Bitcoin Forum
June 17, 2024, 06:11:16 PM *
News: Voting for pizza day contest
 
   Home   Help Search Login Register More  
Pages: « 1 ... 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 [126] 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 ... 193 »
  Print  
Author Topic: [ANN][Pool][Profit-Switch][Optional Auto-Exchange per Coin][Vardiff] ~ Hashcows  (Read 347313 times)
pallas
Legendary
*
Offline Offline

Activity: 2716
Merit: 1094


Black Belt Developer


View Profile
January 09, 2014, 12:02:18 PM
 #2501

In your opinion, how does one capital letter in a password raise the security?
Honestly, switch that off. It doesnt make a real difference.

It does a lot.
For example: any way of increasing the size of the char set used to make passwords lowers the risk of successful brute force attacks.
you're right, but if you don't put any boundary on the password choice than the character dictionary is actually made by any character. instead, if you force the user to use a capital letter it means you're actually reducing the dictionary dimension for that character.

if N = all possible characters, there exists:
N^8 8-chars completely free password, and
26+N^7 8-chars passwords with one capital letter


The problem is that if you don't enforce users to use capital letters, numbers and punctuation, they will use just lowercase chars, for lazyness.
Thus, if a hacker brute-forces with lowercase chars, he will be successful on most users.
Actually, brute force attacks works very well with dictionaries, so the real benefit would be not allowing common words, instead of enforcing capitals or numbers.
I have experience of this because I did security audits on unix machines back in the nineties: you could easily find most passwords by using a dictionary + some numbers and mixed caps.

eric89
Newbie
*
Offline Offline

Activity: 40
Merit: 0


View Profile WWW
January 09, 2014, 12:33:46 PM
 #2502

Since no one has offically said it...

I did!

He said "officially" as in from Nearmiss or aTriz. The admins? You know, the moo guys?   Do you work for them Wink

No, but I am pretty official.
aTriz
Hero Member
*****
Offline Offline

Activity: 1232
Merit: 683


Tontogether | Save Smart & Win Big


View Profile
January 09, 2014, 01:30:24 PM
 #2503

Stratum is now fixed up! No more 1-2 mintue rounds.

mdmedina07
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
January 09, 2014, 01:58:20 PM
 #2504

Sweet!
nearmiss (OP)
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250



View Profile
January 09, 2014, 01:59:39 PM
 #2505

- Red Rounds

Most are only a minute or two, there was a bug in the switching script triggered under certain conditions following a 0 coin round, that would cause us to potentially switch off the next coin way earlier than we normally would.  This bug has been fixed, no more 1-2min rounds.

-  Passwords

"Actually, brute force attacks works very well with dictionaries, so the real benefit would be not allowing common words, instead of enforcing capitals or numbers."  This is the case, I believe.  Common words are also rejected, to some extent.   To be honest, the fact we enforce a capital letter is not something I'm going to spend any time thinking further about atm, we've got enough on the list to get to before revisiting a modification on password policy.   8+ chars, 1 uppercase, 1 number. It is what it is for now.

- Balances

You won't see a change to your BTC balance until payouts happen, once a day at GMT 04:00:00.  Normally you'd have an "Estimated Un-Exchanged" and "Estimated Exchagned" value that grows and adjusts throughout the day, those are currently disabled, and being worked on.  If you don't have a balance *after* payout time, its something to be concerned about, and let support know.

Profit-Switching Pool w/ Vardiff -> http://hashco.ws  Optionally keep the alts we mine or auto-trade for BTC. In addition can be paid out in any of: 365, AC, BC,  BTC, C2, CINNI, COMM, FAC, HBN, MINT, PMC, QRK, RDD, WC, XBC
aint_no_enthusiast
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
January 09, 2014, 02:07:15 PM
 #2506

Thanks for the answer, nearmiss!
induktor
Hero Member
*****
Offline Offline

Activity: 710
Merit: 502



View Profile
January 09, 2014, 02:18:06 PM
 #2507

The problem is that if you don't enforce users to use capital letters, numbers and punctuation, they will use just lowercase chars, for lazyness.
Thus, if a hacker brute-forces with lowercase chars, he will be successful on most users.
Actually, brute force attacks works very well with dictionaries, so the real benefit would be not allowing common words, instead of enforcing capitals or numbers.
I have experience of this because I did security audits on unix machines back in the nineties: you could easily find most passwords by using a dictionary + some numbers and mixed caps.

