Bitcoin Forum
December 10, 2016, 04:56:19 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 [8] 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 »  All
  Print  
Author Topic: Bitcoin MineField - 10%-2300% winings, fully automated, with cool technologies:)  (Read 83056 times)
Koooooj
Member
**
Offline Offline

Activity: 75



View Profile
July 02, 2012, 06:16:05 PM
 #141

You changed from SHA256 to MD5.

Your Trust string looks like this:

md5("[[1,0,0,0,1],[0,1,0,1,1],[1,0,1,1,0],[0,1,0,0,0],[0,0,1,0,0]] 6194c0e2ffb667fa41385e16d9fb010b")

Due to weaknesses in MD5, it is entirely possible to fudge the array (on the left) and quickly compliment the arbitrary string (on the right) to generate a colliding MD5.

If you are going to continue using MD5, I recommend replacing the long arbitrary string with a sequence of 3 common dictionary words that maintains a strong entropy but makes colliding MD5 values nay impossible.

I would recommend just using a different hashing function.  Since the left side is of known structure, just differences between 1s and 0s, one could easily start a game with 24 mines, giving only 25 possible forms for the left side.  Then, it's just a three word dictionary attack... if you pull from too small of a pool of words then coming up with a rainbow table becomes relatively easy.  Someone could setup a bot to run you dry, irreversibly in a matter of minutes after the rainbow table was created.  Go with a different hash function.

The first line of the quote states that you went from SHA 256 to MD5.  Why?
1481388979
Hero Member
*
Offline Offline

Posts: 1481388979

View Profile Personal Message (Offline)

Ignore
1481388979
Reply with quote  #2

1481388979
Report to moderator
1481388979
Hero Member
*
Offline Offline

Posts: 1481388979

View Profile Personal Message (Offline)

Ignore
1481388979
Reply with quote  #2

1481388979
Report to moderator
1481388979
Hero Member
*
Offline Offline

Posts: 1481388979

View Profile Personal Message (Offline)

Ignore
1481388979
Reply with quote  #2

1481388979
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481388979
Hero Member
*
Offline Offline

Posts: 1481388979

View Profile Personal Message (Offline)

Ignore
1481388979
Reply with quote  #2

1481388979
Report to moderator
1481388979
Hero Member
*
Offline Offline

Posts: 1481388979

View Profile Personal Message (Offline)

Ignore
1481388979
Reply with quote  #2

1481388979
Report to moderator
pieppiep
Sr. Member
****
Offline Offline

Activity: 402



View Profile
July 02, 2012, 08:48:35 PM
 #142

You changed from SHA256 to MD5.

Your Trust string looks like this:

md5("[[1,0,0,0,1],[0,1,0,1,1],[1,0,1,1,0],[0,1,0,0,0],[0,0,1,0,0]] 6194c0e2ffb667fa41385e16d9fb010b")

Due to weaknesses in MD5, it is entirely possible to fudge the array (on the left) and quickly compliment the arbitrary string (on the right) to generate a colliding MD5.

If you are going to continue using MD5, I recommend replacing the long arbitrary string with a sequence of 3 common dictionary words that maintains a strong entropy but makes colliding MD5 values nay impossible.

I would recommend just using a different hashing function.  Since the left side is of known structure, just differences between 1s and 0s, one could easily start a game with 24 mines, giving only 25 possible forms for the left side.  Then, it's just a three word dictionary attack... if you pull from too small of a pool of words then coming up with a rainbow table becomes relatively easy.  Someone could setup a bot to run you dry, irreversibly in a matter of minutes after the rainbow table was created.  Go with a different hash function.

The first line of the quote states that you went from SHA 256 to MD5.  Why?
I think you forget the 128 bits of the last part "6194c0e2ffb667fa41385e16d9fb010b"
mem
Hero Member
*****
Offline Offline

Activity: 644


Herp Derp PTY LTD


View Profile
July 03, 2012, 06:37:55 AM
 #143

Site is still up, I won 8 btc there recently Smiley

Koooooj
Member
**
Offline Offline

Activity: 75



View Profile
July 03, 2012, 04:50:06 PM
 #144

You changed from SHA256 to MD5.

Your Trust string looks like this:

md5("[[1,0,0,0,1],[0,1,0,1,1],[1,0,1,1,0],[0,1,0,0,0],[0,0,1,0,0]] 6194c0e2ffb667fa41385e16d9fb010b")

Due to weaknesses in MD5, it is entirely possible to fudge the array (on the left) and quickly compliment the arbitrary string (on the right) to generate a colliding MD5.

If you are going to continue using MD5, I recommend replacing the long arbitrary string with a sequence of 3 common dictionary words that maintains a strong entropy but makes colliding MD5 values nay impossible.

I would recommend just using a different hashing function.  Since the left side is of known structure, just differences between 1s and 0s, one could easily start a game with 24 mines, giving only 25 possible forms for the left side.  Then, it's just a three word dictionary attack... if you pull from too small of a pool of words then coming up with a rainbow table becomes relatively easy.  Someone could setup a bot to run you dry, irreversibly in a matter of minutes after the rainbow table was created.  Go with a different hash function.

