[ANN][DASH] Dash (dash.org) | First Self-Funding Self-Governing Crypto Currency

[Kai Proctor]

I don't get how the 2 machine masternode setup is more secure. If someone can break into either, your setup is toast. And the wallet's security is independent of the machines hosting it -- it relies on the strength of your password & the encryption algorithm. I can't see how the 2 machine configuration helps at all.

Because your master node IP is static, broadcast to the network, and an attacker knows 1000 DRK is on it. Your local machine IP is not listed on the master node list with the 2 machine setup and there are no coins on the server that's running the master node. Double win.

If we could get a port of Armory for Darkcoin you could theoretically do all this with the coins in cold storage. Triple win.

Masternode has to communicate with the node holding the coins, to verify the 1000 DRK are there. So if the masternode can do that, so can an attacker who has compromised the masternode. From there, they just need to break into the secondary node holding the wallet, which will presumably have no better security than the one they already broke into.

My guess is that masternodeA (the one holding the coins) registers in the network like "hey, I want to be a masternode, and I hold 1k DRK, you can check it, and my "masternodeaddr" is this 'masternodeB' (which has 0DRKs)", then the network verifies that masternodeA has 1k DRKs and registers masternodeB in the list of masternodes. When you get the list of masternodes you only get masternodeB.

I guess someone could sniff that initial part of the protocol and find out that masternodeA has 1k DRKs masternodeB has 0 DRKs, but I would say that you don't really even need to have masternodeA available in the network as long as the wallet holds the 1k DRKs, so (and this is just thinking and writing the same time) you could probable even disconnect masternodeA from the network after the initial registration and just leave masternodeB in the network.

If that's how it works, then I wonder why a second machine is necessary? If you only need the wallet present at the initial verification step, why not have a single masternode that verifies the wallet, closes it, and allows you to remove it from the machine?

If it was like this nothing could prevent someone to build thousand masternodes with the same 1000 DRK.

Network would reject a masternode registering twice with the same address, and if you think about moving the 1k DRK to another wallet, network would detect it and stop accepting you as a masternode.

Register a masternode with a wallet with 1000 DRK ----> send the 1000 DRK to an other wallet ----> Register a new masternode with the new wallet ---->  send the 1000 DRK to an other wallet ----> etc.

[jakecrow]

Me thinks we need to issue a few bounties for hackers to test the possible attack vectors against masternode operation, cheating, payments etc, prior to going live (perhaps RC3+?). There's too much new stuff in there and code does have the annoying tendency to break, so... better harden it now than have nasty surprises later on.

I'm pretty sure this was already in the plans, but yes it will definitely need to happen. I don't remember where exactly in the timeline it was planned for - once DarkSend is open source I think?

[mattmct]

Ok, I have verified it works.

Start darkcoind on remote machine.
On your local machine specify the IP at launch with -masternodeaddr=YOUR_SERVER_IP
Unlock your local machine wallet with your passphrase.
On your local machine, ./darkcoind masternode start

Slickness indeed.

So you have to keep it running on another machine, presumably your home machine, with the wallet unlocked?  

You don't have to keep your local machine's wallet unlocked permanently, or even open. Once the remote machine master node starts you can close the local machine's wallet and hide it away for safe keeping.

I look forward to this being officially explained with tutorial.  But thanks for this!

But if we need 1000DRK on our local machine, or another server, to get the main master node running (which has 0 DRK), .... what is there to stop us making multiple nodes with empty wallets from one set of 1000 DRK.

All I can think is we need the 1000DRK wallet to start each empty master node running.  Then use a different wallet with 1000DRK locally to fire up another one.  I look forward to understanding more lol.

[kaene]

In the last 10 pages I read a lot of people asking how to setup a masternode, and many started to offer to pay for someone to help them setting up a masternode. There is an awesome tutorial made by chaeplin in DRKtalk, but I think many of us, and many to come, would love to have a video of it, so I thought that we could organize sort of an event, a webinar, where one of us could explain and setup a masternode (in testnet so that we could see 100% of the steps and still be secure), and then record the webinar and leave it in the official site for future reference (in the future many people will need this)

There are sites like webex.com or gotomeeting.com (both are paid I believe) were we could do this with an acceptable amount of viewers. Because it takes time to prepare it and do it, I think we could organize a donation for the speaker (or if it matches something in the bounty list by LimLims then we have it already).

