misterbigg
Legendary
Offline
Activity: 1064
Merit: 1001
|
|
September 20, 2012, 02:54:44 PM |
|
Can you please add a graph showing the total number of anonymized coins over time?
I did answer this previously. There are no logs of this, so no. My apologies, I did not see the answer. Is this something we can add? It could be as simple as recording the total number of coins per day, or per week. I'd like to know what the demand is for coin mixing. Thanks
|
|
|
|
piuk (OP)
|
|
September 20, 2012, 10:50:24 PM |
|
This really is awesome! Sorry we didn't get a chance to meet up at the BTC conference, it would have been good to thank you personally for the great service you provide to the bitcoin community.
There is always the next year How do we invest in your web site? I think you are the next google/facebook/twitter/bigboobasianladyboys.com
Thank you for the complement, I think:) Investment is not need currently as the site is sufficiently funded for it's current goal. Which is to be a profitable, sustainable business within the current bitcoin economy - "Bitcoin wallet for bitcoiners". Maybe in future we will be looking for more funding for marketing etc, but that is way off yet. The service is actually pretty good, and I encourage you to at least take a deeper look. It took me about 15 mins to integrate it the first time I did. Start here http://boxcar.io/help/api/providersSince the API is really simple to implement I have added it. I'm not sure if the My Wallet app needs approval by the boxcar.io admins but it seems to work for me. Something is wrong with the window called about. The window is moving, being hard to users read. I think the problem is because the window latest transaction is ajax.
I'm not sure what window you mean? A popup dialog? Block updating has stopped. Something is wrong with your site, piuk.
Thanks for letting me know, I have added some extra checks to hopefully prevent this from happening again. Piuk, I really think you should change the top bar to something like the one of www.bitcoincharts.com1- Change the buttons home, charts, stats, api to below the blockchain name/logo 2- In the place of buttons specified above, you could add the informations like: blocks, total of btc, difficulty, ... like how bitcoincharts show. 3- I think the wallet button should be located separated of other buttons and with a better design and bigger size. 4- I think you should remove at least the 3 last lines of the window most recently mined blocks in the bitcoin block chain. I think 10 lines is much. I think your right about number 4. If the header was going to be re-designed it would be at the point when the entire Site was re-designed professionally (ditching bootstrap), for the moment I think it is ok. My apologies, I did not see the answer. Is this something we can add? It could be as simple as recording the total number of coins per day, or per week. I'd like to know what the demand is for coin mixing.
As far as i'm concerned the less logs the better, even if it's only a counter. I would say that demand is moderate, the reason TorWallet turned rogue may have been that demand for mixing wasn't high enough.
|
|
|
|
sunnankar
Legendary
Offline
Activity: 1031
Merit: 1000
|
|
September 20, 2012, 11:15:32 PM Last edit: September 20, 2012, 11:26:34 PM by sunnankar |
|
My apologies, I did not see the answer. Is this something we can add? It could be as simple as recording the total number of coins per day, or per week. I'd like to know what the demand is for coin mixing.
As far as i'm concerned the less logs the better, even if it's only a counter. I would say that demand is moderate, the reason TorWallet turned rogue may have been that demand for mixing wasn't high enough. Aren't you snoopy misterbigg and I am sure you are not the only one. I think the less logs the better also. But getting to demand, perhaps the market could set the rate instead of it constantly being 1.5%. Then 'interest' could be earned on bitcoin balances. Of course, one of the risks may be that the private key needs to be entrusted to Blockchain.info .... But a whole range of products could be developed like CDs, for depositors, where the bitcoins are entrusted for a certain amount of time, etc. or for customers automated payments that could be made based on an algorithm where the variables of which could be tweaked by the user (time, amount, randomness, etc.). For example, 50 BTC are sent and over 30 days those 50 BTC are sent via 27 addresses, all with 0% taint to each other, to 1 address and the amounts of each payment are of a same amount (like for children's allowances, etc.) or sufficiently random, or fall within a normal distribution for particular behavior like website donations, etc., to provide plausible deniability for the receiver. This could all help drive the 1.5% fee lower, which is competing with other goods/services, while revenues and profits could be increased through volumes since marginal cost is 0. And we all like cheap! And if Blockchain.info is able to maintain its trust agent status it could develop a very useful business for both depositors and customers.
|
|
|
|
Krak
|
|
September 20, 2012, 11:20:08 PM |
|
I've been trying to make a paper wallet according to this tutorial, but I don't see an offline mode button on the login page. Is there a new way of doing this? I've never made a paper wallet before. The Offline checkbox was removed, the documentation needs updating. To use offline mode now just disconnect your internet and refresh the login page. Be sure to clear the browsers cache before connecting to the internet again. I tried that, but when I went to print off my paper wallet, it only showed my online wallets. I thought about making it online, printing the wallet and then just deleting the private key. Would that be secure enough? Anybody know the answer here?
