[ANN][BURST] Burst | Efficient HDD Mining | New 1.2.3 Fork block 92000

[Elmit]

Guys keep in mind, regardless of the length of your passphrase, bruteforcing will eventually find accounts. I'm actually surprised this hasn't become more prevalent. Since each wallet is ONLY a passphrase and not a username and passphrase to authenticate against, and there is not a lockout on accounts for how fast you can check a passphrase (unless the blockchain does it). All someone needs to do is bruteforce continually till it happens upon a account. Since everyone is essentially using one username which is identical for all of us and it's impossibly hard to change it once you have one (replotting).

Luckily mine is huge, but with time it will also be broken by a brute force. I'm not certain of the speed at which you could check passwords, but I assume with scripts and modern GPUs you could do some serious bruteforcing on Burst.

Everything can be bruteforce given enough time, but with a password of +200 char it will take ages.

the length of the password phrase has nothing to do with that. Each password phrase results in one and only one BURST address, however, more than one password phrase can result into the same BURST address.

The address is numeric 20 digits long, so there are max. 99,999,999,999,999,999,999 different burst addresses. Brutforce would be therfore possible.
While you "fill up your database" you can always frequently check if an account of the richlist is in the database, whereby you can simplify it to only accounts who have more than 300 Bursts, or so.
You do not need to find ALL accounts to empty one account.

[dcct]

The address is numeric 20 digits long, so there are max. 99,999,999,999,999,999,999 different burst addresses. Brutforce would be therfore possible.
While you "fill up your database" you can always frequently check if an account of the richlist is in the database, whereby you can simplify it to only accounts who have more than 300 Bursts, or so.
You do not need to find ALL accounts to empty one account.

The numeric address is 64 bits long, your "99,999,999..." is quite a bit off.

And have a look at how a "Public Key" is assigned to an account. Its not just protected by these 64 bits!

[q327K091]

Guys keep in mind, regardless of the length of your passphrase, bruteforcing will eventually find accounts. I'm actually surprised this hasn't become more prevalent. Since each wallet is ONLY a passphrase and not a username and passphrase to authenticate against, and there is not a lockout on accounts for how fast you can check a passphrase (unless the blockchain does it). All someone needs to do is bruteforce continually till it happens upon a account. Since everyone is essentially using one username which is identical for all of us and it's impossibly hard to change it once you have one (replotting).

Luckily mine is huge, but with time it will also be broken by a brute force. I'm not certain of the speed at which you could check passwords, but I assume with scripts and modern GPUs you could do some serious bruteforcing on Burst.

Everything can be bruteforce given enough time, but with a password of +200 char it will take ages.

the length of the password phrase has nothing to do with that. Each password phrase results in one and only one BURST address, however, more than one password phrase can result into the same BURST address.

The address is numeric 20 digits long, so there are max. 99,999,999,999,999,999,999 different burst addresses. Brutforce would be therfore possible.
While you "fill up your database" you can always frequently check if an account of the richlist is in the database, whereby you can simplify it to only accounts who have more than 300 Bursts, or so.
You do not need to find ALL accounts to empty one account.

maybe if you have access to the machine on which BURST passphrase was generated (without knowing passphrase)

the only weakness I see and I am sure is somewhere there to improve it on the roadmap is that BURST does not like PGP for instance use some truly random source of entropy (such as moving mouse around with your hand during key generation phase) so it is feasible one could use sophisticated differential analysis to derive the passphrase

do not even think to gain access to my physical machine

[pinballdude]

Can I mine with external HDD ?

Yes! But it's need to be USB 3.0 or eSATA if you want to improve read speed! USB 2.0 works too but it's slow for Burst mining.

PS: I think a F.A.Q. would be good for repeated questions 

USB 3.0 is faster, but i have several 4 TB USB 3.0 disks on USB 2.0 plugs, essentially making them USB 2.0, and this works fine - just not as fine as 3.0.  with most blocks my computer manages to read all 4TB from an USB 2.0 connected USB 3.0 drive.

I even have a few USB 2.0 drivs on USB 2.0, but they are smaller (like 0.75TB and 0.5TB and 1TB)

If you are buying new equipment or mobo definetly go for SATA 600 and USB 3.0, but if you are hooking up old stuff lying around, you can go 2.0 too, and still make some BURST coins.

