | Utilities For Bitcoin Sellers | THE Bitcoin Sound is here.
Tuxavant
Hero Member
*****
Offline Offline

Activity: 728


Bitcoin Mayor of Las Vegas


View Profile WWW

Ignore
October 11, 2012, 11:08:27 PM
 #615

Quote
bitfloor7:24 PM  -  Public

WellsFargo cash deposits are currently suspended.

Dammit!!!

Generation Bitcoin | G+ | FB | Bitcoins In Vegas | CoinBus.com | TOR Exit Operator 1MVTPATVCKBMfALRHJsXpHfKJu7GyL7nAc
BlackHeartFund
Member
**
Offline Offline

Activity: 112



View Profile

Ignore
October 12, 2012, 12:31:51 PM
 #616

I was thinking of selling my debt, but probably wouldn't get more than 10 cents on the dollar for it, if that. Should have done it right away like TangibleCrypto did.

Yeah but if you wait another month you will be saying that you should have sold a month ago for 10%...

Does anyone really thing any serious chunk of this debt will ever be paid back? Nothing is impossible, but that is impossible.
TheButterZone
Hero Member
*****
Offline Offline

Activity: 658


Nemo me impune lacessit


View Profile WWW

Ignore
October 12, 2012, 07:49:35 PM
 #617

It's pointless to post once it gets into single digits.

ΜΟΛΩΝ ΛΑΒΕ! I sell stuff for BTC here here and here | Flute & Violin & Piano For Sale | Voiceover for BTC | Copy editing for BTC
gpg_identity=http://pgp.thebutterzone.com | WoT feedback here & eBay feedback here | Buy BTC in San Diego, CA, or worldwide!
PayPal: Bitcoinese for "FU, I'm getting a chargeback up to 365 days later!" | Bitcoin voice chat | Utilities For Bitcoin Sellers | THE Bitcoin Sound is here.
TheButterZone
Hero Member
*****
Offline Offline

Activity: 658


Nemo me impune lacessit


View Profile WWW

Ignore
October 18, 2012, 09:18:55 AM
 #618

Well, somebody(s) must be uber-confident in Bitfloor, considering there's ~545 BTC of liquidity on the asks side worth ~$6,755 right now, ranging from $11.90-14.01. Wonder when we're going to start seeing the BTC trickling back into our accounts.

ΜΟΛΩΝ ΛΑΒΕ! I sell stuff for BTC here here and here | Flute & Violin & Piano For Sale | Voiceover for BTC | Copy editing for BTC
gpg_identity=http://pgp.thebutterzone.com | WoT feedback here & eBay feedback here | Buy BTC in San Diego, CA, or worldwide!
PayPal: Bitcoinese for "FU, I'm getting a chargeback up to 365 days later!" | Bitcoin voice chat | Utilities For Bitcoin Sellers | THE Bitcoin Sound is here.
Tuxavant
Hero Member
*****
Offline Offline

Activity: 728


Bitcoin Mayor of Las Vegas


View Profile WWW

Ignore
October 18, 2012, 01:28:25 PM
 #619

Is there even a way to get cash in there yet (after the wells fargo/chase account closures)?

Generation Bitcoin | G+ | FB | Bitcoins In Vegas | CoinBus.com | TOR Exit Operator 1MVTPATVCKBMfALRHJsXpHfKJu7GyL7nAc
Bigal
Full Member
***
Offline Offline

Activity: 204



View Profile

Ignore
October 18, 2012, 02:11:33 PM
 #620

Well, somebody(s) must be uber-confident in Bitfloor, considering there's ~545 BTC of liquidity on the asks side worth ~$6,755 right now, ranging from $11.90-14.01. Wonder when we're going to start seeing the BTC trickling back into our accounts.

Good question, I'm glad to see it's back operational but until I see some attempt at my lost btc being paid back I just can't bring myself to use their service anymore.

The Small Time Miner Pools   CryptoCoin Ticker   BTC 1EHV2BY8JcvpBqnMqq5BSkbZvFHT7ndpnz    LTC  LaBigaLvm7L8XT5urnwJW5MpoArBAjsk2X
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 [31] 32 33 34 35 36 37 38 39 40 41 42
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!