|
mczarnek
|
 |
April 28, 2015, 01:54:25 AM |
|
Hey DEV is there a way to limit brute force wallet attacks while not inconveniencing legit wallet owner?
No  Problem is the public ledger, you can download the blockchain yourself and the formula for turning passwords into account numbers is known, so the attacker can brute force his own version of the database, then only use the 'good' passwords. So no, not without some pretty significant changes. What about adding a secondary passphrase? The primary one can't be changed, but it shouldn't be too difficult to add a secondary passphrase that can optionally be blank, and that can be changed. The primary can't be changed because it's tied to the account number, the secondary can just be a suitably secure hash thats not tied to the account ID. H. Actually POW doesn't really make it any harder to crack.. so forget my idea. The problem is that there already is a secure way to generate a password, use the built in password generator instead of inputting your own easy to crack password! Yeah second password would work well.. maybe if there was a way to enter one password from one device and the second from the other device. Also, if you lose one of those passwords(in other words haven't used it for 1 year or however long) then only one password is needed? |
|
|
|
|
haitch
|
|
April 28, 2015, 02:53:42 AM |
|
Hey DEV is there a way to limit brute force wallet attacks while not inconveniencing legit wallet owner?
No Problem is the public ledger, you can download the blockchain yourself and the formula for turning passwords into account numbers is known, so the attacker can brute force his own version of the database, then only use the 'good' passwords. So no, not without some pretty significant changes. What about adding a secondary passphrase? The primary one can't be changed, but it shouldn't be too difficult to add a secondary passphrase that can optionally be blank, and that can be changed. The primary can't be changed because it's tied to the account number, the secondary can just be a suitably secure hash thats not tied to the account ID. H. Actually POW doesn't really make it any harder to crack.. so forget my idea. The problem is that there already is a secure way to generate a password, use the built in password generator instead of inputting your own easy to crack password! Yeah second password would work well.. maybe if there was a way to enter one password from one device and the second from the other device. Also, if you lose one of those passwords(in other words haven't used it for 1 year or however long) then only one password is needed? I will defer to the developers, who are a damn sight smarter than me, to figure out the details; but to me adding a second level of security, that can be controlled by the account owner, seems like a no brainer to me. POW is an interesting idea, in that it could stop brute forcing if you delay so many seconds between password attempt. Two device authentication seems problematic to me - what if I want to make a transaction while mobile, and only have one device? What could be workable is devising a method to securely authorize a device to access the account. Use a second authorizing passphrase to authorize your mac address, which is stored as an account attribute in a hash. Authorized devices would need the account password, unauthorized devices could be temporarily or permanently authenticated by the use of a second level passphrase. The time limit on a secondary password is also interesting. Lose your secondary password and in X time period it expires.Or maybe an AT to trigger a password reset to a registered email address after X blocks with no activity? H. |
███ ███ ███
███ ███ ███
███ ███ ███
███ ███ ███
█████████████████████████
███ ███
███ ███
███ ███ | IRELINE |
██████
██████
██████
██████
██████
██████
██████
██████
| Largest Fund worldwide for distributed application makers
███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
wireline.io - facebook.com/wirelineio - @wirelineio |
██████
██████
██████
██████
██████
██████
██████
██████
| ●⚫⦁ ICO ⦁⚫●
September 1 |
|
|
|
|
|
katlogic
Member
 Offline
Activity: 75
Merit: 10
|
|
April 28, 2015, 12:42:09 PM
Last edit: April 28, 2015, 05:02:44 PM by katlogic |
|
increasing the amount of work to verify a nonce should be for the average wallet user no real issue since there will also be checkpoints added.
for pools this may turn into a big challenge since most current pools seem to have already issues with the nonce verification under high load.
i tested it out and can say all pools except the dev2 one have them (if you run one of them pm me to share info about).
With current PoC settings, top of line CPUs can verify about 100 nonces/s, GPUs about 10k nonce/s (fancy private kernel). GPU and especially ASIC proofing involves raising the difficulty (hash arena size) by at least 1000 fold - which makes it 1 nonce every 10s on CPU, 10 nonce/s on GPU. Pools won't like that (though they can use GPU to make it viable), but especially users syncing blockchain will see this as an inconvenience. Current setting strikes a good balance between user friendlyness and ASIC resistance, but has no safe margin - again ballpark, if top of line GPU can mine as 600GB (with 240s deadline median), ASIC being 1000 times faster equals 600TB. But it will cost more than 600TB worth of drives, and use more power than 120x5TB drive (600W HDDs vs 1kW+ ASIC). Beware that PoC2 works differently and ASIC and HDD work in synergy, not one replacing another. what about a distributed pool feature as next big announcement? does any coin has one?