I don't agree with the enforce of punctuation and uppercase for two reasons:

1) most (new) keyboard don't have the CAPS LIGHT, so you don't know if you are in uppercase or not, you have no idea how many customers bitches about the uppercase thing with the wireless keyboards, because they type it wrong several times and the passwords gets disabled, all because those keyboards don't have the caps light.

2) punctuation: about 70% of every computer i work on, have the keyboard language mapping wrong, so punctuation are everywhere except where you expect it, so, it is impossible (unless you remember the position of the punctuation keys) to type a password like that if you can't see what are you typing because the mapping does not match the real keyboard.

I think is better to use only lowercase letters and numbers, and a dictionary check, if the password is found in the dictionary, it will force you to choose another one.

BTC addr: 1vTGnFgaM2WJjswwmbj6N2AQBWcHfimSc
Eastwind
Hero Member
*****
Offline Offline

Activity: 896
Merit: 1000



View Profile
January 09, 2014, 02:19:45 PM
 #2508

In my worker setting, there are "Round Shares Accepted (Adj)". Are these adjusted shares? How are they adjusted?

In the stats section, there are also pool accepted shares, are they adjusted?

Should be ratio of my accepted shares and the poll accepted share similar to the ratio of my hash rate to pool hash rate?
induktor
Hero Member
*****
Offline Offline

Activity: 710
Merit: 502



View Profile
January 09, 2014, 02:23:18 PM
 #2509

- Balances

You won't see a change to your BTC balance until payouts happen, once a day at GMT 04:00:00.  Normally you'd have an "Estimated Un-Exchanged" and "Estimated Exchagned" value that grows and adjusts throughout the day, those are currently disabled, and being worked on.  If you don't have a balance *after* payout time, its something to be concerned about, and let support know.

Thank you for the update!.
one question, can I do manual withdraw or is disabled for now?.

happy to see the site back on track!, thank you!.

BTC addr: 1vTGnFgaM2WJjswwmbj6N2AQBWcHfimSc
Catswold
Sr. Member
****
Offline Offline

Activity: 518
Merit: 251



View Profile
January 09, 2014, 02:33:53 PM
 #2510

The problem is that if you don't enforce users to use capital letters, numbers and punctuation, they will use just lowercase chars, for lazyness.
Thus, if a hacker brute-forces with lowercase chars, he will be successful on most users.
Actually, brute force attacks works very well with dictionaries, so the real benefit would be not allowing common words, instead of enforcing capitals or numbers.
I have experience of this because I did security audits on unix machines back in the nineties: you could easily find most passwords by using a dictionary + some numbers and mixed caps.

I don't agree with the enforce of punctuation and uppercase for two reasons:

1) most (new) keyboard don't have the CAPS LIGHT, so you don't know if you are in uppercase or not, you have no idea how many customers bitches about the uppercase thing with the wireless keyboards, because they type it wrong several times and the passwords gets disabled, all because those keyboards don't have the caps light.

2) punctuation: about 70% of every computer i work on, have the keyboard language mapping wrong, so punctuation are everywhere except where you expect it, so, it is impossible (unless you remember the position of the punctuation keys) to type a password like that if you can't see what are you typing because the mapping does not match the real keyboard.

I think is better to use only lowercase letters and numbers, and a dictionary check, if the password is found in the dictionary, it will force you to choose another one.

Honestly? Roll Eyes

Nearmiss has made it clear and frankly, most people agree with the current password policy.  Further argument is pointless and serves no positive purpose.  Accept it and move on.

