pinballdude
|
|
March 14, 2015, 02:33:59 PM |
|
Nice.. though they didn't get it quite right. The article makes it look like the hard drive space is being used to store files.. I mean I guess that is the eventual plan. I just don't see it as a priority in my mind or the thing that makes us special. I read it as a very close description to reality, the article points out that right now, burst has files used for managing the blockchain, but in the future, file storage will be added. The only confusion might be that i think file storage space and blockchain space will be separate, it will not be such that our plot files suddenly contain data. I found the article very well written, and the best article about burstcoin so far. standing ovation to the guys who wrote it...
|
|
|
|
kurairaito
Newbie
Offline
Activity: 36
Merit: 0
|
|
March 14, 2015, 02:58:28 PM |
|
hello everyboby I just put online french version of burstcoin site www.burstcoin.frI will translate more stuff in the next days. my api can be used from www.burstcoin.fr/api (visit to see usage) but, for now I didn't have time to do big things. Your market cap is not working You can use <?php $burstData = json_decode(file_get_contents("https://block.burstcoin.info/api/?request=price&c=usd")); echo $burstData->c->market_cap; ?> and your price seems fine but for simplicity you can use <?php echo $burstData->price; ?> I think i'll make a bit of an api upgrade tomorrow....make a nice page to document it all Whatever I do I get some error like Curl error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure I tried almost every version of ssl I could test but still no luck. Also tried fopen and file_get_contents without result. But I fixed that with a temporary solution : call my own API on my own test server, which call yours. As I'm not in a dedicated, I can't upgrade openSSL nor php version of burstcoin.fr.
|
|
|
|
Elmit
|
|
March 14, 2015, 03:12:38 PM |
|
Guys keep in mind, regardless of the length of your passphrase, bruteforcing will eventually find accounts. I'm actually surprised this hasn't become more prevalent. Since each wallet is ONLY a passphrase and not a username and passphrase to authenticate against, and there is not a lockout on accounts for how fast you can check a passphrase (unless the blockchain does it). All someone needs to do is bruteforce continually till it happens upon a account. Since everyone is essentially using one username which is identical for all of us and it's impossibly hard to change it once you have one (replotting).
Luckily mine is huge, but with time it will also be broken by a brute force. I'm not certain of the speed at which you could check passwords, but I assume with scripts and modern GPUs you could do some serious bruteforcing on Burst.
Everything can be bruteforce given enough time, but with a password of +200 char it will take ages. the length of the password phrase has nothing to do with that. Each password phrase results in one and only one BURST address, however, more than one password phrase can result into the same BURST address. The address is numeric 20 digits long, so there are max. 99,999,999,999,999,999,999 different burst addresses. Brutforce would be therfore possible. While you "fill up your database" you can always frequently check if an account of the richlist is in the database, whereby you can simplify it to only accounts who have more than 300 Bursts, or so. You do not need to find ALL accounts to empty one account.
|
|
|
|
dcct
|
|
March 14, 2015, 03:22:47 PM |
|
The address is numeric 20 digits long, so there are max. 99,999,999,999,999,999,999 different burst addresses. Brutforce would be therfore possible. While you "fill up your database" you can always frequently check if an account of the richlist is in the database, whereby you can simplify it to only accounts who have more than 300 Bursts, or so. You do not need to find ALL accounts to empty one account.
The numeric address is 64 bits long, your "99,999,999..." is quite a bit off. And have a look at how a "Public Key" is assigned to an account. Its not just protected by these 64 bits!
|
|
|
|
q327K091
Legendary
Offline
Activity: 1792
Merit: 1010
|
|
March 14, 2015, 03:23:21 PM |
|
Guys keep in mind, regardless of the length of your passphrase, bruteforcing will eventually find accounts. I'm actually surprised this hasn't become more prevalent. Since each wallet is ONLY a passphrase and not a username and passphrase to authenticate against, and there is not a lockout on accounts for how fast you can check a passphrase (unless the blockchain does it). All someone needs to do is bruteforce continually till it happens upon a account. Since everyone is essentially using one username which is identical for all of us and it's impossibly hard to change it once you have one (replotting).
