Bitcoin Forum
December 06, 2016, 06:20:46 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 [7] 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 ... 176 »
  Print  
Author Topic: Devcoin  (Read 369021 times)
Kumala
Hero Member
*****
Offline Offline

Activity: 514


View Profile
November 03, 2011, 03:28:53 AM
 #121

Any exchange already up?

By the way, how am I to read the security requirement of:

3) Passwords should be hashed at least 10,000 times.

Would sha2(UserPassword+UserID+12 digit random number + the_exchanges_secret_word)   qualify?
Or do I need to loop over this 10000 times (with adding the loop counter to the string before hasing again?

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481048446
Hero Member
*
Offline Offline

Posts: 1481048446

View Profile Personal Message (Offline)

Ignore
1481048446
Reply with quote  #2

1481048446
Report to moderator
1481048446
Hero Member
*
Offline Offline

Posts: 1481048446

View Profile Personal Message (Offline)

Ignore
1481048446
Reply with quote  #2

1481048446
Report to moderator
1481048446
Hero Member
*
Offline Offline

Posts: 1481048446

View Profile Personal Message (Offline)

Ignore
1481048446
Reply with quote  #2

1481048446
Report to moderator
btc_artist
Full Member
***
Offline Offline

Activity: 154


Bitcoin!


View Profile WWW
November 03, 2011, 05:07:57 AM
 #122

By the way, how am I to read the security requirement of:

3) Passwords should be hashed at least 10,000 times.

Would sha2(UserPassword+UserID+12 digit random number + the_exchanges_secret_word)   qualify?
Or do I need to loop over this 10000 times (with adding the loop counter to the string before hasing again?

Use bcrypt. Here's an open source PHP implementation.

BTC: 1CDCLDBHbAzHyYUkk1wYHPYmrtDZNhk8zf
LTC: LMS7SqZJnqzxo76iDSEua33WCyYZdjaQoE
Unthinkingbit
Hero Member
*****
Offline Offline

Activity: 900



View Profile
November 03, 2011, 05:28:25 AM
 #123

Hi Shads,

btw the most recent commit of poolserverj should remove the restriction of a single aux chain.  Can't test it properly though until there's another merged mining capable chain.

That's great news.  Now all we need is for merged mining code to be developer further and some more alternate coins to support it.



Hi Kumala,

Any exchange already up?

No.  One person said that he would work on it, but there hasn't been any progress reported.  If two people make an exchange, the first will get the full bounty and the second will get 3/4 of the bounty.

Quote
By the way, how am I to read the security requirement of:

3) Passwords should be hashed at least 10,000 times.

Would sha2(UserPassword+UserID+12 digit random number + the_exchanges_secret_word)   qualify?
Or do I need to loop over this 10000 times (with adding the loop counter to the string before hasing again?

You would need to hash this 10,000 times (with the added loop counter to the string).  In pseudo code, something like:

hash = ''
for i in xrange(10000):
  hash = sha2(hash + UserPassword + UserID + 12 digit random number + the_exchanges_secret_word + str(i))

would qualify.

Bcrypt, as Btc_novice suggested, would be better.



Hi Btc_novice,

Use bcrypt. Here's an open source PHP implementation.

Indeed that would be better.  Thanks for the suggestion and links.

You get an informative post bounty, which is 1/5 of a generation share.  Please post a devcoin address and you'll be added to the next receiver list.

btc_artist
Full Member
***
Offline Offline

Activity: 154


Bitcoin!


View Profile WWW
November 03, 2011, 03:04:09 PM
 #124

Hi Btc_novice,

Use bcrypt. Here's an open source PHP implementation.

Indeed that would be better.  Thanks for the suggestion and links.

You get an informative post bounty, which is 1/5 of a generation share.  Please post a devcoin address and you'll be added to the next receiver list.

Glad to help.

As for a devcoin address, I don't have one yet.  I'm just getting started with bitcoin and litecoin, and haven't had time to investigate other alternative crypto currencies yet.

BTC: 1CDCLDBHbAzHyYUkk1wYHPYmrtDZNhk8zf
LTC: LMS7SqZJnqzxo76iDSEua33WCyYZdjaQoE
Kumala
Hero Member
*****
Offline Offline

Activity: 514


View Profile
November 03, 2011, 03:37:31 PM
 #125


Use bcrypt. Here's an open source PHP implementation.