Is it a good idea? Does anyone feel like doing it? And would it be better to do it already or wait until RC2 is out?

[Kai Proctor]

Ok, I have verified it works.

Start darkcoind on remote machine.
On your local machine specify the IP at launch with -masternodeaddr=YOUR_SERVER_IP
Unlock your local machine wallet with your passphrase.
On your local machine, ./darkcoind masternode start

Slickness indeed.

So you have to keep it running on another machine, presumably your home machine, with the wallet unlocked?  

You don't have to keep your local machine's wallet unlocked permanently, or even open. Once the remote machine master node starts you can close the local machine's wallet and hide it away for safe keeping.

I look forward to this being officially explained with tutorial.  But thanks for this!

But if we need 1000DRK on our local machine, or another server, to get the main master node running (which has 0 DRK), .... what is there to stop us making multiple nodes with empty wallets from one set of 1000 DRK.

All I can think is we need the 1000DRK wallet to start each empty master node running.  Then use a different wallet with 1000DRK locally to fire up another one.  I look forward to understanding more lol.

I think that you have to run both simultaneously. The advantage is that the IP of the machine containing 1000 DRK is not public.

[kaene]

I don't get how the 2 machine masternode setup is more secure. If someone can break into either, your setup is toast. And the wallet's security is independent of the machines hosting it -- it relies on the strength of your password & the encryption algorithm. I can't see how the 2 machine configuration helps at all.

Because your master node IP is static, broadcast to the network, and an attacker knows 1000 DRK is on it. Your local machine IP is not listed on the master node list with the 2 machine setup and there are no coins on the server that's running the master node. Double win.

If we could get a port of Armory for Darkcoin you could theoretically do all this with the coins in cold storage. Triple win.

Masternode has to communicate with the node holding the coins, to verify the 1000 DRK are there. So if the masternode can do that, so can an attacker who has compromised the masternode. From there, they just need to break into the secondary node holding the wallet, which will presumably have no better security than the one they already broke into.

My guess is that masternodeA (the one holding the coins) registers in the network like "hey, I want to be a masternode, and I hold 1k DRK, you can check it, and my "masternodeaddr" is this 'masternodeB' (which has 0DRKs)", then the network verifies that masternodeA has 1k DRKs and registers masternodeB in the list of masternodes. When you get the list of masternodes you only get masternodeB.

I guess someone could sniff that initial part of the protocol and find out that masternodeA has 1k DRKs masternodeB has 0 DRKs, but I would say that you don't really even need to have masternodeA available in the network as long as the wallet holds the 1k DRKs, so (and this is just thinking and writing the same time) you could probable even disconnect masternodeA from the network after the initial registration and just leave masternodeB in the network.

If that's how it works, then I wonder why a second machine is necessary? If you only need the wallet present at the initial verification step, why not have a single masternode that verifies the wallet, closes it, and allows you to remove it from the machine?

If it was like this nothing could prevent someone to build thousand masternodes with the same 1000 DRK.

Network would reject a masternode registering twice with the same address, and if you think about moving the 1k DRK to another wallet, network would detect it and stop accepting you as a masternode.

Register a masternode with a wallet with 1000 DRK ----> send the 1000 DRK to an other wallet ----> Register a new masternode with the new wallet ---->  send the 1000 DRK to an other wallet ----> etc.

You didn't read my reply, the moment you send the 1k coins the network will see it, then it will stop accepting your masternode. The moment you transfer those 1k coins the network will see that your original wallet doesn't have them anymore, so it will deregister your masternode from the list.

[Queeq]

I assume those 1000 DRKs on masternodes are used for operations. Otherwise, how would masternode mix transactions?
Thus, if that is so, to operate on those 1000 DRK a masternode needs access to private key. So it either holds the key itself or decryption passphrase in memory. It could be accessed either through the flaw in daemon or by having the root privileges.