Luckily mine is huge, but with time it will also be broken by a brute force. I'm not certain of the speed at which you could check passwords, but I assume with scripts and modern GPUs you could do some serious bruteforcing on Burst.
Everything can be bruteforce given enough time, but with a password of +200 char it will take ages. the length of the password phrase has nothing to do with that. Each password phrase results in one and only one BURST address, however, more than one password phrase can result into the same BURST address. The address is numeric 20 digits long, so there are max. 99,999,999,999,999,999,999 different burst addresses. Brutforce would be therfore possible. While you "fill up your database" you can always frequently check if an account of the richlist is in the database, whereby you can simplify it to only accounts who have more than 300 Bursts, or so. You do not need to find ALL accounts to empty one account. maybe if you have access to the machine on which BURST passphrase was generated (without knowing passphrase) the only weakness I see and I am sure is somewhere there to improve it on the roadmap is that BURST does not like PGP for instance use some truly random source of entropy (such as moving mouse around with your hand during key generation phase) so it is feasible one could use sophisticated differential analysis to derive the passphrase do not even think to gain access to my physical machine
|
|
|
|
pinballdude
|
|
March 14, 2015, 03:32:13 PM |
|
Can I mine with external HDD ?
Yes! But it's need to be USB 3.0 or eSATA if you want to improve read speed! USB 2.0 works too but it's slow for Burst mining. PS: I think a F.A.Q. would be good for repeated questions USB 3.0 is faster, but i have several 4 TB USB 3.0 disks on USB 2.0 plugs, essentially making them USB 2.0, and this works fine - just not as fine as 3.0. with most blocks my computer manages to read all 4TB from an USB 2.0 connected USB 3.0 drive. I even have a few USB 2.0 drivs on USB 2.0, but they are smaller (like 0.75TB and 0.5TB and 1TB) If you are buying new equipment or mobo definetly go for SATA 600 and USB 3.0, but if you are hooking up old stuff lying around, you can go 2.0 too, and still make some BURST coins. I have some fairly decent motherboards ( msi 990xa-gd55 , msi99xa-gd65) both with at least two pci-express 16x GPU slots, both with 6x600 SATA internal plugs, and 2x USB 3.0 external plugs) - and when i add a (2x 600 SATA, 2x USB 3.0 external) controller to one of the pci-express GPU slots, i have a computer with 8 internal sata 600 drives capacity, and 4 external USB 3.0 drives capacity. plus umpteen USB 2.0 plugs if need be. plug in a 8-core cpu like FX-8150 or FX-8350 , and you've got a pretty decent workstation that mines 12*4TB with no big problems. On windows, lots of RAM is a good idea. Also windows8.1 or 10 is recommended as 7 seems to be having trouble managing its RAM when a lot of reading is going on. The computers can be used for normal work and mining at the same time, but when a block arrives, you might feel interrupted for a few seconds as the CPU gets busy reading data in from all the drives. I guess the choice of miner might play a role, you could mine the drives with a little time difference to avoid hammering the cpu with read requests on 12 drives all at once. i use the original java miner and solo mine, the newer miners out there might be a better choice for me, but i'm lazy and haven't found the need for changing yet. btw i just bought two internal sata 600 4TB intenso drives for 141 euro each, turns out they were toshiba MD04ACA400 7200 rpm 64MB cache drives - that's pretty good value, it was the cheapest 4TB internal drives i could find. They out-spec the USB 3.0 4TB intenso drives quite a bit.
|
|
|
|
Elmit
|
|
March 14, 2015, 03:34:10 PM |
|
The address is numeric 20 digits long, so there are max. 99,999,999,999,999,999,999 different burst addresses. Brutforce would be therfore possible. While you "fill up your database" you can always frequently check if an account of the richlist is in the database, whereby you can simplify it to only accounts who have more than 300 Bursts, or so. You do not need to find ALL accounts to empty one account.
