xalbex
Newbie
Offline
Activity: 6
Merit: 0
|
|
July 10, 2014, 07:56:24 AM |
|
After the release of crypti, developers should buy it with the accumulated funds. In this way, their reward will be connected to the success of the coin. Immediately there will be a safe market capitalization for the coin. New investors will be attracted even after the release of the coin. Crypti will make success more easily!
|
|
|
|
jokumat
|
|
July 10, 2014, 08:33:16 AM |
|
I tried beta web wallet. Seems to be working, incredibly fast and smooth. But with real transaction fees sending cryptsi will be much less fun questions: 1. You can't expect users to write 100+ characters each time they pay (authorising each transaction individually). 2. web wallet should be https
|
|
|
|
coinsolidation
|
|
July 10, 2014, 08:35:04 AM |
|
2. web wallet should be https
This is a MUST. If there is a web wallet which is not https, take it down and move it to https immediately.
|
|
|
|
mydearvoice
|
|
July 10, 2014, 08:38:00 AM |
|
I just want to laugh out loud, I want to look at investors lose money.
|
|
|
|
prix
|
|
July 10, 2014, 08:39:13 AM |
|
I tried beta web wallet. Seems to be working, incredibly fast and smooth. But with real transaction fees sending cryptsi will be much less fun questions: 1. You can't expect users to write 100+ characters each time they pay (authorising each transaction individually). 2. web wallet should be https 1. What is problem with it? They can't save your password it's not safe. As example all my important wallets is encrypted and I use a password any time when I send money. Use KeePass or something for password managing. 2. Today will be update: - Ledger. - OpenSSL for wallet. - Fixes in UI.
|
|
|
|
crypti (OP)
|
|
July 10, 2014, 08:39:40 AM |
|
I tried beta web wallet. Seems to be working, incredibly fast and smooth. But with real transaction fees sending cryptsi will be much less fun questions: 1. You can't expect users to write 100+ characters each time they pay (authorising each transaction individually). 2. web wallet should be https 1. We can't, because in this way we need to store your passphrase in cookie browser. It's dangerous. Every transaction need sign. 2. Yes, we will add SSL today. 3. About fees read first post. Fees decreases with each increasing amounts volume
|
|
|
|
coinsolidation
|
|
July 10, 2014, 08:44:38 AM |
|
1. You can't expect users to write 100+ characters each time they pay (authorising each transaction individually).
1. We can't, because in this way we need to store your passphrase in cookie browser. It's dangerous. Every transaction need sign. You can. Use localStorage in the browser, this is a reasonable solution which requires no usage of cookies. The passphrase is stored in the users local browser. You may want to wrap it so that a traditional username and password creates the key which is used as the passphrase. Use Public key cryptography for this. It is an existing proven approach, look at how ripple has implemented it. I wish for your users this had been discussed and asked before going live.
|
|
|
|
crypti (OP)
|
|
July 10, 2014, 08:50:41 AM |
|
1. You can't expect users to write 100+ characters each time they pay (authorising each transaction individually).
1. We can't, because in this way we need to store your passphrase in cookie browser. It's dangerous. Every transaction need sign. You can. Use localStorage in the browser, this is a reasonable solution which requires no usage of cookies. The passphrase is stored in the users local browser. You may want to wrap it so that a traditional username and password creates the key which is used as the passphrase. Use Public key cryptography for this. It is an existing proven approach, look at how ripple has implemented it. I wish for your users this had been discussed and asked before going live. Localstorage dangerous too, all you passphrases will be stored in your browser. Passphrase create public and private key. We can try to save passphrase in memory, then create something like session. But we need to see how far it is safe.
|
|
|
|
KLONE::Vader
Member
Offline
Activity: 89
Merit: 10
|
|
July 10, 2014, 08:55:11 AM |
|
3. About fees read first post. Fees decreases with each increasing amounts volume
Do fees also increase with each decreasing amounts volume?
|
|
|
|
tobeaj2mer01
Legendary
Offline
Activity: 1098
Merit: 1000
Angel investor.
|
|
July 10, 2014, 08:56:47 AM |
|
As explained earlier, it appears that Bter missed our notification to push the sale 24 hours and went with it on last night 00:00 UTC, rather then today 00:00 UTC. We still will stick to the original plan and count the 30% bonus starting today 00:00 UTC. What do you mean, what about the raised BTC in bter until now, is there any bonus? I have been following this thread and know it had started from the posts this morning.