MoDu
Member
**
Offline Offline

Activity: 93
Merit: 10


View Profile
January 09, 2014, 02:59:52 PM
 #2511

I agree, this is 2014 where our GPU miners are also very good at brute forcing password hashes, so we need 2014 policies, otherwise you're open to some of the biggest security fiascos in computer history: Sony, Adobe, Target, etc...
Draino
Full Member
***
Offline Offline

Activity: 168
Merit: 100



View Profile
January 09, 2014, 03:20:10 PM
 #2512

The problem is that if you don't enforce users to use capital letters, numbers and punctuation, they will use just lowercase chars, for lazyness.
Thus, if a hacker brute-forces with lowercase chars, he will be successful on most users.
Actually, brute force attacks works very well with dictionaries, so the real benefit would be not allowing common words, instead of enforcing capitals or numbers.
I have experience of this because I did security audits on unix machines back in the nineties: you could easily find most passwords by using a dictionary + some numbers and mixed caps.

I don't agree with the enforce of punctuation and uppercase for two reasons:

1) most (new) keyboard don't have the CAPS LIGHT, so you don't know if you are in uppercase or not, you have no idea how many customers bitches about the uppercase thing with the wireless keyboards, because they type it wrong several times and the passwords gets disabled, all because those keyboards don't have the caps light.

2) punctuation: about 70% of every computer i work on, have the keyboard language mapping wrong, so punctuation are everywhere except where you expect it, so, it is impossible (unless you remember the position of the punctuation keys) to type a password like that if you can't see what are you typing because the mapping does not match the real keyboard.

I think is better to use only lowercase letters and numbers, and a dictionary check, if the password is found in the dictionary, it will force you to choose another one.


agreed, i'm about to sign up to hashcows for testing and these password requirements are cumbersome

about 85% of the computers i use are 23 year old radio shack types and a variety of letters can be quite sticky
not to mention letters can be used to form words that some people find offensive

i say make required passwords be a 3 digit pin (no duplicate digits! i might hit the key twice on accident!) and leave it at that
nlsupernova
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
January 09, 2014, 03:40:53 PM
 #2513

They are working their butts off to get the site going, and there is a whole page dedicated to how people dont want to use uppercase letters in the passwords.
You guys must must be the happiest people in the world i guess.
If using uppercase letters is the biggest problem you currently have. Things have to be going great for you. Roll Eyes

Catswold
Sr. Member
****
Offline Offline

Activity: 518
Merit: 251



View Profile
January 09, 2014, 03:41:01 PM
 #2514

agreed, i'm about to sign up to hashcows for testing and these password requirements are cumbersome

about 85% of the computers i use are 23 year old radio shack types and a variety of letters can be quite sticky
not to mention letters can be used to form words that some people find offensive

i say make required passwords be a 3 digit pin (no duplicate digits! i might hit the key twice on accident!) and leave it at that
If this isn't sarcasm, I just don't quite know what to say . . . maybe . . . Wow! Roll Eyes
nlsupernova
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
January 09, 2014, 03:42:29 PM
 #2515

3 digit pin, lolz
Dont forget to set the maximum number of times you can try to enter a password before the site blocks your account to 999. Grin

mrbrdo
Full Member
***
Offline Offline

Activity: 144
Merit: 100


View Profile
January 09, 2014, 03:44:17 PM
 #2516

How often does "current balance" update? I've been mining for 16 hours with 2.3MH/s and I only have 0.00000522 balance which is ridiculous! I got 2 million accepted shares and 30k rejected (I think cgminer switched in between, so maybe this is just from last 1 hr, don't know).

iOS/Android app for miners - Altcoin Monitor - https://bitcointalk.org/index.php?topic=419844.msg4927994
Rig management software - FarmCP - https://bitcointalk.org/index.php?topic=439402.msg4827394
Catswold
Sr. Member
****
Offline Offline