The first line of the quote states that you went from SHA 256 to MD5.  Why?
I think you forget the 128 bits of the last part "6194c0e2ffb667fa41385e16d9fb010b"

In the post that I quoted, it points out that due to weakness in MD5 you can find a valid string for that and still come up with a valid MD5 for an arbitrary left portion.  Their solution was to use dictionary words, but I was pointing out that a rainbow table renders that approach susceptible to cheating.  The random 128 bits is secure but doesn't prove that the site isn't cheating (I trust that it isn't, but it still doesn't prove it); the dictionary approach does not guarantee that the user won't cheat.  The easiest solution is to just use a stronger hashing algorithm.  Then any arbitrary string is sufficient to demonstrate that the site isn't cheating, since SHA 256 has (as far as I know) never produced a hash collision.
jordonposey
Newbie
*
Offline Offline

Activity: 14



View Profile
July 06, 2012, 07:54:34 PM
 #145

Site has error 503.
I played on it before, but on free-play mode.
Can't wait to play for real.

Want to join my minipool and mine?
99% of the profit goes to you and 1% goes to the ASPCA to help animals. Join today! The minipool also has a weekly jackpot.
http://jordonposey.triplemining.com
Need help with anything? Have a question about bitcoin? PM me any time. I love to help people.
DONATE TO THE ASPCA FOR THE ANIMALS:
1EBwBUirT4mPfS4yMxGsfnQLmew9mr2uFr
holorga
Sr. Member
****
Offline Offline

Activity: 354



View Profile WWW
July 06, 2012, 08:05:13 PM
 #146

Site has error 503.
I played on it before, but on free-play mode.
Can't wait to play for real.

ooops sorry, gimme a few mins

holorga
Sr. Member
****
Offline Offline

Activity: 354



View Profile WWW
July 06, 2012, 08:09:12 PM
 #147

Site has error 503.
I played on it before, but on free-play mode.
Can't wait to play for real.

ooops sorry, gimme a few mins

ok, fixed

jordonposey
Newbie
*
Offline Offline

Activity: 14



View Profile
July 06, 2012, 08:18:40 PM
 #148

Thanks for fixing it.
That was so fast! And this is a cool game.

Want to join my minipool and mine?
99% of the profit goes to you and 1% goes to the ASPCA to help animals. Join today! The minipool also has a weekly jackpot.
http://jordonposey.triplemining.com
Need help with anything? Have a question about bitcoin? PM me any time. I love to help people.
DONATE TO THE ASPCA FOR THE ANIMALS:
1EBwBUirT4mPfS4yMxGsfnQLmew9mr2uFr
holorga
Sr. Member
****
Offline Offline

Activity: 354



View Profile WWW
July 06, 2012, 08:20:09 PM
 #149

Thanks for fixing it.
That was so fast! And this is a cool game.

thanks, and good luck! Smiley

jordonposey
Newbie
*
Offline Offline

Activity: 14



View Profile
July 07, 2012, 12:06:53 AM
 #150

Suggestions:
Stats feature (total won, total lost, etc.)
Backup your URL to a flash drive directly from the site.
Let the user select a field size.
---
I hope this helped.

Want to join my minipool and mine?
99% of the profit goes to you and 1% goes to the ASPCA to help animals. Join today! The minipool also has a weekly jackpot.
http://jordonposey.triplemining.com
Need help with anything? Have a question about bitcoin? PM me any time. I love to help people.
DONATE TO THE ASPCA FOR THE ANIMALS:
1EBwBUirT4mPfS4yMxGsfnQLmew9mr2uFr
holorga
Sr. Member
****
Offline Offline

Activity: 354



View Profile WWW
July 07, 2012, 04:47:02 PM
 #151

Suggestions:
Stats feature (total won, total lost, etc.)
Backup your URL to a flash drive directly from the site.
Let the user select a field size.
---
I hope this helped.


yup, those are all good suggestions, thank you.
I will probably start working on a few new services in a few months. I think I won't work on new features for this one much.

holorga
Sr. Member
****
Offline Offline

Activity: 354



View Profile WWW
July 07, 2012, 04:51:26 PM
 #152

You changed from SHA256 to MD5.

Your Trust string looks like this:

md5("[[1,0,0,0,1],[0,1,0,1,1],[1,0,1,1,0],[0,1,0,0,0],[0,0,1,0,0]] 6194c0e2ffb667fa41385e16d9fb010b")

Due to weaknesses in MD5, it is entirely possible to fudge the array (on the left) and quickly compliment the arbitrary string (on the right) to generate a colliding MD5.

If you are going to continue using MD5, I recommend replacing the long arbitrary string with a sequence of 3 common dictionary words that maintains a strong entropy but makes colliding MD5 values nay impossible.

I would recommend just using a different hashing function.  Since the left side is of known structure, just differences between 1s and 0s, one could easily start a game with 24 mines, giving only 25 possible forms for the left side.  Then, it's just a three word dictionary attack... if you pull from too small of a pool of words then coming up with a rainbow table becomes relatively easy.  Someone could setup a bot to run you dry, irreversibly in a matter of minutes after the rainbow table was created.  Go with a different hash function.