[kaene]

I assume those 1000 DRKs on masternodes are used for operations. Otherwise, how would masternode mix transactions?
Thus, if that is so, to operate on those 1000 DRK a masternode needs access to private key. So it either holds the key itself or decryption passphrase in memory. It could be accessed either through the flaw in daemon or by having the root privileges.

I believe they aren't used at all. The masternode mixes the transactions from everyone sending coins in that moment.

[Kai Proctor]

I don't get how the 2 machine masternode setup is more secure. If someone can break into either, your setup is toast. And the wallet's security is independent of the machines hosting it -- it relies on the strength of your password & the encryption algorithm. I can't see how the 2 machine configuration helps at all.

Because your master node IP is static, broadcast to the network, and an attacker knows 1000 DRK is on it. Your local machine IP is not listed on the master node list with the 2 machine setup and there are no coins on the server that's running the master node. Double win.

If we could get a port of Armory for Darkcoin you could theoretically do all this with the coins in cold storage. Triple win.

Masternode has to communicate with the node holding the coins, to verify the 1000 DRK are there. So if the masternode can do that, so can an attacker who has compromised the masternode. From there, they just need to break into the secondary node holding the wallet, which will presumably have no better security than the one they already broke into.

My guess is that masternodeA (the one holding the coins) registers in the network like "hey, I want to be a masternode, and I hold 1k DRK, you can check it, and my "masternodeaddr" is this 'masternodeB' (which has 0DRKs)", then the network verifies that masternodeA has 1k DRKs and registers masternodeB in the list of masternodes. When you get the list of masternodes you only get masternodeB.

I guess someone could sniff that initial part of the protocol and find out that masternodeA has 1k DRKs masternodeB has 0 DRKs, but I would say that you don't really even need to have masternodeA available in the network as long as the wallet holds the 1k DRKs, so (and this is just thinking and writing the same time) you could probable even disconnect masternodeA from the network after the initial registration and just leave masternodeB in the network.

If that's how it works, then I wonder why a second machine is necessary? If you only need the wallet present at the initial verification step, why not have a single masternode that verifies the wallet, closes it, and allows you to remove it from the machine?

If it was like this nothing could prevent someone to build thousand masternodes with the same 1000 DRK.

Network would reject a masternode registering twice with the same address, and if you think about moving the 1k DRK to another wallet, network would detect it and stop accepting you as a masternode.

Register a masternode with a wallet with 1000 DRK ----> send the 1000 DRK to an other wallet ----> Register a new masternode with the new wallet ---->  send the 1000 DRK to an other wallet ----> etc.

You didn't read my reply, the moment you send the 1k coins the network will see it, then it will stop accepting your masternode.

Meanwhile if I have setup a lot of masternodes, I have a higher probability to be selected and to earn some DRK between two verifications ?

[humanitee]

I assume those 1000 DRKs on masternodes are used for operations. Otherwise, how would masternode mix transactions?
Thus, if that is so, to operate on those 1000 DRK a masternode needs access to private key. So it either holds the key itself or decryption passphrase in memory. It could be accessed either through the flaw in daemon or by having the root privileges.

The master node never mixes its' DRK with the users' DRK. They are separate. It just performs a service (combining user inputs and outputs) and is rewarded for it. It sends the finalized version of the transaction to your client and your client signs the part of the transaction corresponding to your inputs.

The 1000 DRK is to stop there from being too many master nodes and clogging up traffic on the network, and to incentivize the right kind of people to run master nodes (those with significant stake in the coin).

[anonymousxx1503]

Shades of an AltCoin War

There is no question that the last 24-48 hours the AltCoin community, particularly the three "ShadeCoins", White, Dark and Black, have been filled with an incredible amount of both positive and negative energy. There is no question that these three coins are essentially "at war". Having followed the past few days very closely, I wanted to provide my detailed perspective on what has been happening, why, and most importantly, what this means for the future of these coins.

