Bitcoin MineField - 10%-2300% winings, fully automated, with cool technologies:)

[Koooooj]

You changed from SHA256 to MD5.

Your Trust string looks like this:

md5("[[1,0,0,0,1],[0,1,0,1,1],[1,0,1,1,0],[0,1,0,0,0],[0,0,1,0,0]] 6194c0e2ffb667fa41385e16d9fb010b")

Due to weaknesses in MD5, it is entirely possible to fudge the array (on the left) and quickly compliment the arbitrary string (on the right) to generate a colliding MD5.

If you are going to continue using MD5, I recommend replacing the long arbitrary string with a sequence of 3 common dictionary words that maintains a strong entropy but makes colliding MD5 values nay impossible.

I would recommend just using a different hashing function.  Since the left side is of known structure, just differences between 1s and 0s, one could easily start a game with 24 mines, giving only 25 possible forms for the left side.  Then, it's just a three word dictionary attack... if you pull from too small of a pool of words then coming up with a rainbow table becomes relatively easy.  Someone could setup a bot to run you dry, irreversibly in a matter of minutes after the rainbow table was created.  Go with a different hash function.

The first line of the quote states that you went from SHA 256 to MD5.  Why?

[1715256539]

1715256539

[1715256539]

1715256539

[pieppiep]

You changed from SHA256 to MD5.

Your Trust string looks like this:

md5("[[1,0,0,0,1],[0,1,0,1,1],[1,0,1,1,0],[0,1,0,0,0],[0,0,1,0,0]] 6194c0e2ffb667fa41385e16d9fb010b")

Due to weaknesses in MD5, it is entirely possible to fudge the array (on the left) and quickly compliment the arbitrary string (on the right) to generate a colliding MD5.

If you are going to continue using MD5, I recommend replacing the long arbitrary string with a sequence of 3 common dictionary words that maintains a strong entropy but makes colliding MD5 values nay impossible.

I would recommend just using a different hashing function.  Since the left side is of known structure, just differences between 1s and 0s, one could easily start a game with 24 mines, giving only 25 possible forms for the left side.  Then, it's just a three word dictionary attack... if you pull from too small of a pool of words then coming up with a rainbow table becomes relatively easy.  Someone could setup a bot to run you dry, irreversibly in a matter of minutes after the rainbow table was created.  Go with a different hash function.

The first line of the quote states that you went from SHA 256 to MD5.  Why?

I think you forget the 128 bits of the last part "6194c0e2ffb667fa41385e16d9fb010b"

[mem]

Site is still up, I won 8 btc there recently

[Koooooj]

You changed from SHA256 to MD5.

Your Trust string looks like this:

md5("[[1,0,0,0,1],[0,1,0,1,1],[1,0,1,1,0],[0,1,0,0,0],[0,0,1,0,0]] 6194c0e2ffb667fa41385e16d9fb010b")

Due to weaknesses in MD5, it is entirely possible to fudge the array (on the left) and quickly compliment the arbitrary string (on the right) to generate a colliding MD5.

If you are going to continue using MD5, I recommend replacing the long arbitrary string with a sequence of 3 common dictionary words that maintains a strong entropy but makes colliding MD5 values nay impossible.

I would recommend just using a different hashing function.  Since the left side is of known structure, just differences between 1s and 0s, one could easily start a game with 24 mines, giving only 25 possible forms for the left side.  Then, it's just a three word dictionary attack... if you pull from too small of a pool of words then coming up with a rainbow table becomes relatively easy.  Someone could setup a bot to run you dry, irreversibly in a matter of minutes after the rainbow table was created.  Go with a different hash function.

The first line of the quote states that you went from SHA 256 to MD5.  Why?

I think you forget the 128 bits of the last part "6194c0e2ffb667fa41385e16d9fb010b"

In the post that I quoted, it points out that due to weakness in MD5 you can find a valid string for that and still come up with a valid MD5 for an arbitrary left portion.  Their solution was to use dictionary words, but I was pointing out that a rainbow table renders that approach susceptible to cheating.  The random 128 bits is secure but doesn't prove that the site isn't cheating (I trust that it isn't, but it still doesn't prove it); the dictionary approach does not guarantee that the user won't cheat.  The easiest solution is to just use a stronger hashing algorithm.  Then any arbitrary string is sufficient to demonstrate that the site isn't cheating, since SHA 256 has (as far as I know) never produced a hash collision.

[jordonposey]

Site has error 503.
I played on it before, but on free-play mode.
Can't wait to play for real.

