greyhawk
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
May 29, 2013, 08:09:23 AM |
|
And no, we are not going anywhere. ![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif) Actually, yes, yes you are.
|
|
|
|
TheBankofBitcoin.com (OP)
Newbie
Offline
Activity: 28
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
May 29, 2013, 08:21:16 AM |
|
r3wt- I don't think you got the point. The point is not whether or not md5 is able to be "cracked." The point is to demonstrate that our pages have not been changed. If you hash a text string with md5, as long as the input text string is the same, the resulting md5 hash will be the same. You should have given it a full second.
|
|
|
|
nnyld
Newbie
Offline
Activity: 57
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
May 29, 2013, 08:41:41 AM |
|
No site is secure.
|
|
|
|
ScaryKubiak
Newbie
Offline
Activity: 8
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
May 29, 2013, 01:52:50 PM |
|
If man can make it then man can break it.
|
|
|
|
pluh
Newbie
Offline
Activity: 7
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
May 29, 2013, 02:09:04 PM |
|
No bank is secure.
|
|
|
|
Boleans
Newbie
Offline
Activity: 33
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
May 29, 2013, 02:28:04 PM |
|
hmmmmmmmmm
|
|
|
|
r3wt
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
May 29, 2013, 03:08:47 PM |
|
banks are like condoms. they work great until they fuck up then you get stuck with the burden. ![Cheesy](https://bitcointalk.org/Smileys/default/cheesy.gif)
|
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
Kettenmonster
Sr. Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif) ![*](https://bitcointalk.org/Themes/custom1/images/star.gif) ![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 420
Merit: 250
bool eval(bool b){return b ? b==true : b==false;}
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
May 29, 2013, 03:58:43 PM |
|
The Bank of Bitcoin provides solutions to Bitcoin's most troubling problems.
Especially your problem to get access to my coins, I presume.
|
The paining (sic!) is done with the QPainter class inside the paintEvent() method. (source: my internet)
|
|
|
Atruk
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
May 29, 2013, 05:36:18 PM |
|
r3wt- I don't think you got the point. The point is not whether or not md5 is able to be "cracked." The point is to demonstrate that our pages have not been changed. If you hash a text string with md5, as long as the input text string is the same, the resulting md5 hash will be the same. You should have given it a full second. Actually with md5, the problem is indeed not to "be cracked", it is for a collision to have been found. A collision is an event where to different inputs yield the same md5 hash, and the math behind md5 has been sufficiently broken that creating a forged document with the same md5 has as a genuine document is no where near computationally challenging enough anymore. You can have two (or more) different inputs yield the same string. (SSL and code signing certificates which used keys derived with md5 have catastrophically been forged) It has probably been since 2008 that md5 has been generally know to be unreliable for security applications.
|
|
|
|
Explodicle
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
May 29, 2013, 07:57:38 PM |
|
Everyday non-technical users might never check the MD5 at all, or so infrequently that many of them could feasibly lose coins during a website breach.
Newbies would probably have better perspective on this than I do... which is more daunting? A) Download a program like Armory, check its hash once, and learn how to use it. Must re-check the hash on every new computer. B) Go to an easy website, but write down an MD5 and check it every time you visit the site.
|
|
|
|
TheBankofBitcoin.com (OP)
Newbie
Offline
Activity: 28
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
May 30, 2013, 03:32:03 AM |
|
nnyld, ScaryKubiak, pluh, r3wt (and others) -
I have said before that although we have done literally everything we can think of to make our site as absolutely secure as possible, we know that there is always a possibility of any site being hacked...even the White House's site has been hacked in the past.
The Paper Vaults that The Bank of Bitcoin allows its Members to create CANNOT be hacked. They are literally just as secure as any paper wallet. I have stated this so many times, in so many ways, that I am reminded of the scene in "The Shawshank Redemption" where the lead character called the warden "obtuse" for seeming to deliberately misunderstand what he was being told.
Even if our site were hacked, any Bitcoins in your Paper Vault would be absolutely safe. This is quite unique for an online Bitcoin Service: when other online services are hacked your Private Keys and Bitcoins are gone; with us, it would be an inconvenience, but the Bitcoins and Private Keys in your Paper Vaults would remain safe.
