Bitcoin Forum
December 08, 2016, 02:17:25 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Mt. Gox Trading API "nonce" Issue In Distributed App  (Read 1319 times)
jimbobway
Legendary
*
Offline Offline

Activity: 1380



View Profile
July 26, 2011, 07:54:00 PM
 #1

In the trading API you have to specify a "nonce" parameter of an increasing integer value.  This is fine for non-distributed apps.  However, we are developing a distributed app that could be deployed to hundreds or thousands of machines.  This nonce value will be harder to increment in synchronization since normally it is based on a computer's clock.  If two transactions were happening at near the same time, it is possible a late request might arrive before the earlier request due to the unpredictable nature of the Internet.  Is it possible to supply a unique identifier for the nonce instead of an increasing value?

The other solution would be to supply a username and password but I don't know how long this will be supported.

Thanks.


░░░░░░░░░██████░░░░░░░░░░░░▄▄▄
░░███░░██████░░░░░▄▄▄▄▄░░██
░░███░░█████████████
░░░░░░░░██████▀▀██████████
░░░░░░░░██████░░░░░██████████
░░░░░░▄▄▄▄▄▄░░░▄▄▄░░░░███████
░░░░░██████░░░███░░░░███████
░░░░░██████░░░███
░░░░░███████▄▄▄▄▄████████
░░░░░████████████████████
░░▄▄▄▄▄░░█████░░░░█████████
█████░░█████░░░░█████████
█████░░░░░░░░░░░░█████████
█████░░░░░░░░░░░░░█████████

START GETTING PAID FOR YOUR ATTENTION!
███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
JUSTICE IN THE WORLD OF ONLINE ADVERTISING!

BUY MASS COIN 】【 ICO PROSPECTUS
VISIT OUR WEBSITE
TWITTER 】【 FACEBOOK 】【 TELEGRAM

1481163445
Hero Member
*
Offline Offline

Posts: 1481163445

View Profile Personal Message (Offline)

Ignore
1481163445
Reply with quote  #2

1481163445
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481163445
Hero Member
*
Offline Offline

Posts: 1481163445

View Profile Personal Message (Offline)

Ignore
1481163445
Reply with quote  #2

1481163445
Report to moderator
1481163445
Hero Member
*
Offline Offline

Posts: 1481163445

View Profile Personal Message (Offline)

Ignore
1481163445
Reply with quote  #2

1481163445
Report to moderator
1481163445
Hero Member
*
Offline Offline

Posts: 1481163445

View Profile Personal Message (Offline)

Ignore
1481163445
Reply with quote  #2

1481163445
Report to moderator
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
July 26, 2011, 11:32:31 PM
 #2

So hundreds or thousands of machines will be using the same MtGox account? That doesn't sound pleasant.

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
jimbobway
Legendary
*
Offline Offline

Activity: 1380



View Profile
July 26, 2011, 11:42:02 PM
 #3

So hundreds or thousands of machines will be using the same MtGox account? That doesn't sound pleasant.

You want 1000 accounts for 1000 machines?  That sounds even less pleasant.

░░░░░░░░░██████░░░░░░░░░░░░▄▄▄
░░███░░██████░░░░░▄▄▄▄▄░░██
░░███░░█████████████
░░░░░░░░██████▀▀██████████
░░░░░░░░██████░░░░░██████████
░░░░░░▄▄▄▄▄▄░░░▄▄▄░░░░███████
░░░░░██████░░░███░░░░███████
░░░░░██████░░░███
░░░░░███████▄▄▄▄▄████████
░░░░░████████████████████
░░▄▄▄▄▄░░█████░░░░█████████
█████░░█████░░░░█████████
█████░░░░░░░░░░░░█████████
█████░░░░░░░░░░░░░█████████

START GETTING PAID FOR YOUR ATTENTION!
███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
JUSTICE IN THE WORLD OF ONLINE ADVERTISING!