[holorga]

Site has error 503.
I played on it before, but on free-play mode.
Can't wait to play for real.

ooops sorry, gimme a few mins

[holorga]

Site has error 503.
I played on it before, but on free-play mode.
Can't wait to play for real.

ooops sorry, gimme a few mins

ok, fixed

[jordonposey]

Thanks for fixing it.
That was so fast! And this is a cool game.

[holorga]

Thanks for fixing it.
That was so fast! And this is a cool game.

thanks, and good luck!

[jordonposey]

Suggestions:
Stats feature (total won, total lost, etc.)
Backup your URL to a flash drive directly from the site.
Let the user select a field size.
---
I hope this helped.

[holorga]

Suggestions:
Stats feature (total won, total lost, etc.)
Backup your URL to a flash drive directly from the site.
Let the user select a field size.
---
I hope this helped.

yup, those are all good suggestions, thank you.
I will probably start working on a few new services in a few months. I think I won't work on new features for this one much.

[holorga]

You changed from SHA256 to MD5.

Your Trust string looks like this:

md5("[[1,0,0,0,1],[0,1,0,1,1],[1,0,1,1,0],[0,1,0,0,0],[0,0,1,0,0]] 6194c0e2ffb667fa41385e16d9fb010b")

Due to weaknesses in MD5, it is entirely possible to fudge the array (on the left) and quickly compliment the arbitrary string (on the right) to generate a colliding MD5.

If you are going to continue using MD5, I recommend replacing the long arbitrary string with a sequence of 3 common dictionary words that maintains a strong entropy but makes colliding MD5 values nay impossible.

I would recommend just using a different hashing function.  Since the left side is of known structure, just differences between 1s and 0s, one could easily start a game with 24 mines, giving only 25 possible forms for the left side.  Then, it's just a three word dictionary attack... if you pull from too small of a pool of words then coming up with a rainbow table becomes relatively easy.  Someone could setup a bot to run you dry, irreversibly in a matter of minutes after the rainbow table was created.  Go with a different hash function.

The first line of the quote states that you went from SHA 256 to MD5.  Why?

I think you forget the 128 bits of the last part "6194c0e2ffb667fa41385e16d9fb010b"

In the post that I quoted, it points out that due to weakness in MD5 you can find a valid string for that and still come up with a valid MD5 for an arbitrary left portion.  Their solution was to use dictionary words, but I was pointing out that a rainbow table renders that approach susceptible to cheating.  The random 128 bits is secure but doesn't prove that the site isn't cheating (I trust that it isn't, but it still doesn't prove it); the dictionary approach does not guarantee that the user won't cheat.  The easiest solution is to just use a stronger hashing algorithm.  Then any arbitrary string is sufficient to demonstrate that the site isn't cheating, since SHA 256 has (as far as I know) never produced a hash collision.

let me just acknowledge this. you people are totally right.
I will take time in the near future to switch back to SHA256, I won't risk it with dictionary words and such, as just using a proper hashing function is easy.

I did use SHA256 before. but after a system upgrade the library I was using broke, and I quickly just switched to MD5 to get it to work and left it at that.

the site will be back on SHA256 within the week.


btw,

site is currently down, bitcoind went crazy, I'm repolling the block chain.

[jordonposey]

The site is 503 again.
I got my BTC ready to bet.
Thank you for your service to the bitcoin community.

[holorga]

The site is 503 again.
I got my BTC ready to bet.
Thank you for your service to the bitcoin community.

I know, it will stay offline for a few hours, bitcoind went crazy and is downloading a whole blockchain now.
I'm sorry you've hit 503 twice, the uptime is usually pretty good.


btw, you've had some good suggestions for the site, let me know if there is a service you'd like to see in the future, I will be working on new things soon and am slightly out of the loop with services that are available atm. I will do a websocket multiplayer game for sure.

[jordonposey]

OK.

By the way, do you use your own server or do you use a VPS?

[holorga]

OK.

By the way, do you use your own server or do you use a VPS?

its a cheap VPS, its too weak for bitcoind which is extremely resource intensive lately.
when I start working on new stuff I'll revise the infrastructure. which will include renting a dedicated machine and isolating services

[jordonposey]

It came online for a few minutes. Now 503 again.
It's OK with me as long as the site works when I play for real.

[holorga]

It came online for a few minutes. Now 503 again.
It's OK with me as long as the site works when I play for real.

I know, working on it.

[holorga]

ok, site is back up, it took more then 24 hours to resync with the blockchain, bitcoind went crazy due to too many addresses being generated, needed to recreate the wallet.

[blueshoe]

What is the bitcoinadress? Both adresses top left and bottom dont work for me.