The numeric address is 64 bits long, your "99,999,999..." is quite a bit off. And have a look at how a "Public Key" is assigned to an account. Its not just protected by these 64 bits! Is there a burst address with more than 20 digits numeric? Does any password (even with one single character) always result in the same burst address? If so, then there is a simple relationship: password -> burst address = access !!! However, burst address -> password has multiple possibilities. Therefore I think it is possible to access one burst wallet with two (or more) different passwords !!!!!
|
|
|
|
q327K091
Legendary
Offline
Activity: 1792
Merit: 1010
|
|
March 14, 2015, 03:36:16 PM |
|
The address is numeric 20 digits long, so there are max. 99,999,999,999,999,999,999 different burst addresses. Brutforce would be therfore possible. While you "fill up your database" you can always frequently check if an account of the richlist is in the database, whereby you can simplify it to only accounts who have more than 300 Bursts, or so. You do not need to find ALL accounts to empty one account.
The numeric address is 64 bits long, your "99,999,999..." is quite a bit off. And have a look at how a "Public Key" is assigned to an account. Its not just protected by these 64 bits! Is there a burst address with more than 20 digits numeric? Does any password (even with one single character) always result in the same burst address? If so, then there is a simple relationship: password -> burst address = access !!! However, burst address -> password has multiple possibilities. Therefore I think it is possible to access one burst wallet with two (or more) different passwords !!!!! it is incredible to me you have private phone numbers (seems both land line and mobile) in your signature... no worries I won't call but if you are security oriented.. juuust saying will social security number be next ?
|
|
|
|
bensam1231
Legendary
Offline
Activity: 1750
Merit: 1024
|
|
March 14, 2015, 03:38:08 PM |
|
[miner]new version Burst-miner v1.150314https://www.dropbox.com/s/luq6te1j8dn61p2/miner-burst-1.150314.zip?dl=0* Tiny changes in algo for faster interrupt the threads (tnx haitch) * MaxThreads (Paths) increased to 48+ Added an option to disable the memory cleaning. "UseCleanMem" : false, (by default - true) + Added an option to disable "Winner info" "ShowWinner" : false (by default - true) + Added options to set the address of the server from which to obtain information about the winner "InfoAddr" : "burst.ninja" (by default - InfoAddr = UpdaterAddr) "InfoPort": 8125 (by default - InfoPort = UpdaterPort) also, sometimes may have the crashes PM to me screnshots Thanks bro, especially the winner information. Also what does usesorting do? I still haven't been able to figure this out.
|
I buy private Nvidia miners. Send information and/or inquiries to my PM box.
|
|
|
Elmit
|
|
March 14, 2015, 03:38:41 PM |
|
The address is numeric 20 digits long, so there are max. 99,999,999,999,999,999,999 different burst addresses. Brutforce would be therfore possible. While you "fill up your database" you can always frequently check if an account of the richlist is in the database, whereby you can simplify it to only accounts who have more than 300 Bursts, or so. You do not need to find ALL accounts to empty one account.
The numeric address is 64 bits long, your "99,999,999..." is quite a bit off. And have a look at how a "Public Key" is assigned to an account. Its not just protected by these 64 bits! Is there a burst address with more than 20 digits numeric? Does any password (even with one single character) always result in the same burst address? If so, then there is a simple relationship: password -> burst address = access !!! However, burst address -> password has multiple possibilities. Therefore I think it is possible to access one burst wallet with two (or more) different passwords !!!!! it is incredible to me you have private phone numbers (seems both land line and mobile) in your signature... no worries I won't call but if you are security oriented.. juuust saying Is that really your answer to that? Do you have any question how the relationship between password to burst address is?
|
|
|
|
q327K091
Legendary
Offline
Activity: 1792
Merit: 1010
|
|
March 14, 2015, 03:42:41 PM |
|
The address is numeric 20 digits long, so there are max. 99,999,999,999,999,999,999 different burst addresses. Brutforce would be therfore possible. While you "fill up your database" you can always frequently check if an account of the richlist is in the database, whereby you can simplify it to only accounts who have more than 300 Bursts, or so. You do not need to find ALL accounts to empty one account.