I have some fairly decent motherboards ( msi 990xa-gd55  , msi99xa-gd65) both with at least two pci-express 16x GPU slots, both with 6x600 SATA internal plugs, and 2x USB 3.0 external plugs) - and when i add a (2x 600 SATA, 2x USB 3.0 external) controller to one of the pci-express GPU slots, i have a computer with 8 internal sata 600 drives capacity, and 4 external USB 3.0 drives capacity. plus umpteen USB 2.0 plugs if need be.  plug in a 8-core cpu like FX-8150 or FX-8350 , and you've got a pretty decent workstation that mines 12*4TB with no big problems.  On windows, lots of RAM is a good idea. Also windows8.1 or 10 is recommended as 7 seems to be having trouble managing its RAM when a lot of reading is going on.

The computers can be used for normal work and mining at the same time, but when a block arrives, you might feel interrupted for a few seconds as the CPU gets busy reading data in from all the drives. I guess the choice of miner might play a role, you could mine the drives with a little time difference to avoid hammering the cpu with read requests on 12 drives all at once.

i use the original java miner and solo mine, the newer miners out there might be a better choice for me, but i'm lazy and haven't found the need for changing yet.

btw i just bought two internal sata 600 4TB intenso drives for 141 euro each, turns out they were toshiba MD04ACA400 7200 rpm 64MB cache drives - that's pretty good value, it was the cheapest 4TB internal drives i could find. They out-spec the USB 3.0 4TB intenso drives quite a bit.

[Elmit]

The address is numeric 20 digits long, so there are max. 99,999,999,999,999,999,999 different burst addresses. Brutforce would be therfore possible.
While you "fill up your database" you can always frequently check if an account of the richlist is in the database, whereby you can simplify it to only accounts who have more than 300 Bursts, or so.
You do not need to find ALL accounts to empty one account.

The numeric address is 64 bits long, your "99,999,999..." is quite a bit off.

And have a look at how a "Public Key" is assigned to an account. Its not just protected by these 64 bits!

Is there a burst address with more than 20 digits numeric?
Does any password (even with one single character) always result in the same burst address?
If so, then there is a simple relationship: password -> burst address = access !!!
However, burst address -> password  has multiple possibilities.

Therefore I think it is possible to access one burst wallet with two (or more) different passwords !!!!!

[q327K091]

The address is numeric 20 digits long, so there are max. 99,999,999,999,999,999,999 different burst addresses. Brutforce would be therfore possible.
While you "fill up your database" you can always frequently check if an account of the richlist is in the database, whereby you can simplify it to only accounts who have more than 300 Bursts, or so.
You do not need to find ALL accounts to empty one account.

The numeric address is 64 bits long, your "99,999,999..." is quite a bit off.

And have a look at how a "Public Key" is assigned to an account. Its not just protected by these 64 bits!

Is there a burst address with more than 20 digits numeric?
Does any password (even with one single character) always result in the same burst address?
If so, then there is a simple relationship: password -> burst address = access !!!
However, burst address -> password  has multiple possibilities.

Therefore I think it is possible to access one burst wallet with two (or more) different passwords !!!!!

it is incredible to me you have private phone numbers (seems both land line and mobile) in your signature... no worries I won't call but if you are security oriented.. juuust saying

will social security number be next ? 

[bensam1231]

[miner]

new version Burst-miner v1.150314
https://www.dropbox.com/s/luq6te1j8dn61p2/miner-burst-1.150314.zip?dl=0

* Tiny changes in algo for faster interrupt the threads (tnx haitch)
* MaxThreads (Paths) increased to 48

+ Added an option to disable the memory cleaning.
   "UseCleanMem" : false,
   (by default - true)

+ Added an option to disable "Winner info"
  "ShowWinner" : false
   (by default - true)

+ Added options to set the address of the server from which to obtain information about the winner
   "InfoAddr" : "burst.ninja"
    (by default - InfoAddr = UpdaterAddr)

   "InfoPort": 8125
    (by default - InfoPort = UpdaterPort)


also, sometimes may have the crashes  
PM to me screnshots

Thanks bro, especially the winner information.

Also what does usesorting do? I still haven't been able to figure this out.

[Elmit]

The address is numeric 20 digits long, so there are max. 99,999,999,999,999,999,999 different burst addresses. Brutforce would be therfore possible.
While you "fill up your database" you can always frequently check if an account of the richlist is in the database, whereby you can simplify it to only accounts who have more than 300 Bursts, or so.
You do not need to find ALL accounts to empty one account.