I'll probably pursue the loop I was mentioning above. Though I found a library that offers bcrypt for the framework I use, but I am trying to keep the source of my Exchange as lean as possible with as few dependency as possible. Every additional library and external code is ultimately a risk in the sense of potential additional vulnerabilities, version dependency (who knows if it will be maintained in the future, etc.).

Lets see, need to wrap up some other features I am currently implementing and testing. Another Chain, will probably also mean an upgrade of memory of the servers.
Unthinkingbit
Hero Member
*****
Offline Offline

Activity: 900



View Profile
November 04, 2011, 02:46:52 AM
 #126

Hi Btc_novice

Glad to help.

As for a devcoin address, I don't have one yet.  I'm just getting started with bitcoin and litecoin, and haven't had time to investigate other alternative crypto currencies yet.

As soon as you get one, post it in the devcoin thread and you'll be added to that receiver round.



Hi Kumala,

I'll probably pursue the loop I was mentioning above. Though I found a library that offers bcrypt for the framework I use, but I am trying to keep the source of my Exchange as lean as possible with as few dependency as possible.
..

That's fine.  I suggest adding a prefix to the hash so that'll it will be a bit easier to upgrade when a better function is used or the loop number is increased.  So in pseudo code, something like:

hash = ''
for i in xrange(10000):
  hash = sha2(hash + UserPassword + UserID + 12 digit random number + the_exchanges_secret_word + str(i))
hash = 'sha2-10000_' + hash

Kumala
Hero Member
*****
Offline Offline

Activity: 514


View Profile
November 06, 2011, 04:44:40 PM
 #127

The exchange is up and running, I have added Devcoin to www.vircurex.com

Unthinkingbit
Hero Member
*****
Offline Offline

Activity: 900



View Profile
November 07, 2011, 11:33:44 PM
 #128

Hi Kumala,

The exchange is up and running, I have added Devcoin to www.vircurex.com

Awesome!

Your exchange qualifies for the four share exchange bounty:
https://bitcointalk.org/index.php?topic=34586.msg552141#msg552141

Furthermore, of the extra eight share security bounties:

1) Strong passwords are required.
2) If there are repeated attempts to login, login should be slowed or a captcha should be used if it's not already.
3) Passwords should be hashed at least 10,000 times.
4) There should be an off site backup, at least 100 kilometers away from the site.
5) Deposits need at least six confirmations before they can be exchanged.

After using I can see that it qualifies for:

1) Strong passwords
5) At least six confirmations

Unfortunately I did not put values on the parts of the security bounties, so I'll do that now:

1) Strong passwords, 2 shares
2) Login should be slowed or a captcha, 2 shares
3) Passwords should be hashed repeatedly, 2 shares
4) Off site backup, 1 share
5) Six plus confirmations, 1 share

So the total bounty that I can see it qualifies for is 4 + 2 for strong passwords + 1 for confirmations = 7 shares.  By the options of five million devcoins (MDVC) per share or ten bitcoins per share, whichever you prefer, from the Bounties Summary at:
https://bitcointalk.org/index.php?topic=34586.msg591984#msg591984

You have the option of 7 generation shares, or 35 million devcoins, or 70 bitcoins.  Please post your preference and corresponding coin address.

To get the remaining security bounties, if the exchange qualifies for some or all additional security bounties, please send me some evidence for each by personal message:

2) An explanation of a defense against repeated login attempts.
3) A code snippet for repeated password hashing.
4) A way of proving that you have an off site backup.


Note to all traders:

I placed some token devcoin buy orders to test the exchange, however I will not place substantial buy orders until there is devcoin merged mining, because until there is merged mining devcoin is not a safe coin.  I recommend that no one else place substantial devcoin buy orders until there is merged mining.

If someone really wants to buy a substantial amount of devcoins before then, they can post a request in the thread to buy devcoins in return for someone's generation shares.  If devcoin has to be restarted because of an attack or code failure, the shares could be resent, although there is no guarantee.

Kumala
Hero Member
*****
Offline Offline

Activity: 514


View Profile
November 08, 2011, 05:07:06 AM
 #129

Hi Unthinkingbit,

1. If you enter the wrong passwort more than 3 times, a Captch shows up (for the next 5 minutes) that you require to enter in order to proceed with the login.
2. On the OS level I use fail2ban to capture attempts to crack the SSH username and password
3. Backup policy: the wallets get backuped up daily, the appplication database gets backed up every 10 minutes (currently full database backup due to its "small' size).
Further backup enhancements are planned: every order execution, withdrawal or deposit will be emailed to an admin account, this will then also allow a recovery with 0 data loss.