Furthermore, to combat the possibility of the injection of malicious code into the client-side javascript used to manipulate your Paper Vaults we have described a two- or three-minute method to check that our code has not been altered (either by a hacker or otherwise).
It should be obvious that we take security VERY seriously, and have created an online Bitcoin service which handles that security by putting YOUR Private Keys and YOUR Bitcoins in YOUR hands, and yet STILL allowing you to send your Bitcoins from any javascript-enabled Internet-connected device. This is a very unique, valuable and secure service - and I am proud of what we have accomplished.
|
|
|
|
Explodicle
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
May 30, 2013, 08:07:20 PM |
|
The Paper Vaults that The Bank of Bitcoin allows its Members to create CANNOT be hacked. They are literally just as secure as any paper wallet. to combat the possibility of the injection of malicious code into the client-side javascript used to manipulate your Paper Vaults we have described a two- or three-minute method to check that our code has not been altered (either by a hacker or otherwise). One has to spend those 2-3 minutes EVERY TIME they log on. Since you know the IP and time of page loads, and when the next transaction is sent to you from that IP, you can tell who hasn't been checking hashes and how many coins those poor careless souls have in their wallets.
|
|
|
|
UniversalTrek
Newbie
Offline
Activity: 28
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
May 30, 2013, 08:18:34 PM |
|
The safest place to keep your coins is in your own qt wallets, back them up - Plain and simple, no need to send your coins off to some "bank", if MTGOX and other exchanges and sites get hacked, this will too, keep your coins in your own wallets -
|
|
|
|
Atruk
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
May 30, 2013, 08:58:12 PM |
|
The safest place to keep your coins is in your own qt wallets, back them up - Plain and simple, no need to send your coins off to some "bank", if MTGOX and other exchanges and sites get hacked, this will too, keep your coins in your own wallets -
Pretty much this. You don't have to use the qt wallet, but any of the main wallets: Armory, Electrum, Multibit, or the Qt client are all good choices. The Android Bitcoin Wallet app is good too (make sure you find the right one, it uses the same backend as Multibit). Even Blockchain.info isn't a bad choice. This site actually seems like more of a hassel than just running your own client...
|
|
|
|
btcdocs
Newbie
Offline
Activity: 15
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
May 30, 2013, 09:01:31 PM |
|
"Unhackable" generally translates into "famous last word" even without the exclamation...
|
|
|
|
Cyberburner
Newbie
Offline
Activity: 14
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
May 30, 2013, 09:12:40 PM |
|
BitCoin was created to get away from banks, not to create new, supposedly unhackable shit sites. Srry the language but that's my opinion...
|
|
|
|
TheBankofBitcoin.com (OP)
Newbie
Offline
Activity: 28
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
May 31, 2013, 03:56:18 AM |
|
One has to spend those 2-3 minutes EVERY TIME they log on. Since you know the IP and time of page loads, and when the next transaction is sent to you from that IP, you can tell who hasn't been checking hashes and how many coins those poor careless souls have in their wallets. Actually, we have no way of knowing who is or is not checking hashes. And actually, it takes less than 30 seconds once you get the hang of it. The safest place to keep your coins is in your own qt wallets, back them up - Plain and simple, no need to send your coins off to some "bank", if MTGOX and other exchanges and sites get hacked, this will too, keep your coins in your own wallets - The SAFEST place to keep your coins is OFFLINE, in paper form, hence our Paper Vaults, which are created and printed using client-side javascript on the user's computer. The coins in your Paper Vault aren't sent off to our "bank," but remain OFFLINE in your Paper Vault. The Bitcoins and Private Keys in your Paper Vault are in YOUR hands, NEVER ours. And that's the point. Don't be confused or mislead by the term "Bank" in our name...perhaps we should have called ourselves The "UnBank" of Bitcoin...because we are unlike any other Bank, reflecting the unique nature of Bitcoin itself. This site actually seems like more of a hassel than just running your own client... Actually, nothing could be further from the truth. Running your own client only allows you to spend Bitcoins from the same device where you stored them, while The Bank of Bitcoin allows you to spend them from any Internet connected device. Furthermore, there is no need to drain your own memory, cpu resourses, or bandwidth, or to back up wallets. Just create your Paper Vault, print as many copies as you like, and store your coins there, in the most secure form of Bitcoin storage possible. BitCoin was created to get away from banks, not to create new, supposedly unhackable shit sites. Srry the language but that's my opinion... Paper Vaults, like paper wallets, ARE unhackable. We have never stated that ANY site is unhackable, just that Paper Vaults are. And no problem about the language. ![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif)
|
|
|
|
firefop
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
May 31, 2013, 05:14:48 AM |
|
nnyld, ScaryKubiak, pluh, r3wt (and others) -
I have said before that although we have done literally everything we can think of to make our site as absolutely secure as possible, we know that there is always a possibility of any site being hacked...even the White House's site has been hacked in the past.