Activity: 518
Merit: 251



View Profile
January 09, 2014, 03:51:06 PM
 #2517

How often does "current balance" update? I've been mining for 16 hours with 2.3MH/s and I only have 0.00000522 balance which is ridiculous! I got 2 million accepted shares and 30k rejected (I think cgminer switched in between, so maybe this is just from last 1 hr, don't know).
Does anyone ever bother to read even the last 2 pages of a forum thread anymore before just jumping in and asking a question?

https://bitcointalk.org/index.php?topic=293872.msg4408900#msg4408900
mdmedina07
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
January 09, 2014, 04:08:16 PM
 #2518

Phbbtt reading is overrated Tongue Not like this is a forum...oh nm. :|

How often does "current balance" update? I've been mining for 16 hours with 2.3MH/s and I only have 0.00000522 balance which is ridiculous! I got 2 million accepted shares and 30k rejected (I think cgminer switched in between, so maybe this is just from last 1 hr, don't know).
Does anyone ever bother to read even the last 2 pages of a forum thread anymore before just jumping in and asking a question?

https://bitcointalk.org/index.php?topic=293872.msg4408900#msg4408900

matsonj
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
January 09, 2014, 04:08:53 PM
 #2519

The problem is that if you don't enforce users to use capital letters, numbers and punctuation, they will use just lowercase chars, for lazyness.
Thus, if a hacker brute-forces with lowercase chars, he will be successful on most users.
Actually, brute force attacks works very well with dictionaries, so the real benefit would be not allowing common words, instead of enforcing capitals or numbers.
I have experience of this because I did security audits on unix machines back in the nineties: you could easily find most passwords by using a dictionary + some numbers and mixed caps.

I don't agree with the enforce of punctuation and uppercase for two reasons:

1) most (new) keyboard don't have the CAPS LIGHT, so you don't know if you are in uppercase or not, you have no idea how many customers bitches about the uppercase thing with the wireless keyboards, because they type it wrong several times and the passwords gets disabled, all because those keyboards don't have the caps light.

2) punctuation: about 70% of every computer i work on, have the keyboard language mapping wrong, so punctuation are everywhere except where you expect it, so, it is impossible (unless you remember the position of the punctuation keys) to type a password like that if you can't see what are you typing because the mapping does not match the real keyboard.

I think is better to use only lowercase letters and numbers, and a dictionary check, if the password is found in the dictionary, it will force you to choose another one.


agreed, i'm about to sign up to hashcows for testing and these password requirements are cumbersome

about 85% of the computers i use are 23 year old radio shack types and a variety of letters can be quite sticky
not to mention letters can be used to form words that some people find offensive

i say make required passwords be a 3 digit pin (no duplicate digits! i might hit the key twice on accident!) and leave it at that

LMAO...3 digit pin?! Ya know what, skip the PIN and just hand your BTC over to me as soon as you mine it.

You're just asking to get your balance stolen with a 3 digit pin. I could guess it in 10 mins.

The site password restrictions are quite common and more sites should use the restrictions. Sure, they can be a pain, but it's not unlike signing into Facebook or Yahoo!.

You don't want a new password system like the rest of the developed world because your computer is too old but you're mining with some fancy new graphics cards? I can't even...
mrbrdo
Full Member
***
Offline Offline

Activity: 144
Merit: 100


View Profile
January 09, 2014, 04:21:53 PM
 #2520

Does anyone ever bother to read even the last 2 pages of a forum thread anymore before just jumping in and asking a question?

https://bitcointalk.org/index.php?topic=293872.msg4408900#msg4408900

I did read most of it, but 90% is bitching about password restrictions so I missed it. Anyway, thanks.

iOS/Android app for miners - Altcoin Monitor - https://bitcointalk.org/index.php?topic=419844.msg4927994
Rig management software - FarmCP - https://bitcointalk.org/index.php?topic=439402.msg4827394
Pages: « 1 ... 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 [126] 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 ... 193 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!