Seriously take your petty speculative b.s. somewhere else. The Darkcoin community is above this and does not care at all about what other coins might be trying to do to dismantle it.

Sorry....don't really see a war. People can buy whatever they want. I encourage everyone to look for themselves and decide what they want to do. Wc is in a strange place. This is a dark place. Please start a new thread.

Big lol @ everything Stratobitz posts. I love when these flavor of the day altcoin "advice" accounts come and post here or anywhere (twitter usually). We get it you doofus, you have a lot of whitecoin, that's why it's the "future". Just feels like these accounts are all some 20 year old retards thinking they've got the world figured out because they guessed right once or twice when it came to altcoins. (Same as @btcwhale who got outed for being a scammer and hyperdoxxed, parents called, that was fun).

Whitecoin = Shitcoin same as cinni, same as all the other POS clones now. There are maybe 10 good altcoins and Whitecoin certainly doesn't make that list.

[slyA]

Shades of an AltCoin War

There is no question that the last 24-48 hours the AltCoin community, particularly the three "ShadeCoins", White, Dark and Black, have been filled with an incredible amount of both positive and negative energy. There is no question that these three coins are essentially "at war". Having followed the past few days very closely, I wanted to provide my detailed perspective on what has been happening, why, and most importantly, what this means for the future of these coins.

Seriously take your petty speculative b.s. somewhere else. The Darkcoin community is above this and does not care at all about what other coins might be trying to do to dismantle it.

Sorry....don't really see a war. People can buy whatever they want. I encourage everyone to look for themselves and decide what they want to do. Wc is in a strange place. This is a dark place. Please start a new thread.

Big lol @ everything Stratobitz posts. I love when these flavor of the day altcoin "advice" accounts come and post here or anywhere (twitter usually). We get it you doofus, you have a lot of whitecoin, that's why it's the "future". Just feels like these accounts are all some 20 year old retards thinking they've got the world figured out because they guessed right once or twice when it came to altcoins. (Same as @btcwhale who got outed for being a scammer and hyperdoxxed, parents called, that was fun).

Whitecoin = Shitcoin same as cinni, same as all the other POS clones now. There are maybe 10 good altcoins and Whitecoin certainly doesn't make that list.

That is it exactly. Its just lonely losers branding themselves whales and trying to gain recognition while not making money off their own advice. Wonderloopss, altcoinace, btcwhale and this strato idiot are the same kind of idiots. We'll get more of them though I assure.

[kaene]

I don't get how the 2 machine masternode setup is more secure. If someone can break into either, your setup is toast. And the wallet's security is independent of the machines hosting it -- it relies on the strength of your password & the encryption algorithm. I can't see how the 2 machine configuration helps at all.

Because your master node IP is static, broadcast to the network, and an attacker knows 1000 DRK is on it. Your local machine IP is not listed on the master node list with the 2 machine setup and there are no coins on the server that's running the master node. Double win.

If we could get a port of Armory for Darkcoin you could theoretically do all this with the coins in cold storage. Triple win.

Masternode has to communicate with the node holding the coins, to verify the 1000 DRK are there. So if the masternode can do that, so can an attacker who has compromised the masternode. From there, they just need to break into the secondary node holding the wallet, which will presumably have no better security than the one they already broke into.

My guess is that masternodeA (the one holding the coins) registers in the network like "hey, I want to be a masternode, and I hold 1k DRK, you can check it, and my "masternodeaddr" is this 'masternodeB' (which has 0DRKs)", then the network verifies that masternodeA has 1k DRKs and registers masternodeB in the list of masternodes. When you get the list of masternodes you only get masternodeB.

I guess someone could sniff that initial part of the protocol and find out that masternodeA has 1k DRKs masternodeB has 0 DRKs, but I would say that you don't really even need to have masternodeA available in the network as long as the wallet holds the 1k DRKs, so (and this is just thinking and writing the same time) you could probable even disconnect masternodeA from the network after the initial registration and just leave masternodeB in the network.