The numeric address is 64 bits long, your "99,999,999..." is quite a bit off. And have a look at how a "Public Key" is assigned to an account. Its not just protected by these 64 bits! Is there a burst address with more than 20 digits numeric? Does any password (even with one single character) always result in the same burst address? If so, then there is a simple relationship: password -> burst address = access !!! However, burst address -> password has multiple possibilities. Therefore I think it is possible to access one burst wallet with two (or more) different passwords !!!!! it is incredible to me you have private phone numbers (seems both land line and mobile) in your signature... no worries I won't call but if you are security oriented.. juuust saying Is that really your answer to that? Do you have any question how the relationship between password to burst address is? weeeeeell no you are right.. let's not drift from the subject.. I have not looked into source code to see exact algorithm.. however I know BURST is derivative of NXT and NXT market cap is $ 13,201,962 , that's a lot of money , there is also rich list and same attack vectors , all safe and appears NXT investors feel safe as well..
|
|
|
|
dcct
|
|
March 14, 2015, 03:44:00 PM |
|
burst address = access !!!
Not true. But I´ll let you find out yourself.
|
|
|
|
q327K091
Legendary
Offline
Activity: 1792
Merit: 1010
|
|
March 14, 2015, 03:46:39 PM |
|
I am actually glad BURST is based on NXT.. for reason of proven security, of course BURST is already very different from NXT.. such as Automated Transactions to which it even beat Ethereum itself..on the timeline
people starting to ask questions such as security and/or double spending ... its time for me to look at the exchanges to see if I can scoop more .. last time it was < 170 sat... but low supply.. maybe someone will unload 2 million at 130 .. let's see....
not yet..
this is a nice chunk on bittrex, someone is recycling free storage again, free thats like 130$ if he can pull this off till block rewards drop some more, he/she better hurry up
0.00000162 268711.12203307 0.4353 1.0300
130$ even weekly won't retire him/her in Bahamas.. in 1920 maybe
|
|
|
|
Elmit
|
|
March 14, 2015, 03:53:18 PM |
|
The address is numeric 20 digits long, so there are max. 99,999,999,999,999,999,999 different burst addresses. Brutforce would be therfore possible. While you "fill up your database" you can always frequently check if an account of the richlist is in the database, whereby you can simplify it to only accounts who have more than 300 Bursts, or so. You do not need to find ALL accounts to empty one account.
The numeric address is 64 bits long, your "99,999,999..." is quite a bit off. And have a look at how a "Public Key" is assigned to an account. Its not just protected by these 64 bits! Is there a burst address with more than 20 digits numeric? Does any password (even with one single character) always result in the same burst address? If so, then there is a simple relationship: password -> burst address = access !!! However, burst address -> password has multiple possibilities. Therefore I think it is possible to access one burst wallet with two (or more) different passwords !!!!! it is incredible to me you have private phone numbers (seems both land line and mobile) in your signature... no worries I won't call but if you are security oriented.. juuust saying Is that really your answer to that? Do you have any question how the relationship between password to burst address is? weeeeeell no you are right.. let's not drift from the subject.. I have not looked into source code to see exact algorithm.. however I know BURST is derivative of NXT and NXT market cap is $ 13,201,962 , that's a lot of money , there is also rich list and same attack vectors , all safe and appears NXT investors feel safe as well.. Still not the answer! But first, do you know that VIA is a protected name? Now you know! Do me a favour. Try to type in a single digit / character as password into your wallet. Does it result into a burst address? Yes/No? Have you seen a Burst address in numeric format more than 20 digits? Yes/No? Now you have tried 10 numbers, 26 characters, maybe even some special characters and still you got always a different burst address. Yes/No? Put all together: If there are only 20 numerical digits for an burst address, than there must be a possibility of more than one password to result to that address. The public key is only necessary to get the first payment, which the original owner has needed to get his first payment. After that you do not need it anymore to operate on your wallet.
|
|
|
|
q327K091
Legendary
Offline
Activity: 1792
Merit: 1010
|
|
March 14, 2015, 03:59:34 PM |
|
The address is numeric 20 digits long, so there are max. 99,999,999,999,999,999,999 different burst addresses. Brutforce would be therfore possible. While you "fill up your database" you can always frequently check if an account of the richlist is in the database, whereby you can simplify it to only accounts who have more than 300 Bursts, or so. You do not need to find ALL accounts to empty one account.
