Bitcoin Forum
December 03, 2016, 10:10:10 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 [35] 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 ... 168 »
  Print  
Author Topic: Blockchain.info - Bitcoin Block explorer & Currency Statistics  (Read 414042 times)
HostFat
Staff
Legendary
*
Offline Offline

Activity: 2282


I support freedom of choice


View Profile WWW
April 19, 2012, 03:17:18 PM
 #681

It's likely that it'll be perfectly safe for a while, until some dodgy admin gets the idea to scrape all emails for keys and mtgox codes.
I think that this step will be enough for making it secure Smiley
- When "claimed" the key is swept into a new bitcoin address.

He can also add a warning on the email message that says something like: "Be sure that you have your computer secured, because unclaimed bitcoins can be taken by viruses and bad people"

Eternity Wall: Messages lasting forever - The Rock Trading (ref): A good exchange / gateway Ripple, with support for multisig, since 2007. 
https://bitcointa.lk: Bitcointalk backup if offline - Bitcoin Foundation Italia - Blog: http://theupwind.blogspot.it
1480803010
Hero Member
*
Offline Offline

Posts: 1480803010

View Profile Personal Message (Offline)

Ignore
1480803010
Reply with quote  #2

1480803010
Report to moderator
1480803010
Hero Member
*
Offline Offline

Posts: 1480803010

View Profile Personal Message (Offline)

Ignore
1480803010
Reply with quote  #2

1480803010
Report to moderator
The forum was founded in 2009 by Satoshi and Sirius. It replaced a SourceForge forum.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480803010
Hero Member
*
Offline Offline

Posts: 1480803010

View Profile Personal Message (Offline)

Ignore
1480803010
Reply with quote  #2

1480803010
Report to moderator
1480803010
Hero Member
*
Offline Offline

Posts: 1480803010

View Profile Personal Message (Offline)

Ignore
1480803010
Reply with quote  #2

1480803010
Report to moderator
1480803010
Hero Member
*
Offline Offline

Posts: 1480803010

View Profile Personal Message (Offline)

Ignore
1480803010
Reply with quote  #2

1480803010
Report to moderator
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
April 19, 2012, 03:18:11 PM
 #682

You can now send bitcoins via email:
- An email containing the private key is sent to the desired email address.

This seems like a really bad idea.

Email is a postcard.  Writing private keys on postcards is asking for trouble.

The problem is, of course, is setting the precedent.  It's likely that it'll be perfectly safe for a while, until some dodgy admin gets the idea to scrape all emails for keys and mtgox codes.

It's a shame, I know, you're only trying to make it easier to use bitcoins.  Don't do it at the expense of security though.

You have to find a breakpoint somewhere. What about all the banks that send password resets by email? While I agree that email is patently insecure and needs major help, I think this functionality is necessary for new users to help introduce them. Who knows, maybe some new users' coins WILL be stolen because of an email related insecurity - perhaps that would wake them up to the fact that there is more they could do to keep themselves secure.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
realnowhereman
Hero Member
*****
Offline Offline

Activity: 504



View Profile
April 19, 2012, 03:26:23 PM
 #683

You have to find a breakpoint somewhere. What about all the banks that send password resets by email? While I agree that email is patently insecure and needs major help, I think this functionality is necessary for new users to help introduce them. Who knows, maybe some new users' coins WILL be stolen because of an email related insecurity - perhaps that would wake them up to the fact that there is more they could do to keep themselves secure.

While I understand that some websites send passwords and identity confirmations by email; in flagrant lack of appreciation of the danger; I seriously doubt any reputable bank is doing so.  Rather banks are moving more and more to these two-factor systems where they send you a key-generating device.

The problem is considerably worse with bitcoins though; the process of scraping anything that looks like an address and stealing any funds on it could be completely automated very easily.  Scraping every single format of password-resetting email and knowing every single bank account web site's log on method is considerably harder and you leave traces all over the bank's weblogs.  Stealing bitcoins can be done close to anonymously if you've got that magic private key.

You're quite right that there has to be some level of practicality considered.  I'm simply arguing that distributing private bitcoins keys by email to newbies is setting the bar considerably lower than it should be if we're talking about money.

1AAZ4xBHbiCr96nsZJ8jtPkSzsg1CqhwDa
realnowhereman
Hero Member
*****
Offline Offline

Activity: 504



View Profile
April 19, 2012, 03:27:48 PM
 #684

I think that this step will be enough for making it secure Smiley
- When "claimed" the key is swept into a new bitcoin address.

Nope.  This attack is done while the email is in transit.  By the time the victim receives the email and activates the legitimate sweep; the attacker has already stolen the coins.