BUY MASS COIN 】【 ICO PROSPECTUS
VISIT OUR WEBSITE
TWITTER 】【 FACEBOOK 】【 TELEGRAM

MilkMan
Jr. Member
*
Offline Offline

Activity: 44


View Profile
July 26, 2011, 11:49:26 PM
 #4

If your worried at all about Mt. Gox.'s security issues, then purchase the yubikey key. It is a device allowing secure identification with a "One Time Password". It is recognized as a USB keyboard by your computer, and touching it with your finger causes it to input a 44 characters long password which is unique and can be used only once. Each time you use it a new password is generated, protecting your account even if someone has access to your computer. Awesome Technology. Oh and it's only 29.99 and you can even pay with Bitcoin!
jimbobway
Legendary
*
Offline Offline

Activity: 1380



View Profile
July 26, 2011, 11:52:10 PM
 #5

If your worried at all about Mt. Gox.'s security issues, then purchase the yubikey key. It is a device allowing secure identification with a "One Time Password". It is recognized as a USB keyboard by your computer, and touching it with your finger causes it to input a 44 characters long password which is unique and can be used only once. Each time you use it a new password is generated, protecting your account even if someone has access to your computer. Awesome Technology. Oh and it's only 29.99 and you can even pay with Bitcoin!

This has nothing to do with my question but thanks for the tip.  I do have a Yubikey.

░░░░░░░░░██████░░░░░░░░░░░░▄▄▄
░░███░░██████░░░░░▄▄▄▄▄░░██
░░███░░█████████████
░░░░░░░░██████▀▀██████████
░░░░░░░░██████░░░░░██████████
░░░░░░▄▄▄▄▄▄░░░▄▄▄░░░░███████
░░░░░██████░░░███░░░░███████
░░░░░██████░░░███
░░░░░███████▄▄▄▄▄████████
░░░░░████████████████████
░░▄▄▄▄▄░░█████░░░░█████████
█████░░█████░░░░█████████
█████░░░░░░░░░░░░█████████
█████░░░░░░░░░░░░░█████████

START GETTING PAID FOR YOUR ATTENTION!
███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
JUSTICE IN THE WORLD OF ONLINE ADVERTISING!

BUY MASS COIN 】【 ICO PROSPECTUS
VISIT OUR WEBSITE
TWITTER 】【 FACEBOOK 】【 TELEGRAM

error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
July 27, 2011, 12:04:11 AM
 #6

So hundreds or thousands of machines will be using the same MtGox account? That doesn't sound pleasant.

You want 1000 accounts for 1000 machines?  That sounds even less pleasant.

Sorry, but you haven't provided enough detail about what you're doing to offer anything that resembles a solution or even a workaround.

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
MilkMan
Jr. Member
*
Offline Offline

Activity: 44


View Profile
July 27, 2011, 12:05:00 AM
 #7

If your worried at all about Mt. Gox.'s security issues, then purchase the yubikey key. It is a device allowing secure identification with a "One Time Password". It is recognized as a USB keyboard by your computer, and touching it with your finger causes it to input a 44 characters long password which is unique and can be used only once. Each time you use it a new password is generated, protecting your account even if someone has access to your computer. Awesome Technology. Oh and it's only 29.99 and you can even pay with Bitcoin!

This has nothing to do with my question but thanks for the tip.  I do have a Yubikey.

Oh cool, then you already know what's up Smiley
jimbobway
Legendary
*
Offline Offline

Activity: 1380



View Profile
July 27, 2011, 12:11:28 AM
 #8

So hundreds or thousands of machines will be using the same MtGox account? That doesn't sound pleasant.

You want 1000 accounts for 1000 machines?  That sounds even less pleasant.

Sorry, but you haven't provided enough detail about what you're doing to offer anything that resembles a solution or even a workaround.

Sorry if I sounded off the mark.  I guess I just want a solution to not having to supply an incremental nonce.  A nonce, in the security world, can even be a unique id, which I can generate no problem using C# guid.  Their trading API limits my application which will be distributed, and I am hoping they will make it better.  Or, if they can let me know that I can supply a user and pass instead of the key, secret, and hash of the post then I'll be happy too.  Yes, I am kind of vague but I don't think I can talk about the application I am working on yet until it is ready.

░░░░░░░░░██████░░░░░░░░░░░░▄▄▄
░░███░░██████░░░░░▄▄▄▄▄░░██
░░███░░█████████████
░░░░░░░░██████▀▀██████████
░░░░░░░░██████░░░░░██████████
░░░░░░▄▄▄▄▄▄░░░▄▄▄░░░░███████
░░░░░██████░░░███░░░░███████
░░░░░██████░░░███
░░░░░███████▄▄▄▄▄████████
░░░░░████████████████████
░░▄▄▄▄▄░░█████░░░░█████████
█████░░█████░░░░█████████
█████░░░░░░░░░░░░█████████
█████░░░░░░░░░░░░░█████████

START GETTING PAID FOR YOUR ATTENTION!
███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
JUSTICE IN THE WORLD OF ONLINE ADVERTISING!