It wouldn't be that difficult to implement, however I'm not sure about demand for one though. As for alts with p2pool - all bitcoin codebase derived ones can implement one with no effort by adapting existing p2pool code. i already thought of simply doing this using the at technology but it makes only sense for big miners due to the code execution fees.
Yes, p2pool is AT friendly. Note that winners of the round would pay fees to themselves (winning block includes the txes with payouts, with lengthy AT computation), so that wouldn't be an issue. |
|
|
|
|
|
MiningAtlas
|
|
April 28, 2015, 01:23:23 PM |
|
Can i mine this with my rig farm hard drives ? SSD ?   |
|
|
|
|
|
blizzen1
|
|
April 28, 2015, 01:49:03 PM |
|
Yes, but probably SSD too small to make sense
|
Bitrated user: blizzen.
|
|
|
|
Merick
|
|
April 28, 2015, 01:59:39 PM |
|
What does this mean? Was there a theft and the thief had a change of heart? Did BURST get accidentally sent to the wrong address and the receiver sent them back? The origonal statement was that an account was hacked and the funds drained, did this not happen? |
|
|
|
|
|
xizmax
|
|
April 28, 2015, 02:40:23 PM |
|
What does this mean? Was there a theft and the thief had a change of heart? Did BURST get accidentally sent to the wrong address and the receiver sent them back? The origonal statement was that an account was hacked and the funds drained, did this not happen? Passphrase to the account was accidentally leaked, there was no hack. Person who found the leaked passphrase was a victim of a hack themselves a while ago so they did this in effort to 'teach us a lesson' about security, as they were not fortunate enough to have their funds returned. The person is, apparently, a supporter of BURST and did not seem to approach this in a malicious way. One could argue whether this kind of 'shock therapy' is the best way to approach security issues, but the issue at hand was successfully resolved and it served as a reminder to keep us on our toes when it comes to security. We have all agreed to work together on improving BURST security both technologically and in improving our own diligence about our coins/passphrases. |
|
|
|
|
MiningAtlas
|
|
April 28, 2015, 03:16:55 PM |
|
32. is the smallest i have some bigger but i don't know how to calculate it  |
|
|
|
|
|
|
|
bitladen
|
|
April 28, 2015, 04:20:21 PM |
|
In my opinion.. short term, low prices are good, we need to attract more developers and entrepreneur types and let miners who are mining for short term profit go ahead and dump.. the more business and development minded people we get on board at these prices, the better long term.
I partially agree. Short term low prices are good, but as long as there is volume. Haven't had any decent volume in ages. If people sell, but not make buy orders, it's not gonna happen. But I see the order book has increased slightly during this week Please let the price fall down to 100 satoshi. At 100 satoshi i will place a 10 BTC buywall (and more BTC incoming if necessary). Please?? Go ahead and dump, I'm buying. Make action on the market, don't just sit and wait |
|
|
|
|
Grim
|
|
April 28, 2015, 04:31:58 PM |
|
isn't 4kb sector size standard these days? |
|
|
|
|
|
|
katlogic
Member
Offline
Activity: 75
Merit: 10
|
|
April 28, 2015, 05:23:02 PM |
|
User Capacity: 1,000,204,886,016 bytes [1.00 TB]
Sector Size: 512 bytes logical/4096 physical
Use smartctl -i /dev/sda (via smartmoontools). Most drives with perpendicular write (built in 2010 and later) have 4096 physical. Note that all PC operating systems always use 4096 (system page) reads/writes, but if partition is misaligned, single page write results read-write-write operation and hdd has to wait for one plate revolution (this is done by controller, not OS). This is not that interesting with burst mining where reads are bunched in staggers, but alignment mismatch slows down general filesystem usage (small writes especially). Windows Vista and higher automatically aligns partitions to 4k, regardless of physical sector size. |
|
|
|
|
coinits
Legendary
Offline
Activity: 1582
Merit: 1019
011110000110110101110010
|
|
April 28, 2015, 05:50:35 PM |
|
Could some please provide a working sample of their conf file with this. Thank you. |
Jump you fuckers! | The thing about smart motherfuckers is they sound like crazy motherfuckers to dumb motherfuckers. | My sig space for rent for 0.01 btc per week.