1AAZ4xBHbiCr96nsZJ8jtPkSzsg1CqhwDa
mcorlett
Donator
Sr. Member
*
Offline Offline

Activity: 308



View Profile
April 19, 2012, 03:30:30 PM
 #685

What if you offered the choice of an optional security question?

If you're sending coins to anyone other than a complete stranger, there should be at least one private detail you could prompt for.

HostFat
Staff
Legendary
*
Offline Offline

Activity: 2282


I support freedom of choice


View Profile WWW
April 19, 2012, 03:32:15 PM
 #686

What if you offered the choice of an optional security question?

If you're sending coins to anyone other than a complete stranger, there should be at least one private detail you could prompt for.
Another good idea Smiley

Eternity Wall: Messages lasting forever - The Rock Trading (ref): A good exchange / gateway Ripple, with support for multisig, since 2007. 
https://bitcointa.lk: Bitcointalk backup if offline - Bitcoin Foundation Italia - Blog: http://theupwind.blogspot.it
piuk
Hero Member
*****
Offline Offline

Activity: 910



View Profile WWW
April 19, 2012, 03:45:08 PM
 #687

Nope.  This attack is done while the email is in transit.  By the time the victim receives the email and activates the legitimate sweep; the attacker has already stolen the coins.

If a malicious admin is reading your emails you've probably got more pressing security issues than loosing a few bitcent.

The key could be encrypted with a shared password or pin but then you loose all convenience of a simple email. When talking about small amounts the benefits out way the risks in my opinion.

What do you think of this:

The email only contains the partial email address of the sender:

you have been sent bitcoins from w_ll_t@_l___h__n.info

When claimed it asks what is the full email address of the sender and the user has to fill in the missing letters. e.g. in this case

wallet@blockchain.info

HostFat
Staff
Legendary
*
Offline Offline

Activity: 2282


I support freedom of choice


View Profile WWW
April 19, 2012, 04:26:11 PM
 #688

There are some options, I will be good if you add all of them Smiley ( the sender should be able to make a choice )
1) Nothing ( as it is now, it will be good if the email will have also a warning like this, example: "Be sure that you have your computer secured, because unclaimed bitcoins can be taken by viruses and bad people" )
2) Hidden email address ( your actual proposal )
3) The sender can write a "question" ( he know that only the receiver know the answer ) and the email will contain the private key encrypted with the hash of the "answer".

Another good thing is the possibility to add a personal message, example: "here is a present for you!"

Eternity Wall: Messages lasting forever - The Rock Trading (ref): A good exchange / gateway Ripple, with support for multisig, since 2007. 
https://bitcointa.lk: Bitcointalk backup if offline - Bitcoin Foundation Italia - Blog: http://theupwind.blogspot.it
R-
Full Member
***
Offline Offline

Activity: 238

Pasta


View Profile WWW
April 19, 2012, 08:23:58 PM
 #689

Hi Ben,
 While this isn't a crucial feature, it is one of the very neat aspects of your site (blockchain.info).



We would love to see more cool statistics like this.

Examples I came up with:
  • fastest block mined (in last 100,000 blocks)
  • slowest block mined (in last 100,000 blocks)
  • link to first block ever mined (genesis block)
  • Day of highest total network hash rate since January 1 2012 (basically highest hash rate of year).


Robert

What a great idea Smiley
piuk
Hero Member
*****
Offline Offline

Activity: 910



View Profile WWW
April 20, 2012, 09:43:08 AM
 #690

What a great idea Smiley

Yep, good ideas. I've added them to the todo list. Thanks.

Here two new graphs for now:

Estimated Blockchain size (Not including database indexes)

My Wallet Transaction Volume



piuk
Hero Member
*****
Offline Offline

Activity: 910



View Profile WWW
April 21, 2012, 11:58:34 AM
 #691

* Full iPhone app now available in the app store

* Multibit can now import blockchain.info wallet files (using the latest git).

Select your encrypted wallet.aes.json or unencrypted wallet.json



Enter your password and second password then press the import private keys button.



This is now the recommended way to restore wallet backups in case anything happens to blockchain.info (and the web interface isn't in your browsers cache). Thank you to Jim618 for merging the changes.

Also thank you to the recent donators.

payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile
April 21, 2012, 12:20:29 PM
 #692

apologies for the ignorance, but could someone give an example of how to call multiaddr?

the documentation under /api is a bit (a lot) vague.

thanks.
piuk
Hero Member
*****
Offline Offline

Activity: 910



View Profile WWW
April 21, 2012, 12:34:35 PM
 #693

apologies for the ignorance, but could someone give an example of how to call multiaddr?

the documentation under /api is a bit (a lot) vague.

thanks.

The usage has changed a bit recently. There is now few parameters:

Mandatory:
- "active" - addresses which you want included in the final balance.