BUY MASS COIN 】【 ICO PROSPECTUS
VISIT OUR WEBSITE
TWITTER 】【 FACEBOOK 】【 TELEGRAM

jimbobway
Legendary
*
Offline Offline

Activity: 1380



View Profile
July 27, 2011, 12:12:11 AM
 #9

So hundreds or thousands of machines will be using the same MtGox account? That doesn't sound pleasant.

You want 1000 accounts for 1000 machines?  That sounds even less pleasant.

Sorry, but you haven't provided enough detail about what you're doing to offer anything that resembles a solution or even a workaround.

Sorry if I sounded off the mark.  I guess I just want a solution to not having to supply an incremental nonce.  A nonce, in the security world, can even be a unique id, which I can generate no problem using C# guid.  Their trading API limits my application which will be distributed, and I am hoping they will make it better.  Or, if they can let me know that I can supply a user and pass instead of the key, secret, nonce, and hash of the post then I'll be happy too.  Yes, I am kind of vague but I don't think I can talk about the application I am working on yet until it is ready.

░░░░░░░░░██████░░░░░░░░░░░░▄▄▄
░░███░░██████░░░░░▄▄▄▄▄░░██
░░███░░█████████████
░░░░░░░░██████▀▀██████████
░░░░░░░░██████░░░░░██████████
░░░░░░▄▄▄▄▄▄░░░▄▄▄░░░░███████
░░░░░██████░░░███░░░░███████
░░░░░██████░░░███
░░░░░███████▄▄▄▄▄████████
░░░░░████████████████████
░░▄▄▄▄▄░░█████░░░░█████████
█████░░█████░░░░█████████
█████░░░░░░░░░░░░█████████
█████░░░░░░░░░░░░░█████████

START GETTING PAID FOR YOUR ATTENTION!
███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
JUSTICE IN THE WORLD OF ONLINE ADVERTISING!

BUY MASS COIN 】【 ICO PROSPECTUS
VISIT OUR WEBSITE
TWITTER 】【 FACEBOOK 】【 TELEGRAM

MilkMan
Jr. Member
*
Offline Offline

Activity: 44


View Profile
July 27, 2011, 12:16:34 AM
 #10

Ya I don't even understand how API works, or what it does to protect the site. I'll be researching that tonight. Thanks!
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
July 31, 2011, 05:51:53 AM
 #11

I can think of at least 3 solutions.

Solution 1, the unique server ID

Assume that the nonce can be up to 19 digits long (64 bit int).  Subtract 10 digits for the current unix timestamp.

Figure out the maximum number of machines you'll ever have, take X=ceiling(log10(#)).

Now, take 9 and subtract X.  Whatever you get is the number of digits to take from the front of the microseconds clock when making the nonce.

So, if you expect not more than 10,000 machines, X will be 4.  So in your mtgox code, you use
Code:
$req['nonce'] = $mt[1].substr($mt[0], 2, 6).$unique_id_for_this_machine;

Solution 2, the proxy

Relay all of your requests through another box that calculates the nonce and signature.

Solution 2, start over

Seriously.  What sort of distributed system needs access to an exchange?

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
wumpus
Hero Member
*****
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
July 31, 2011, 09:34:00 AM
 #12

The ever-increasing requirement is impossible to guarantee in a distributed system. The only way around this will be a central sequence ID generator... (or a system that "votes" for a sequence ID generator, for example using Zookeeper, so that another node can take it over when one fails)

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
MagicalTux
VIP
Hero Member
*
Offline Offline

Activity: 617


Working on new MtGox features


View Profile WWW
July 31, 2011, 05:13:28 PM
 #13

In the trading API you have to specify a "nonce" parameter of an increasing integer value.  This is fine for non-distributed apps.  However, we are developing a distributed app that could be deployed to hundreds or thousands of machines.  This nonce value will be harder to increment in synchronization since normally it is based on a computer's clock.  If two transactions were happening at near the same time, it is possible a late request might arrive before the earlier request due to the unpredictable nature of the Internet.  Is it possible to supply a unique identifier for the nonce instead of an increasing value?

The other solution would be to supply a username and password but I don't know how long this will be supported.

Thanks.

I would be curious to hear more about your needs, and we may be able to provide solutions that fit your needs.

Please contact me (admin@mtgox.com) for more details.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!