The first line of the quote states that you went from SHA 256 to MD5.  Why?
I think you forget the 128 bits of the last part "6194c0e2ffb667fa41385e16d9fb010b"

In the post that I quoted, it points out that due to weakness in MD5 you can find a valid string for that and still come up with a valid MD5 for an arbitrary left portion.  Their solution was to use dictionary words, but I was pointing out that a rainbow table renders that approach susceptible to cheating.  The random 128 bits is secure but doesn't prove that the site isn't cheating (I trust that it isn't, but it still doesn't prove it); the dictionary approach does not guarantee that the user won't cheat.  The easiest solution is to just use a stronger hashing algorithm.  Then any arbitrary string is sufficient to demonstrate that the site isn't cheating, since SHA 256 has (as far as I know) never produced a hash collision.

let me just acknowledge this. you people are totally right.
I will take time in the near future to switch back to SHA256, I won't risk it with dictionary words and such, as just using a proper hashing function is easy.

I did use SHA256 before. but after a system upgrade the library I was using broke, and I quickly just switched to MD5 to get it to work and left it at that.

the site will be back on SHA256 within the week.


btw,

site is currently down, bitcoind went crazy, I'm repolling the block chain.


jordonposey
Newbie
*
Offline Offline

Activity: 14



View Profile
July 07, 2012, 04:52:43 PM
 #153

The site is 503 again.
I got my BTC ready to bet.
Thank you for your service to the bitcoin community.

Want to join my minipool and mine?
99% of the profit goes to you and 1% goes to the ASPCA to help animals. Join today! The minipool also has a weekly jackpot.
http://jordonposey.triplemining.com
Need help with anything? Have a question about bitcoin? PM me any time. I love to help people.
DONATE TO THE ASPCA FOR THE ANIMALS:
1EBwBUirT4mPfS4yMxGsfnQLmew9mr2uFr
holorga
Sr. Member
****
Offline Offline

Activity: 354



View Profile WWW
July 07, 2012, 04:58:29 PM
 #154

The site is 503 again.
I got my BTC ready to bet.
Thank you for your service to the bitcoin community.


I know, it will stay offline for a few hours, bitcoind went crazy and is downloading a whole blockchain now.
I'm sorry you've hit 503 twice, the uptime is usually pretty good.


btw, you've had some good suggestions for the site, let me know if there is a service you'd like to see in the future, I will be working on new things soon and am slightly out of the loop with services that are available atm. I will do a websocket multiplayer game for sure.


jordonposey
Newbie
*
Offline Offline

Activity: 14



View Profile
July 07, 2012, 05:04:48 PM
 #155

OK.

By the way, do you use your own server or do you use a VPS?

Want to join my minipool and mine?
99% of the profit goes to you and 1% goes to the ASPCA to help animals. Join today! The minipool also has a weekly jackpot.
http://jordonposey.triplemining.com
Need help with anything? Have a question about bitcoin? PM me any time. I love to help people.
DONATE TO THE ASPCA FOR THE ANIMALS:
1EBwBUirT4mPfS4yMxGsfnQLmew9mr2uFr
holorga
Sr. Member
****
Offline Offline

Activity: 354



View Profile WWW
July 07, 2012, 05:13:48 PM
 #156

OK.

By the way, do you use your own server or do you use a VPS?

its a cheap VPS, its too weak for bitcoind which is extremely resource intensive lately.
when I start working on new stuff I'll revise the infrastructure. which will include renting a dedicated machine and isolating services

jordonposey
Newbie
*
Offline Offline

Activity: 14



View Profile
July 08, 2012, 12:49:07 AM
 #157

It came online for a few minutes. Now 503 again.
It's OK with me as long as the site works when I play for real.

Want to join my minipool and mine?
99% of the profit goes to you and 1% goes to the ASPCA to help animals. Join today! The minipool also has a weekly jackpot.
http://jordonposey.triplemining.com
Need help with anything? Have a question about bitcoin? PM me any time. I love to help people.
DONATE TO THE ASPCA FOR THE ANIMALS:
1EBwBUirT4mPfS4yMxGsfnQLmew9mr2uFr
holorga
Sr. Member
****
Offline Offline

Activity: 354



View Profile WWW
July 08, 2012, 01:00:38 AM
 #158

It came online for a few minutes. Now 503 again.
It's OK with me as long as the site works when I play for real.


I know, working on it.

holorga
Sr. Member
****
Offline Offline

Activity: 354



View Profile WWW
July 08, 2012, 03:56:56 PM
 #159

ok, site is back up, it took more then 24 hours to resync with the blockchain, bitcoind went crazy due to too many addresses being generated, needed to recreate the wallet.

blueshoe
Sr. Member
****
Offline Offline

Activity: 253

<space>


View Profile
July 09, 2012, 12:46:08 PM
 #160

What is the bitcoinadress? Both adresses top left and bottom dont work for me.
Pages: « 1 2 3 4 5 6 7 [8] 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!