I'll send you the code snipplets and an extract from the backup script via PM,

7 generation shares, my DVC address: 1FCJgGYirQ4w2uA3rcE2zwVnD8LVwm8fbB

Thanks
Kumala


caston
Hero Member
*****
Offline Offline

Activity: 720



View Profile WWW
November 08, 2011, 11:14:58 AM
 #130

I'm interested in offering a bounty for an illustrated short story for project in-utero (http://www.in-utero.org) which is a spin-off of Rejuvepedia. (http://www.rejuvepedia.org)

I was thinking of making it something like 5 million DVC + 2000 TBX + 2000 LTC. The bounty may be split amongst the writer and the illustrator if they are different people.

This is not the official announcement of course but would a mixed bounty be ok?

best regards,

Chris

18jL18iH96BBhwUCQn27FQp7ocodSxvJAB
Unthinkingbit
Hero Member
*****
Offline Offline

Activity: 900



View Profile
November 08, 2011, 11:20:47 PM
 #131

Hi Kumala,

Hi Unthinkingbit,

1. If you enter the wrong passwort more than 3 times, a Captch shows up (for the next 5 minutes) that you require to enter in order to proceed with the login.
2. On the OS level I use fail2ban to capture attempts to crack the SSH username and password
3. Backup policy: the wallets get backuped up daily, the appplication database gets backed up every 10 minutes (currently full database backup due to its "small' size).
Further backup enhancements are planned: every order execution, withdrawal or deposit will be emailed to an admin account, this will then also allow a recovery with 0 data loss.

I'll send you the code snipplets and an extract from the backup script via PM,

Thanks for sending the code snippets and backup script extract.  You demonstrated that your exchange meets all requirements for the secure exchange bounty.  Your award is 12 generation shares, which will be around 60 million DVC.  If there end up being more than 36 contributor groups in round 5 and therefore your share turns out to be less than 60 million DVC, I will cover the difference.

Quote
7 generation shares, my DVC address: 1FCJgGYirQ4w2uA3rcE2zwVnD8LVwm8fbB

You'll get 12 generation shares, starting in round 5.

By the way I sent 1,000,000 DVC for address confirmation because I assumed that you wanted devcoins upfront rather than generation shares, I didn't notice that you wrote generation shares until now.  Consider them a bonus  Smiley

Kumala
Hero Member
*****
Offline Offline

Activity: 514


View Profile
November 09, 2011, 02:05:00 AM
 #132

They arrived, many thanks.
Unthinkingbit
Hero Member
*****
Offline Offline

Activity: 900



View Profile
November 09, 2011, 02:49:34 AM
 #133

Hi Caston,

I was thinking of making it something like 5 million DVC + 2000 TBX + 2000 LTC. The bounty may be split amongst the writer and the illustrator if they are different people.

This is not the official announcement of course but would a mixed bounty be ok?

best regards,

Chris

A mixed bounty would be ok.

You can do whatever you want with your devcoins.

Unthinkingbit
Hero Member
*****
Offline Offline

Activity: 900



View Profile
November 09, 2011, 03:06:22 AM
 #134

Hi Kumala,

They arrived, many thanks.

You're welcome.

Thanks for choosing to take the bounty straight from generation, it means less accounting work for me  Smiley

caston
Hero Member
*****
Offline Offline

Activity: 720



View Profile WWW
November 09, 2011, 04:13:15 PM
 #135

I've started writing the draft announcement for the project in-utero bounty.

http://www.in-utero.org/index.php/topic,6.msg6.html

I will revise it and add more details tomorrow. I have probably added far to much information (for background) in some parts and not enough in others.

I will also need to describe the requirements better for the story and the illustrations.

The next bounty will be for an animation of the rejuvenation processes that will be uploaded to youtube.

18jL18iH96BBhwUCQn27FQp7ocodSxvJAB
btc_artist
Full Member
***
Offline Offline

Activity: 154


Bitcoin!


View Profile WWW
November 09, 2011, 06:33:11 PM
 #136

Out of curiosity, what is everybody's take on the purpose and goals of devcoin? (Especially Unthinkingbit's opinion)

BTC: 1CDCLDBHbAzHyYUkk1wYHPYmrtDZNhk8zf
LTC: LMS7SqZJnqzxo76iDSEua33WCyYZdjaQoE
caston
Hero Member
*****
Offline Offline

Activity: 720



View Profile WWW
November 10, 2011, 04:02:18 AM
 #137

Out of curiosity, what is everybody's take on the purpose and goals of devcoin? (Especially Unthinkingbit's opinion)

The way I see it it's a token currency to allow open source projects to trade resources and to pay people for contributions. When you start an open source project you have ideas that there will
be lots of people helping you just because you made it open source yet the reality is that many projects have just one or two developers doing most of the work. Devcoin allows people to help kickstart new or further develop existing projects and get some outside help.