Optional:
- "archived" - addresses which you want included the results calculations but don't want included in the final balance.
- "offset" - skip the first n results
- "filter" - show only transactions of a specific type: sent = 1, received = 2, moved = 3, escrow = 4;

Separate multiple addresses with | e.g.

http://blockchain.info/multiaddr?active=1Cp3FEaXFkSutXGYHKuNkkeYog6bsHpk7a|1HLFLgrwQRuFVu1dhjjPLWqY314DsMjRco|19Wv538dbmoMTtoGPxwqD8N6ZYzFyMBL2U&archived=14Dj368DZyFPDbSbERf53wcGLWefsZUamn

payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile
April 21, 2012, 12:41:05 PM
 #694

apologies for the ignorance, but could someone give an example of how to call multiaddr?

the documentation under /api is a bit (a lot) vague.

thanks.

The usage has changed a bit recently. There is now few parameters:

Mandatory:
- "active" - addresses which you want included in the final balance.

Optional:
- "archived" - addresses which you want included the results calculations but don't want included in the final balance.
- "offset" - skip the first n results
- "filter" - show only transactions of a specific type: sent = 1, received = 2, moved = 3, escrow = 4;

Separate multiple addresses with | e.g.

http://blockchain.info/multiaddr?active=1Cp3FEaXFkSutXGYHKuNkkeYog6bsHpk7a|1HLFLgrwQRuFVu1dhjjPLWqY314DsMjRco|19Wv538dbmoMTtoGPxwqD8N6ZYzFyMBL2U&archived=14Dj368DZyFPDbSbERf53wcGLWefsZUamn


thanks!

so, am i to assume that the limit on the number of addresses queried is related to the GET specification?

or can one POST a larger list?
piuk
Hero Member
*****
Offline Offline

Activity: 910



View Profile WWW
April 21, 2012, 12:43:08 PM
 #695

so, am i to assume that the limit on the number of addresses queried is related to the GET specification?

400 is the limit for active addresses, i'd split it into multiple calls if you need more.

payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile
April 21, 2012, 12:44:43 PM
 #696

so, am i to assume that the limit on the number of addresses queried is related to the GET specification?

400 is the limit for active addresses, i'd split it into multiple calls if you need more.

okay, just curious... don't need anywhere near that many Cheesy
payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile
April 21, 2012, 12:47:49 PM
 #697

sorry one more question if you don't mind... how many confirmations does the 'total_received' amount relate to? is it 1+ and is there a way to get the 0 conf amount?

Code:
"addresses":[

{
"address":"1Cp3FEaXFkSutXGYHKuNkkeYog6bsHpk7a",
"n_tx":3,
"total_received":385000000,
"total_sent":125000000,
"final_balance":260000000
},
piuk
Hero Member
*****
Offline Offline

Activity: 910



View Profile WWW
April 21, 2012, 01:03:01 PM
 #698

sorry one more question if you don't mind... how many confirmations does the 'total_received' amount relate to? is it 1+ and is there a way to get the 0 conf amount?

It is 0 confirmations. Btw if total_received is the only thing you need your better off calling /q/getreceivedbyaddress with multiple addresses e.g.

http://blockchain.info/q/getreceivedbyaddress/14Dj368DZyFPDbSbERf53wcGLWefsZUamn|1HLFLgrwQRuFVu1dhjjPLWqY314DsMjRco|19Wv538dbmoMTtoGPxwqD8N6ZYzFyMBL2U

Default is also 0 confirmations, but you can pass a confirmations parameter if you want something different.

payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile
April 21, 2012, 01:13:18 PM
 #699

sorry one more question if you don't mind... how many confirmations does the 'total_received' amount relate to? is it 1+ and is there a way to get the 0 conf amount?

It is 0 confirmations. Btw if total_received is the only thing you need your better off calling /q/getreceivedbyaddress with multiple addresses e.g.

http://blockchain.info/q/getreceivedbyaddress/14Dj368DZyFPDbSbERf53wcGLWefsZUamn|1HLFLgrwQRuFVu1dhjjPLWqY314DsMjRco|19Wv538dbmoMTtoGPxwqD8N6ZYzFyMBL2U

Default is also 0 confirmations, but you can pass a confirmations parameter if you want something different.

thanks... but that url adds them all together into one amount.

i need a list of total_received per address.

did you modify/customize your bitcoind to be able to provide this info? if the standard one could do this i might not need to use a 3rd party api.
payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile
April 21, 2012, 01:30:56 PM
 #700

Default is also 0 confirmations, but you can pass a confirmations parameter if you want something different.

hmmm... i tried

confirmation=
confirmations=
conf=
minconf=

and none worked for me.
...and i've run out of guesses Cheesy
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 [35] 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 ... 168 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!