|
BTC: 1KrakenLFEFg33A4f6xpwgv3UUoxrLPuGn
|
|
|
BkkCoins
|
|
September 21, 2012, 12:13:25 AM |
|
I've been trying to make a paper wallet according to this tutorial, but I don't see an offline mode button on the login page. Is there a new way of doing this? I've never made a paper wallet before. The Offline checkbox was removed, the documentation needs updating. To use offline mode now just disconnect your internet and refresh the login page. Be sure to clear the browsers cache before connecting to the internet again. I tried that, but when I went to print off my paper wallet, it only showed my online wallets. I thought about making it online, printing the wallet and then just deleting the private key. Would that be secure enough? Anybody know the answer here? I don't have an answer exactly but I can recommend bitaddress.org to create a 100% offline paper wallet. It works well. And it's easy to import your addresses for watching purposes afterwards into blockchain.info. That let's you still create your keys completely offline.
|
|
|
|
Krak
|
|
September 21, 2012, 01:14:39 AM |
|
I don't have an answer exactly but I can recommend bitaddress.org to create a 100% offline paper wallet. It works well. And it's easy to import your addresses for watching purposes afterwards into blockchain.info. That let's you still create your keys completely offline.
Thanks, that looks like it'll work nicely.
|
BTC: 1KrakenLFEFg33A4f6xpwgv3UUoxrLPuGn
|
|
|
RandomQ
|
|
September 21, 2012, 01:07:10 PM Last edit: September 21, 2012, 09:33:25 PM by RandomQ |
|
Getting "ERROR 500" when trying to send funds between addresses hosted in the same wallet. Working again
|
|
|
|
teste
|
|
September 21, 2012, 01:49:49 PM |
|
|
|
|
|
RandomQ
|
|
September 21, 2012, 09:52:12 PM |
|
Minor Security Concern
When you use a Correct 2 factor Password but an incorrect account password, it informs you that the account password is wrong.
IMHO, a website should never verify which password is incorrect when there are two and should give a generic message saying one of the two passwords are incorrect.
Same theory behind when having account name or password wrong, best practice is to say the password or account is wrong.
The Second Issue
It appears that Google Authenticator is not correctly implemented.
Google Authenticator is a Time-based One-time Password (TOTP) algorithm
If you verify that the Google Authenticator password is correct when using a bad account password,it should burn that password.
I have verified this operation with other authenticator based accounts, and if you use a try to reused a code before the time-limit expires it will not let you.
This is designed this way that if the password is intercepted, and used by the User it can't be reused within the Time-Limit.
RFC 4226 RFC 6238
|
|
|
|
FactoredPrimes
Newbie
Offline
Activity: 14
Merit: 0
|
|
September 21, 2012, 09:54:07 PM |
|
Great service. I appreciate the security model.
|
|
|
|
kokojie
Legendary
Offline
Activity: 1806
Merit: 1003
|
|
September 21, 2012, 11:07:18 PM |
|
Minor Security Concern
When you use a Correct 2 factor Password but an incorrect account password, it informs you that the account password is wrong.
IMHO, a website should never verify which password is incorrect when there are two and should give a generic message saying one of the two passwords are incorrect.
Same theory behind when having account name or password wrong, best practice is to say the password or account is wrong.
The Second Issue
It appears that Google Authenticator is not correctly implemented.
Google Authenticator is a Time-based One-time Password (TOTP) algorithm
If you verify that the Google Authenticator password is correct when using a bad account password,it should burn that password.
I have verified this operation with other authenticator based accounts, and if you use a try to reused a code before the time-limit expires it will not let you.
This is designed this way that if the password is intercepted, and used by the User it can't be reused within the Time-Limit.
RFC 4226 RFC 6238
I don't agree with the 1st issue, I want to know which one I got wrong, so I as a legitimate user can correct it. If we went with your implementation of security, imagine if I always typed in the wrong account password for some reason, but I might think google authenticator is broken, since I can't distinguish which password I got wrong. The 2nd issue is really minor, so in less than 30 seconds, some one might be able to make another attempt on my account password, who cares. I can give them 10 years and they wouldn't be able to crack my account password. They either know it by obtaining my password storage file, or they don't.
|
btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
|
|
|
RandomQ
|
|
September 22, 2012, 04:13:11 AM |
|
I don't agree with the 1st issue, I want to know which one I got wrong, so I as a legitimate user can correct it. If we went with your implementation of security, imagine if I always typed in the wrong account password for some reason, but I might think google authenticator is broken, since I can't distinguish which password I got wrong.