If that's how it works, then I wonder why a second machine is necessary? If you only need the wallet present at the initial verification step, why not have a single masternode that verifies the wallet, closes it, and allows you to remove it from the machine?

If it was like this nothing could prevent someone to build thousand masternodes with the same 1000 DRK.

Network would reject a masternode registering twice with the same address, and if you think about moving the 1k DRK to another wallet, network would detect it and stop accepting you as a masternode.

Register a masternode with a wallet with 1000 DRK ----> send the 1000 DRK to an other wallet ----> Register a new masternode with the new wallet ---->  send the 1000 DRK to an other wallet ----> etc.

You didn't read my reply, the moment you send the 1k coins the network will see it, then it will stop accepting your masternode.

Meanwhile if I have setup a lot of masternodes, I have a higher probability to be selected and to earn some DRK between two verifications ?

A lot of masternodes with a lot 1k DRKs wallets? Your 1k DRKs are never in 2 different wallets, that would be sort of double spending. (I'm not sure I understood your last reply)

[aleix]

In the last 10 pages I read a lot of people asking how to setup a masternode, and many started to offer to pay for someone to help them setting up a masternode. There is an awesome tutorial made by chaeplin in DRKtalk, but I think many of us, and many to come, would love to have a video of it, so I thought that we could organize sort of an event, a webinar, where one of us could explain and setup a masternode (in testnet so that we could see 100% of the steps and still be secure), and then record the webinar and leave it in the official site for future reference (in the future many people will need this)

There are sites like webex.com or gotomeeting.com (both are paid I believe) were we could do this with an acceptable amount of viewers. Because it takes time to prepare it and do it, I think we could organize a donation for the speaker (or if it matches something in the bounty list by LimLims then we have it already).

Is it a good idea? Does anyone feel like doing it? And would it be better to do it already or wait until RC2 is out?

I like the idea. I can donate some DRKs for this

[Donho]

In theory with the blockchain it should be possible to LOCK 1000 DRK you own even on an offline wallet like Armory and Sign with your private key that you have those 1000DRK on an address and then grant a static IP address (Your server running the masternode) the right to be a Masternode.

If you try to move your coins or try to grant those coins to another IP. The network would know because of the blockchain and your Masternode status for the IP would be revoked

So I guess theoretically it should be possible

[eduffield]

I don't get how the 2 machine masternode setup is more secure. If someone can break into either, your setup is toast. And the wallet's security is independent of the machines hosting it -- it relies on the strength of your password & the encryption algorithm. I can't see how the 2 machine configuration helps at all.

Because your master node IP is static, broadcast to the network, and an attacker knows 1000 DRK is on it. Your local machine IP is not listed on the master node list with the 2 machine setup and there are no coins on the server that's running the master node. Double win.

If we could get a port of Armory for Darkcoin you could theoretically do all this with the coins in cold storage. Triple win.

Masternode has to communicate with the node holding the coins, to verify the 1000 DRK are there. So if the masternode can do that, so can an attacker who has compromised the masternode. From there, they just need to break into the secondary node holding the wallet, which will presumably have no better security than the one they already broke into.

I very much doubt the remote master node knows the private keys, because as you have pointed out, it would be of no advantage.

The way I'm thinking about this is that an attacker follows this path:

Get static IP of masternode --> compromise masternode --> figure out IP of secondary node by [magic] --> compromise secondary node

The [magic] part I'm assuming must be possible because the masternode must at some point communicate with the secondary node. But maybe there's some reason why this is infeasible?

Nope, they don't need to communicate. The masternode with the money just needs to sign a message with it. That node broadcasts it to the whole network. After than the secondary masternode is good to go.

[TanteStefana]

can we raise the price a bit?

Can I smack you in the face with a salmon ?? 

 (f´ing credit card... not even an overdraft or anything, stupid web banking mistake....)

check out my sig, use paypal its quick easy and no need for credit card

Fucking hell fearcoka, they charge for everything under the sun!  I lost 4 dollars on 104 dollar transfer from Paypal first thing.  Then they want 4% to buy SLL, which is WAY below going rate at SecondLife, Then more charges, probably 4% to buy BTC, and another 4% to withdraw BTC!  