|
Sirx: SQyHJdSRPk5WyvQ5rJpwDUHrLVSvK2ffFa
|
|
|
KLONE::Vader
Member
Offline
Activity: 89
Merit: 10
|
|
July 10, 2014, 08:58:29 AM |
|
Bter volume 81 BTC... wow
|
|
|
|
prix
|
|
July 10, 2014, 08:59:27 AM |
|
Use localStorage in the browser, this is a reasonable solution which requires no usage of cookies. The passphrase is stored in the users local browser.
LocalStorage is replacement for Cookie. It's not safe. You can read the content of localStorage by using third-party local program or manual using browser tools. Can you tell exactly how Ripple uses the localStorage?
|
|
|
|
tobeaj2mer01
Legendary
Offline
Activity: 1098
Merit: 1000
Angel investor.
|
|
July 10, 2014, 09:10:13 AM |
|
What do you mean, what about the raised BTC in bter until now, is there any bonus? I have been following this thread and know it had started from the posts this morning.
30% bonus will be given for all investments raised today and tomorrow. Will bonus be given as below? 0 BTC = 10% 50 BTC = 9% 100 BTC = 8% 150 BTC = 7% 200 BTC = 6% 250 BTC = 5% 300 BTC = 4% 350 BTC = 3% 400 BTC = 2% 450 BTC = 1% 500 BTC = 0%
|
Sirx: SQyHJdSRPk5WyvQ5rJpwDUHrLVSvK2ffFa
|
|
|
SyRenity
|
|
July 10, 2014, 09:10:42 AM |
|
After the release of crypti, developers should buy it with the accumulated funds. In this way, their reward will be connected to the success of the coin. Immediately there will be a safe market capitalization for the coin. New investors will be attracted even after the release of the coin. Crypti will make success more easily!
It won't be possible, as the raised funds will be controlled by the Foundation, who will spend the funds on development, marketing and promotion. We all prefer to have Crypti reach leading status organically, rather then via manipulations.
|
|
|
|
SyRenity
|
|
July 10, 2014, 09:28:09 AM |
|
Well... there was one person asking already... I know I would go direct (thus making it 18 buyers to go)... do honestly believe it's worth going through all that trouble compensating later? I believe you should come out with a definitive Yes or No before the pre-sale starts... if you don't want the community to start becoming wary just say NO and never provide the option... if you want to assist the people which are interested in such option just say YES. You have a point indeed. There will be no direct channel - all buys to be performed via our escrow partners Bter and Maxmint only.
|
|
|
|
coinsolidation
|
|
July 10, 2014, 09:28:55 AM Last edit: July 10, 2014, 09:41:15 AM by coinsolidation |
|
Use localStorage in the browser, this is a reasonable solution which requires no usage of cookies. The passphrase is stored in the users local browser.
LocalStorage is replacement for Cookie. It's not safe. You can read the content of localStorage by using third-party local program or manual using browser tools. Can you tell exactly how Ripple uses the localStorage? The point of using localStorage and public key cryptography is to mitigate against MITM and replay attacks, cookie/session jacking, and keep the application stateless. The "third-party local program" argument is invalid because a malicious third party local program can read a passphrase input in to a web page also. I think code examples are already open source, or you can just go to the ripple client and look at the code. Many other things use this method too, it is proven.
|
|
|
|
xadidos
|
|
July 10, 2014, 09:40:20 AM |
|
devs, are you guys russian?
|
|
|
|
crypti (OP)
|
|
July 10, 2014, 09:45:29 AM |
|
devs, are you guys russian?
Not all.
|
|
|
|
prix
|
|
July 10, 2014, 09:46:47 AM |
|
The "third-party local program" argument is invalid because a malicious third party local program can read a passphrase input in to a web page also.
Input logging requires higher system rights than reading storage. And sometimes the attacker has remote access to the computer (through vnc or same) and if you have opened page and the password is stored in the browser - the money is taken away. Similar case has been described by one local forum.
|
|
|
|
xadidos
|
|
July 10, 2014, 09:47:56 AM |
|
devs, are you guys russian?
Not all. ok, why don't have topic in russian language?
|
|
|
|
|