The numeric address is 64 bits long, your "99,999,999..." is quite a bit off.

And have a look at how a "Public Key" is assigned to an account. Its not just protected by these 64 bits!

Is there a burst address with more than 20 digits numeric?
Does any password (even with one single character) always result in the same burst address?
If so, then there is a simple relationship: password -> burst address = access !!!
However, burst address -> password  has multiple possibilities.

Therefore I think it is possible to access one burst wallet with two (or more) different passwords !!!!!

it is incredible to me you have private phone numbers (seems both land line and mobile) in your signature... no worries I won't call but if you are security oriented.. juuust saying

Is that really your answer to that?
Do you have any question how the relationship between password to burst address is?

[q327K091]

The address is numeric 20 digits long, so there are max. 99,999,999,999,999,999,999 different burst addresses. Brutforce would be therfore possible.
While you "fill up your database" you can always frequently check if an account of the richlist is in the database, whereby you can simplify it to only accounts who have more than 300 Bursts, or so.
You do not need to find ALL accounts to empty one account.

The numeric address is 64 bits long, your "99,999,999..." is quite a bit off.

And have a look at how a "Public Key" is assigned to an account. Its not just protected by these 64 bits!

Is there a burst address with more than 20 digits numeric?
Does any password (even with one single character) always result in the same burst address?
If so, then there is a simple relationship: password -> burst address = access !!!
However, burst address -> password  has multiple possibilities.

Therefore I think it is possible to access one burst wallet with two (or more) different passwords !!!!!

it is incredible to me you have private phone numbers (seems both land line and mobile) in your signature... no worries I won't call but if you are security oriented.. juuust saying

Is that really your answer to that?
Do you have any question how the relationship between password to burst address is?

weeeeeell no you are right.. let's not drift from the subject.. I have not looked into source code to see exact algorithm.. however I know BURST is derivative of NXT and NXT market cap is $ 13,201,962  , that's a lot of money , there is also rich list and same attack vectors , all safe and appears NXT investors feel safe as well..

[dcct]

burst address = access !!!

Not true.

But I´ll let you find out yourself.

[q327K091]

I am actually glad BURST is based on NXT.. for reason of proven security, of course BURST is already very different from NXT.. such as Automated Transactions to which it even beat Ethereum itself..on the timeline

people starting to ask questions such as security and/or double spending ... its time for me to look at the exchanges to see if I can scoop more .. last time it was < 170 sat... but low supply.. maybe someone will unload 2 million at 130 .. let's see....

not yet..

this is a nice chunk on bittrex, someone is recycling free storage again, free thats like 130$ if he can pull this off till block rewards drop some more, he/she better hurry up

0.00000162  268711.12203307    0.4353   1.0300   

130$ even weekly won't retire him/her in Bahamas.. in 1920 maybe

[Elmit]

The address is numeric 20 digits long, so there are max. 99,999,999,999,999,999,999 different burst addresses. Brutforce would be therfore possible.
While you "fill up your database" you can always frequently check if an account of the richlist is in the database, whereby you can simplify it to only accounts who have more than 300 Bursts, or so.
You do not need to find ALL accounts to empty one account.

The numeric address is 64 bits long, your "99,999,999..." is quite a bit off.

And have a look at how a "Public Key" is assigned to an account. Its not just protected by these 64 bits!

Is there a burst address with more than 20 digits numeric?
Does any password (even with one single character) always result in the same burst address?
If so, then there is a simple relationship: password -> burst address = access !!!
However, burst address -> password  has multiple possibilities.

Therefore I think it is possible to access one burst wallet with two (or more) different passwords !!!!!

it is incredible to me you have private phone numbers (seems both land line and mobile) in your signature... no worries I won't call but if you are security oriented.. juuust saying

Is that really your answer to that?
Do you have any question how the relationship between password to burst address is?

weeeeeell no you are right.. let's not drift from the subject.. I have not looked into source code to see exact algorithm.. however I know BURST is derivative of NXT and NXT market cap is $ 13,201,962  , that's a lot of money , there is also rich list and same attack vectors , all safe and appears NXT investors feel safe as well..

Still not the answer!
But first, do you know that VIA is a protected name? Now you know!

Do me a favour. Try to type in a single digit / character as password into your wallet. Does it result into a burst address? Yes/No?
Have you seen a Burst address in numeric format more than 20 digits? Yes/No?
Now you have tried 10 numbers, 26 characters, maybe even some special characters and still you got always a different burst address. Yes/No?