The 2nd issue is really minor, so in less than 30 seconds, some one might be able to make another attempt on my account password, who cares. I can give them 10 years and they wouldn't be able to crack my account password. They either know it by obtaining my password storage file, or they don't.
If you login a website that has good security and use the wrong password, it says your username or password is wrong. There is a reason behind it, its to prevent people with huge passwords list from knowing if they have a valid username or valid password. If you use an Invalid 2 factor on GLBSE it says Username or Password is invalid. MtGox is a little different you have to input username & password first then 2 factor. Not as secure but they allow multiple 2 factor devices so it makes up in the long run. Besides current trending security practices dictate not to reuse passwords, I use unique passwords on 95% of the websites i use(per my last security Audit) I have an IT background, and when I see something that could possibly be exploited I report it.(I've seen a ton of exploits over the years)
|
|
|
|
Rassah
Legendary
Offline
Activity: 1680
Merit: 1035
|
|
September 22, 2012, 04:56:15 AM |
|
Hi Piuk. I think there's something wrong with your signature verification function. Please refer to this post: https://bitcointalk.org/index.php?topic=111918.msg1210994#msg1210994The message was signed, from the very first --- to the very last --- (dashed stuff included) using the Satoshi 0.7 wallet. Mine was signed using my 1Rassahgt3XSxKVJ62oSrQJxtH3wk4MKX address, and the other was signed using their 1BYkTioZnM7mQQMzmxSkjJaPyzVN2PiTEY address. Signatures for both addresses were added below. These signatures verify to the same addresses using the Satoshi client, but when I try to use your site to verify a message, it gives me a key totally different from the two mentioned that were used to sign the messages. Do you use your own message signing algorithm that's different from Satoshi?
|
|
|
|
scribe
|
|
September 22, 2012, 08:36:54 AM Last edit: September 22, 2012, 12:59:49 PM by scribe |
|
Oh damn, great news for UK users. Looking forward to testing. Update: Tested. Works. Blown away. This is massive.
|
|
|
|
teste
|
|
September 22, 2012, 07:14:30 PM |
|
|
|
|
|
misterbigg
Legendary
Offline
Activity: 1064
Merit: 1001
|
|
September 22, 2012, 09:37:33 PM |
|
Aren't you snoopy misterbigg and I am sure you are not the only one. I think the less logs the better also.
But getting to demand, perhaps the market could set the rate instead of it constantly being 1.5%. Sorry for the late reply. I'm not snoopy, but I would like to know what the demand for mixing coins is. Clearly, this should be done in a way that preserves privacy. The reason I am interested is because I believe that mixing services are essential for legitimate businesses to be able to conduct transactions with Bitcoins. It's not appealing to commercial interests that wallet balances are public. The only way to keep this private is for mixing to be easily obtained, and cheap. As it stands, 1.5% to anonymize coins is an outrageous price. MtGox doesn't even charge that much if you add up both ends, and they have to pay employees, provide support, retain legal services, and deal with the cost of compliance with the traditional banking system. If you had 10,000 coins and you wanted to mix them, it would cost $1,500! I think that over time, the cost to mix coins will trend towards zero. Everyone will be interested in mixing, and they will just run some open source app, for example one that implements the body of a recent paper regarding decentralized mixing.
|
|
|
|
BkkCoins
|
|
September 22, 2012, 11:08:54 PM |
|
If you had 10,000 coins and you wanted to mix them, it would cost $1,500!
I think you mean $150. But it is costly still. I don't see it as being quite so mandatory for business. The proper way to accept pmts is to use many addresses, one per transaction. If you do that carefully (and perhaps this is where business apps need improvement) there should be no association between addresses and no way to see any meaningful balance.
|
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1003
|
|
September 22, 2012, 11:12:26 PM |
|
piuk I have a small problem. I logged out of my wallet but then accidentally landed on the login screen again which prompted the server to send me another sms for two factor auth but I didn't log in and I deleted the sms. Now when I try again it wont send me a new sms. What should I do? EDIT: nvm, typing in the correct pw and some incorrect sms code resets it
|
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
misterbigg
Legendary
Offline
Activity: 1064
Merit: 1001
|
|
September 23, 2012, 02:26:08 AM |
|
If you had 10,000 coins and you wanted to mix them, it would cost $1,500!
I think you mean $150. But it is costly still. I don't see it as being quite so mandatory for business. The proper way to accept pmts is to use many addresses, one per transaction. If you do that carefully (and perhaps this is where business apps need improvement) there should be no association between addresses and no way to see any meaningful balance. I meant $1,500, given an exchange rate of approximately $10.
|
|
|
|
xchrix
|
|
September 23, 2012, 07:29:28 PM |
|
is it possible to do a blockchain.info like service for litecoin?? would be awesome
|
|
|
|
|