The Paper Vaults that The Bank of Bitcoin allows its Members to create CANNOT be hacked. They are literally just as secure as any paper wallet. I have stated this so many times, in so many ways, that I am reminded of the scene in "The Shawshank Redemption" where the lead character called the warden "obtuse" for seeming to deliberately misunderstand what he was being told.
Even if our site were hacked, any Bitcoins in your Paper Vault would be absolutely safe. This is quite unique for an online Bitcoin Service: when other online services are hacked your Private Keys and Bitcoins are gone; with us, it would be an inconvenience, but the Bitcoins and Private Keys in your Paper Vaults would remain safe.
Furthermore, to combat the possibility of the injection of malicious code into the client-side javascript used to manipulate your Paper Vaults we have described a two- or three-minute method to check that our code has not been altered (either by a hacker or otherwise).
It should be obvious that we take security VERY seriously, and have created an online Bitcoin service which handles that security by putting YOUR Private Keys and YOUR Bitcoins in YOUR hands, and yet STILL allowing you to send your Bitcoins from any javascript-enabled Internet-connected device. This is a very unique, valuable and secure service - and I am proud of what we have accomplished.
I really wasn't going to chime in on this thread again. But It's been sitting there taunting me all day. The ironic thing is: we aren't the ones being obtuse. We'we pointing out legitimate points of weakness and flaws in your concept. We also have no doubt that you "take security VERY seriously" but that doesn't make you any good at securing your site. At best your inept at worst your attempting to pull something. ~ If I were malicious - I might do something exactly like what you've done... including making multiple mdm5 documents on how to 'verify' the authenticity of the paper wallet generation code. Then I'd set my server up to monitor get requests from the same clients. Whenever my software felt someone wasn't being diligent checking - it would then deliver altered code that would deliver a copy of the private key back to my server. Assuming that you could kick the can down the road for awhile with some less experienced users claiming your legitimacy... in a few years you'd have access to hundreds or thousands of cold storage wallets that you could then clean out for massive profit. Total time invest - six to eight hours it would take to put together your website and 2 years of hosting fees. ~ One reason nobody is taking you seriously is because you aren't offering anything (except a bit more hassle) to do the same things we can do already using established software and services. There's no way for you ever make much of a profit offering 'clones' of other services. This means that you must have some other plan for how to make a bitcoin off the venture... otherwise why bother. Another reason is when security issues and flaws in concept are pointed out you imply we're being obtuse... if you were legitimate you'd be trying to get our input on how to fix these issues instead. ~ When it comes to the bitcoin world there are a couple hundred thousand geeks and fiscal wizards (at least) who're more than willing to help you develop a good product or service for the fun of it... or simply for whatever it might add to the growth of bitcoin. My advice to you would be to start listening to us about the issues with your 'service'.
|
|
|
|
Voodah
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
May 31, 2013, 05:38:15 AM |
|
Mad claims...
|
|
|
|
gotosea
Newbie
Offline
Activity: 13
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
May 31, 2013, 05:55:28 AM |
|
That's basically an invite for everyone to go and try it
|
|
|
|
|