18jL18iH96BBhwUCQn27FQp7ocodSxvJAB
Unthinkingbit
Hero Member
*****
Offline Offline

Activity: 900



View Profile
November 10, 2011, 09:12:52 PM
 #138

The round 5 receiver files are now up:
http://galaxies.mygamesonline.org/receiver_5.csv
https://raw.github.com/Unthinkingbit/charity/master/receiver_5.csv
http://devcoinblockexplorer.info/receiver/receiver_5.csv

They are based on the account 5 file at:
https://raw.github.com/Unthinkingbit/charity/master/account_5.csv

New awards will go into round 6.

Note: there are 38 receiver lines in round 5, so each receiver line gets a minimum of int(4,000 / 38) * 45,000 DVC = 4,725,000 DVC.  The maximum shortfall of Kumula's exchange bounty is 12 * (5,000,000 - 4,725,000) DVC = 3,300,000 DVC.  So I sent 3,300,000 DVC to cover it, in block 17299:
http://107.20.193.62:2750/tx/9dc97fc1cd8d38f31dc810f7899ef3ba68fd672c11cb1f04f1d32f299fd724cb

btc_artist
Full Member
***
Offline Offline

Activity: 154


Bitcoin!


View Profile WWW
November 10, 2011, 09:13:48 PM
 #139

Out of curiosity, what is everybody's take on the purpose and goals of devcoin? (Especially Unthinkingbit's opinion)

The way I see it it's a token currency to allow open source projects to trade resources and to pay people for contributions. When you start an open source project you have ideas that there will
be lots of people helping you just because you made it open source yet the reality is that many projects have just one or two developers doing most of the work. Devcoin allows people to help kickstart new or further develop existing projects and get some outside help.
Thanks for the response.  It seems to me that devcoin has a fatal flaw-- 90% of the benefits go directly to a select group of people (approved by whom?), thus ensuring it would never get adopted as a currency/means of barter by the greater population. Also, what is the motivation to mine it for the greater population?  Or perhaps I'm not understanding it correctly?

BTC: 1CDCLDBHbAzHyYUkk1wYHPYmrtDZNhk8zf
LTC: LMS7SqZJnqzxo76iDSEua33WCyYZdjaQoE
Unthinkingbit
Hero Member
*****
Offline Offline

Activity: 900



View Profile
November 11, 2011, 02:19:23 AM
 #140

This is an update of the wiki bounty.

For the bounty, the developer can choose from either the offered generation shares (minimum five million devcoins), or five million devcoins per share upfront or ten bitcoins per share, whichever you prefer will get generation shares.

Edit: There are now three wikis, and another is not needed; so the options of the devcoins upfront, or bitcoins, have been cancelled. The developer would only get generation shares.


The bounty is for an open source wiki where the contributors get a share of the advertising revenue, converted to devcoins, plus devcoin generation shares.  The developer who makes the wiki gets four generation shares (20 MVDC or 40 BTC).  If the wiki also has some kind of advertising, the developer will get an additional four shares (20 MVDC or 40 BTC).

There are three potential ways of getting advertising revenue:

1) A bitcoin advertising network like Operation Fabulous:
http://www.operationfabulous.com/

2) Handling bitcoin advertising directly.

3) Set up a cooperative in a tax free jurisdiction and connect to regular ad networks.

It doesn't matter what method is used.  All that matters is that only text or picture ads will be accepted, there will be only one ad group on each page, and no malware, porn or scammy stuff.

Whoever sets up the wiki will get a share of the generation to administer it.  However, they do not have total control over the website, they are just administering it for what will eventually be a democratic cooperative.  Of course, they will be part of that cooperative.  There are no notability requirements for the wiki, only the usual no malware, porn or scammy stuff.

If more than one person makes the wiki, the second will get three quarters of the bounty, the third two quarters of the bounty and the fourth one quarter of the bounty.  The next developers would have to maintain a backup of the first wiki, if the first wiki failed for some reason they would bring their wiki to the fore.

Pages: « 1 2 3 4 5 6 [7] 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 ... 176 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!