Put all together:
If there are only 20 numerical digits for an burst address, than there must be a possibility of more than one password to result to that address.
The public key is only necessary to get the first payment, which the original owner has needed to get his first payment. After that you do not need it anymore to operate on your wallet.

[q327K091]

The address is numeric 20 digits long, so there are max. 99,999,999,999,999,999,999 different burst addresses. Brutforce would be therfore possible.
While you "fill up your database" you can always frequently check if an account of the richlist is in the database, whereby you can simplify it to only accounts who have more than 300 Bursts, or so.
You do not need to find ALL accounts to empty one account.

The numeric address is 64 bits long, your "99,999,999..." is quite a bit off.

And have a look at how a "Public Key" is assigned to an account. Its not just protected by these 64 bits!

Is there a burst address with more than 20 digits numeric?
Does any password (even with one single character) always result in the same burst address?
If so, then there is a simple relationship: password -> burst address = access !!!
However, burst address -> password  has multiple possibilities.

Therefore I think it is possible to access one burst wallet with two (or more) different passwords !!!!!

it is incredible to me you have private phone numbers (seems both land line and mobile) in your signature... no worries I won't call but if you are security oriented.. juuust saying

Is that really your answer to that?
Do you have any question how the relationship between password to burst address is?

weeeeeell no you are right.. let's not drift from the subject.. I have not looked into source code to see exact algorithm.. however I know BURST is derivative of NXT and NXT market cap is $ 13,201,962  , that's a lot of money , there is also rich list and same attack vectors , all safe and appears NXT investors feel safe as well..

Still not the answer!
But first, do you know that VIA is a protected name? Now you know!

Do me a favour. Try to type in a single digit / character as password into your wallet. Does it result into a burst address? Yes/No?
Have you seen a Burst address in numeric format more than 20 digits? Yes/No?
Now you have tried 10 numbers, 26 characters, maybe even some special characters and still you got always a different burst address. Yes/No?

Put all together:
If there are only 20 numerical digits for an burst address, than there must be a possibility of more than one password to result to that address.
The public key is only necessary to get the first payment, which the original owner has needed to get his first payment. After that you do not need it anymore to operate on your wallet.

can you do me a favor and post the same question in nxt forum, given there are people there with > 100,000$ accounts and they use same system of generation of passphrases, I am sure they will jump on your question asap, trust me, you will cause quite panic (or not) be brave do it!

and of course we have exchanges.. do you think that management of bittrex or cryptsy would sit idle, on any sign of security weakness.. (they represent top level addresses) on cryptsy it is something like a half a million dollars

I don't have energy to dive into codebase.. but yield other gentlemen whiteboard to elucidate this part of BURST workflow

[dcct]

After that you do not need it anymore to operate on your wallet.

Ouch! This is completely wrong.

Strong opinions combined with little insight are quite annoying  

[luxe]

There are unlimited passwords leading to same Burst address.
Once you make a outgoing transaction, the current used password will be bound to address.
After that, no other password will work for that Burst address.
You will get a message like: 'Address already choosen.'

[Blago]

...
Thanks bro, especially the winner information.

Also what does usesorting do? I still haven't been able to figure this out.

algorithm:
multiple threads in parallel read files, each of them get best deadline, sends it to the array to send ( "Sender").
"Sender" every 0.01 seconds sorts this list and get the best one deadline, which sends to the server.

https://github.com/Blagodarenko/miner-burst/blob/master/miner.cpp  line #1059

[kyma]

I am confused on one thing with HDD mining. What is the disk space being used for? (what service is it providing and to who)?

Only for data generated by you, that is needed to mine burst.

Let me try again. I don't understand. If I mine Burst with my harddrive space, who is using my harddrive?

The whole community I think.

Well, that's my point. I'm trying to figure out who this is providing utility to. (In the example of maidsafe the coin/token allows you to use storage space on the network - which works by HDD mining). I just don't see this type of information anywhere. It say's HDD mining in the OP but it doesn't explain anything. Am I missing something?

[dcct]

I am confused on one thing with HDD mining. What is the disk space being used for? (what service is it providing and to who)?

Only for data generated by you, that is needed to mine burst.

Let me try again. I don't understand. If I mine Burst with my harddrive space, who is using my harddrive?