|
|
|
|
Blago
|
|
April 28, 2015, 06:16:40 PM |
|
Could some please provide a working sample of their conf file with this. Thank you.
my config: {
"Mode" : "pool",
"Server" : "195.209.126.166",
"Port": 8080,
"UpdaterAddr" : "195.209.126.166",
"UpdaterPort": 8080,
"InfoAddr" : "195.209.126.166",
"InfoPort": 8080,
"EnableProxy": false,
"ProxyPort": 8126,
"Paths":["C:\\plots","D:\\plots","E:\\plots","F:\\plots","F:\\plots2","G:\\plots","H:\\plots","H:\\plots2","I:\\plots","J:\\plots","K:\\plots","L:\\plots","M:\\plots"],
"CacheSize" : 102400,
"ShowMsg" : false,
"ShowUpdates" : false,
"UseSorting" : true,
"Debug": true,
"SendBestOnly": true,
"UseFastRcv" : false,
"SendInterval": 200,
"UpdateInterval": 1000,
"UseLog" : true,
"ShowWinner" : true,
"UseBoost" : false
}
"CacheSize" : 102400 - how many nonces reads and process per once smartctl info: Sector Sizes: 512 bytes logical, 4096 bytes physical
|
Relax, I’m russian!...
BURST-B2LU-SGCZ-NYVS-HZEPK
|
|
|
coinits
Legendary
Offline
Activity: 1582
Merit: 1019
011110000110110101110010
|
|
April 28, 2015, 06:40:33 PM |
|
Could some please provide a working sample of their conf file with this. Thank you.
my config: {
"Mode" : "pool",
"Server" : "195.209.126.166",
"Port": 8080,
"UpdaterAddr" : "195.209.126.166",
"UpdaterPort": 8080,
"InfoAddr" : "195.209.126.166",
"InfoPort": 8080,
"EnableProxy": false,
"ProxyPort": 8126,
"Paths":["C:\\plots","D:\\plots","E:\\plots","F:\\plots","F:\\plots2","G:\\plots","H:\\plots","H:\\plots2","I:\\plots","J:\\plots","K:\\plots","L:\\plots","M:\\plots"],
"CacheSize" : 102400,
"ShowMsg" : false,
"ShowUpdates" : false,
"UseSorting" : true,
"Debug": true,
"SendBestOnly": true,
"UseFastRcv" : false,
"SendInterval": 200,
"UpdateInterval": 1000,
"UseLog" : true,
"ShowWinner" : true,
"UseBoost" : false
}
"CacheSize" : 102400 - how many nonces reads and process per once smartctl info: Sector Sizes: 512 bytes logical, 4096 bytes physical
cпacибo tip sent to BURST-B2LU-SGCZ-NYVS-HZEPK |
Jump you fuckers! | The thing about smart motherfuckers is they sound like crazy motherfuckers to dumb motherfuckers. | My sig space for rent for 0.01 btc per week.
|
|
|
okae
Legendary
Offline
Activity: 1401
Merit: 1008
northern exposure
|
|
April 28, 2015, 06:59:50 PM |
|
ty for your hard work blago, i really apreciate it, your new miner works like a charm, like always  |
|
|
|
|
mmmaybe
|
|
April 28, 2015, 08:14:33 PM |
|
I do not read all thing about what happen since my english is limited but i am not sure now i want to buy more asset/share in ByteEnt.
*Effective Immediately, all ByteEnt and ByteBank asset payouts are paused while we figure out this issue.
No need to worry, I put things on pause for a minute while I figured it all out. It has been figured out and things will go back to normal. If this had been something that affected things more long term, I would have made other adjustments. No matter what there is no reason to avoid Byte Enterprises' assets. It is all about the people behind them, and I would never rip anyone off. Thank you. Might add that irontiga got one million BURST richer due to some idiot who gambled with him at 6am, after two hours of sleep the last 48h, while the idiot had nothing to win and only could lose. The coins have been transfered to a happy tiga, while the idiot just feel sick. |
|
|
|
bensam1231
Legendary
Offline
Activity: 1764
Merit: 1024
|
|
April 28, 2015, 08:35:43 PM |
|
The new version doesn't use 100% of my processor and as such mines about 20% slower then the last one. |
I buy private Nvidia miners. Send information and/or inquiries to my PM box.
|
|
|
|