The numeric address is 64 bits long, your "99,999,999..." is quite a bit off. And have a look at how a "Public Key" is assigned to an account. Its not just protected by these 64 bits! Is there a burst address with more than 20 digits numeric? Does any password (even with one single character) always result in the same burst address? If so, then there is a simple relationship: password -> burst address = access !!! However, burst address -> password has multiple possibilities. Therefore I think it is possible to access one burst wallet with two (or more) different passwords !!!!! it is incredible to me you have private phone numbers (seems both land line and mobile) in your signature... no worries I won't call but if you are security oriented.. juuust saying Is that really your answer to that? Do you have any question how the relationship between password to burst address is? weeeeeell no you are right.. let's not drift from the subject.. I have not looked into source code to see exact algorithm.. however I know BURST is derivative of NXT and NXT market cap is $ 13,201,962 , that's a lot of money , there is also rich list and same attack vectors , all safe and appears NXT investors feel safe as well.. Still not the answer! But first, do you know that VIA is a protected name? Now you know! Do me a favour. Try to type in a single digit / character as password into your wallet. Does it result into a burst address? Yes/No? Have you seen a Burst address in numeric format more than 20 digits? Yes/No? Now you have tried 10 numbers, 26 characters, maybe even some special characters and still you got always a different burst address. Yes/No? Put all together: If there are only 20 numerical digits for an burst address, than there must be a possibility of more than one password to result to that address. The public key is only necessary to get the first payment, which the original owner has needed to get his first payment. After that you do not need it anymore to operate on your wallet. can you do me a favor and post the same question in nxt forum, given there are people there with > 100,000$ accounts and they use same system of generation of passphrases, I am sure they will jump on your question asap, trust me, you will cause quite panic (or not) be brave do it! and of course we have exchanges.. do you think that management of bittrex or cryptsy would sit idle, on any sign of security weakness.. (they represent top level addresses) on cryptsy it is something like a half a million dollars I don't have energy to dive into codebase.. but yield other gentlemen whiteboard to elucidate this part of BURST workflow
|
|
|
|
dcct
|
|
March 14, 2015, 03:59:45 PM |
|
After that you do not need it anymore to operate on your wallet.
Ouch! This is completely wrong. Strong opinions combined with little insight are quite annoying
|
|
|
|
luxe
|
|
March 14, 2015, 04:12:07 PM |
|
There are unlimited passwords leading to same Burst address. Once you make a outgoing transaction, the current used password will be bound to address. After that, no other password will work for that Burst address. You will get a message like: 'Address already choosen.'
|
|
|
|
Blago
|
|
March 14, 2015, 04:15:50 PM |
|
... Thanks bro, especially the winner information.
Also what does usesorting do? I still haven't been able to figure this out.
algorithm: multiple threads in parallel read files, each of them get best deadline, sends it to the array to send ( "Sender"). "Sender" every 0.01 seconds sorts this list and get the best one deadline, which sends to the server. https://github.com/Blagodarenko/miner-burst/blob/master/miner.cpp line #1059
|
Relax, I’m russian!... BURST-B2LU-SGCZ-NYVS-HZEPK
|
|
|
kyma
|
|
March 14, 2015, 04:21:10 PM |
|
I am confused on one thing with HDD mining. What is the disk space being used for? (what service is it providing and to who)?
Only for data generated by you, that is needed to mine burst. Let me try again. I don't understand. If I mine Burst with my harddrive space, who is using my harddrive? The whole community I think. Well, that's my point. I'm trying to figure out who this is providing utility to. (In the example of maidsafe the coin/token allows you to use storage space on the network - which works by HDD mining). I just don't see this type of information anywhere. It say's HDD mining in the OP but it doesn't explain anything. Am I missing something?
|
|
|
|
dcct
|
|
March 14, 2015, 04:27:03 PM |
|
I am confused on one thing with HDD mining. What is the disk space being used for? (what service is it providing and to who)?
Only for data generated by you, that is needed to mine burst. Let me try again. I don't understand. If I mine Burst with my harddrive space, who is using my harddrive? The whole community I think. Well, that's my point. I'm trying to figure out who this is providing utility to. (In the example of maidsafe the coin/token allows you to use storage space on the network - which works by HDD mining). I just don't see this type of information anywhere. It say's HDD mining in the OP but it doesn't explain anything. Am I missing something? Its certainly being used, but not to store user´s data in a cloud like way - yet. Like bitcoin miners use their hashing power to secure the network, Burst miners do the same with their storage - in a very energy efficient way.
|
|
|
|
|