The whole community I think.

Well, that's my point. I'm trying to figure out who this is providing utility to. (In the example of maidsafe the coin/token allows you to use storage space on the network - which works by HDD mining). I just don't see this type of information anywhere. It say's HDD mining in the OP but it doesn't explain anything. Am I missing something?

Its certainly being used, but not to store user´s data in a cloud like way - yet.

Like bitcoin miners use their hashing power to secure the network, Burst miners do the same with their storage - in a very energy efficient way.

[riskyfire]

I am confused on one thing with HDD mining. What is the disk space being used for? (what service is it providing and to who)?

Only for data generated by you, that is needed to mine burst.

Let me try again. I don't understand. If I mine Burst with my harddrive space, who is using my harddrive?

The whole community I think.

Well, that's my point. I'm trying to figure out who this is providing utility to. (In the example of maidsafe the coin/token allows you to use storage space on the network - which works by HDD mining). I just don't see this type of information anywhere. It say's HDD mining in the OP but it doesn't explain anything. Am I missing something?

The data that is saved onto your hard drive by plotting is only for use with the burstcoin network. The nonces that are saved by plotting are the equivalent of your cpu / gpu hashes as with other crypto coins but instead of been generated fresh everytime, these are saved and only retrieved at specific times.
Burstcoin is not the same as Storj or Maidsafe, in terms of saving useable data or files...At least for the forseable future.

[kyma]

I am confused on one thing with HDD mining. What is the disk space being used for? (what service is it providing and to who)?

Only for data generated by you, that is needed to mine burst.

Let me try again. I don't understand. If I mine Burst with my harddrive space, who is using my harddrive?

The whole community I think.

incorrect. "No one" is the right answer.


As of yet, the space dedicated to BURST mining, is solely for mining. it is not "made use of" in any other way.

However, down the line (it's in the roadmap) we will be adding filestorage to the coin. THEN you will be sharing your drive with others. At that point I will be able to explain to you how it works better.

I think the idea is that you will tell your burst system that it can use, say, 1TB on your drive C and 2TB on your drive D (or whatever) and then burst will make a directory on those two drives that is then used by the burst system. Yor harddisk is not shared as such, only the contents inside those two directories is accessed by the burst system. Much the same as today, but instead of plot files, the miners will create files with information in them, some of it hopefully used for an anonymouns distributed file system.

i think the features and capabilities are still out in the open, but as burst already has users with thousands of terabytes of storage dedicated to burst, that userbase can be turned into a giant cloud service pretty easily.

i imagine the following features would be practical :
anonymous decentralized (government intervention) safe file system :
- user cannot deduct which miners hold parts of his files
- miner cannot deduct which users files he holds
- miner cannot deduct what is in the files he holds
- intermediaries between someone requesting a file, and someone storing a part of it, cannot see what file is being transferred or what the contents are

- files are stored in a tree like structure, perhaps with an addition of a tag cloud per file
- files and directories can be password protected with some sort of key (not transferred, but needed to reveal contents)
- files can be stored such that neither tree placement or filename or contents can be known by other than the person storing

- people storing files, and people reading files pay some transaction fee, and people mining collect this fee as payment for the space they rent out

- files are stored in many places in many small blocks, so a lot of nodes have to drop out of the network at once before a file gets lost. The individual seeder himself of course always has his own local copy too.

- the network somehow detects if a block is getting scarce and then creates more copies of it.

Whoever creates this, will have to read up on a lot of research into distributed file systems, read up on how torrents work, read up on basic cryptology, and be a bit smart and creative on top of that.

I think it should be optional if a user wants to offer filesystem resources with his harddrive space or just plain mine for the blockchain.

the filesystem as described above will do to storage what bitcoin did to finance.

Ohhhhh ok. Thanks for straightening this out . It sure seemed like there was no mention of providing utility (yet?)   Anyway, I was daydreaming about this in class the other day as we we're learning about different storage protocols and HDD arrangements (various RAID configurations) and realized that you could create a distributed file storage systems where people's hosted information is striped across all disks/hosts within a particular RAID set. With enough redundant parity bits, any file could be reconstructed with a bit of computation whenever the file is needed. Of coarse you would use some sort of cryptographic privkey to gain access to the location of each bit you need when you ask the network to access your file. In this way, nobody can reconstruct anyone else's data because each host doesn't have a single file in its entirely. I think what I just described is maidsafe