WARNING!  NEVER EVER USE virwox.com  I have tried many times to understand what they do and how much they charge, and they're so confusing over there.  I'm pulling out my money, at a loss of $8 for taking a leap of faith.  For this I will put them in my sig as a warning never to use them!

[kaene]

I don't get how the 2 machine masternode setup is more secure. If someone can break into either, your setup is toast. And the wallet's security is independent of the machines hosting it -- it relies on the strength of your password & the encryption algorithm. I can't see how the 2 machine configuration helps at all.

Because your master node IP is static, broadcast to the network, and an attacker knows 1000 DRK is on it. Your local machine IP is not listed on the master node list with the 2 machine setup and there are no coins on the server that's running the master node. Double win.

If we could get a port of Armory for Darkcoin you could theoretically do all this with the coins in cold storage. Triple win.

Masternode has to communicate with the node holding the coins, to verify the 1000 DRK are there. So if the masternode can do that, so can an attacker who has compromised the masternode. From there, they just need to break into the secondary node holding the wallet, which will presumably have no better security than the one they already broke into.

I very much doubt the remote master node knows the private keys, because as you have pointed out, it would be of no advantage.

The way I'm thinking about this is that an attacker follows this path:

Get static IP of masternode --> compromise masternode --> figure out IP of secondary node by [magic] --> compromise secondary node

The [magic] part I'm assuming must be possible because the masternode must at some point communicate with the secondary node. But maybe there's some reason why this is infeasible?

Nope, they don't need to communicate. The masternode with the money just needs to sign a message with it. That node broadcasts it to the whole network. After than the secondary masternode is good to go.

Could you disconnect the masternode with the money from the network and even send it to cold storage once the secondary masternode is in the network?

[Donho]

I don't get how the 2 machine masternode setup is more secure. If someone can break into either, your setup is toast. And the wallet's security is independent of the machines hosting it -- it relies on the strength of your password & the encryption algorithm. I can't see how the 2 machine configuration helps at all.

Because your master node IP is static, broadcast to the network, and an attacker knows 1000 DRK is on it. Your local machine IP is not listed on the master node list with the 2 machine setup and there are no coins on the server that's running the master node. Double win.

If we could get a port of Armory for Darkcoin you could theoretically do all this with the coins in cold storage. Triple win.

Masternode has to communicate with the node holding the coins, to verify the 1000 DRK are there. So if the masternode can do that, so can an attacker who has compromised the masternode. From there, they just need to break into the secondary node holding the wallet, which will presumably have no better security than the one they already broke into.

I very much doubt the remote master node knows the private keys, because as you have pointed out, it would be of no advantage.

The way I'm thinking about this is that an attacker follows this path:

Get static IP of masternode --> compromise masternode --> figure out IP of secondary node by [magic] --> compromise secondary node

The [magic] part I'm assuming must be possible because the masternode must at some point communicate with the secondary node. But maybe there's some reason why this is infeasible?

Nope, they don't need to communicate. The masternode with the money just needs to sign a message with it. That node broadcasts it to the whole network. After than the secondary masternode is good to go.

Could you disconnect the masternode with the money from the network and even send it to cold storage once the secondary masternode is in the network?

that's the whole point of it

[fearcoka]

can we raise the price a bit?

Can I smack you in the face with a salmon ?? 

 (f´ing credit card... not even an overdraft or anything, stupid web banking mistake....)

check out my sig, use paypal its quick easy and no need for credit card

Fucking hell fearcoka, they charge for everything under the sun!  I lost 4 dollars on 104 dollar transfer from Paypal first thing.  Then they want 4% to buy SLL, which is WAY below going rate at SecondLife, Then more charges, probably 4% to buy BTC, and another 4% to withdraw BTC!  

WARNING!  NEVER EVER USE virwox.com  I have tried many times to understand what they do and how much they charge, and they're so confusing over there.  I'm pulling out my money, at a loss of $8 for taking a leap of faith.  For this I will put them in my sig as a warning never to use them!

srsly?