Bitcoin Forum
November 06, 2024, 07:21:06 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 [6] 7 8 9 10 11 »  All
  Print  
Author Topic: BitFloor.com Rocks!  (Read 17603 times)
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
June 23, 2012, 07:04:04 PM
 #101

Is there a way to use a yubikey with bitfloor?

Or google authenticator.

I don't want to rely on my phone.
Google "JAuth". Works great for me.

Code:
java -jar jauth.jar -secret=INSERT_SECRET_HERE

or

Code:
java -jar jauth.jar secret.txt

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
bb113
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
June 23, 2012, 07:20:07 PM
 #102

Is there a way to use a yubikey with bitfloor?

Or google authenticator.

I don't want to rely on my phone.
Google "JAuth". Works great for me.

Code:
java -jar jauth.jar -secret=INSERT_SECRET_HERE

or

Code:
java -jar jauth.jar secret.txt

I actually haven't used authenticator yet and don't really understand how it works. Do I need to do that before using JAuth?

I downloaded the windows installer from here to mess around with it:
https://github.com/mclamp/JAuth/tree/master/Installers

and it is asking me for "[my] one time key from the RC website"
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
June 23, 2012, 07:23:05 PM
 #103

The one time key is provided to you when you sign up for a service such as GLBSE. It gets stored in your home directory in a file called jauth.rc.

What I do on Windows is create a file called glbse.secret and aws.secret or whatever, and paste the secret key in there. Then, create a shortcut that points to "jauth.exe glbse.secret", and it will load the secret from the file.

You can skip the part in the installer where it asks for a secret. You don't need a phone or Google at all to use it. Backup your secret, and keep it in a Truecrypt volume.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
bb113
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
June 23, 2012, 07:26:57 PM
 #104

The one time key is provided to you when you sign up for a service such as GLBSE. It gets stored in your home directory in a file called jauth.rc.

What I do on Windows is create a file called glbse.secret and aws.secret or whatever, and paste the secret key in there. Then, create a shortcut that points to "jauth.exe glbse.secret", and it will load the secret from the file.

You can skip the part in the installer where it asks for a secret. You don't need a phone or Google at all to use it. Backup your secret, and keep it in a Truecrypt volume.

And you do this on a different computer than you use to e.g. trade on bitfloor?
bb113
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
June 23, 2012, 07:28:15 PM
 #105

Also, bitfloor appears to be down as well. I can't do anything but transfer funds around.
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
June 23, 2012, 07:29:51 PM
 #106

And you do this on a different computer than you use to e.g. trade on bitfloor?
That would be the most secure way to do it, but not required.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
genuise
Sr. Member
****
Offline Offline

Activity: 379
Merit: 250


View Profile WWW
June 23, 2012, 07:32:14 PM
 #107

Also, bitfloor appears to be down as well. I can't do anything but transfer funds around.

Up for me

bb113
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
June 23, 2012, 07:39:49 PM
 #108

Also, bitfloor appears to be down as well. I can't do anything but transfer funds around.

Up for me


I am still getting this. Restarted browser, logged out, etc.

Also, can't place a limit order:

Quote
no such profile: order_gateway

or

Quote
Property 'detective' of object #<Object> is not a function

To rjk:
I am somewhat confused as to what is going on with JAuth and the readme is not very helpful. Do you have a link to a good guide?
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
June 23, 2012, 07:50:05 PM
 #109

To rjk:
I am somewhat confused as to what is going on with JAuth and the readme is not very helpful. Do you have a link to a good guide?
No I don't know of any good guides. JAuth is meant to be a drop-in replacement for Google Authenticator, so you have to use a service that uses GA. When you enable GA on such a service, it will give you a "secret" which is a string of random characters. You then use JAuth to generate a 6-digit PIN from that secret, which is also Time-based. So they expire ever 30 sec or so. Make sure your system's clock is correct.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
bb113
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
June 23, 2012, 08:20:54 PM
 #110

Home Directory//.JAuth.rc

Code:
sys.programGroupAllUsers$Boolean=true
secret=THIS-IS-A-DUMMY-SECRET
sys.programGroupDisabled$Boolean=false
sys.languageId=en
sys.programGroupName=JAuth OpenAuth Desktop Client
sys.installationDir=C\:\\Program Files\\JAuth

Ok so right now it is using some algorithm to generate those 6 digit pins from "THIS-IS-A-DUMMY-SECRET" and the current time rounded to the nearest 30 seconds? So I can either change the text there or do what you recommend and open a file consisting of some secret string (key, whatever) using:

Code:
java -jar jauth.jar secret.txt

Or (same thing) create a shortcut pointing to:
"jauth.exe glbse.secret"

If I set up authenticator on bitfloor I will need to input my secret string. If I used google authenticator it would generate a secret string for me which I would then be telling bitfloor. Then when I log in bitfloor will ask me to generate a pin and input it, while at the same time generating one on their end. If these are the same I am able to log in. Also, if I write down the secret provided by google authenticator I can simply input that into JAuth if I lose my phone, which will then generate the 6 digit pin that allows me to log in.

If I only use a computer, should I have the secret.txt file saved only in a truecrypt volume? It seems insecure to have it just out in the open.

rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
June 23, 2012, 08:47:57 PM
 #111

Yeah I used GLBSE as an example because I wasn't sure whether bitfloor supported it. Depending on how you want the balance of usability and security to be, you could store it in Truecrypt. You would have to unlock the volume any time you wanted to use it though. Generally, when you set up GA the website such as bitfloor would give you a secret string. You just create a blank text file and paste the secret in there, and then use the text file's name as the only argument to jauth.exe. For instance:

Code:
"C:\Program Files (x86)\JAuth\JAuth.exe" D:\TruecryptStuff\bitfloor.secret.txt

With that example, your truecrypt stuff is mounted at D:

The jauth.rc file is optional, and only used if you don't want to create a custom shortcut to launch with an argument. You could store the secret there, and then no other changes would need to be made.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
bb113
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
June 23, 2012, 09:01:15 PM
 #112

So there is a trade on gox and now bitfloor started working for me as well.
bb113
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
June 23, 2012, 09:06:31 PM
 #113

Yeah I used GLBSE as an example because I wasn't sure whether bitfloor supported it. Depending on how you want the balance of usability and security to be, you could store it in Truecrypt. You would have to unlock the volume any time you wanted to use it though. Generally, when you set up GA the website such as bitfloor would give you a secret string. You just create a blank text file and paste the secret in there, and then use the text file's name as the only argument to jauth.exe. For instance:

Code:
"C:\Program Files (x86)\JAuth\JAuth.exe" D:\TruecryptStuff\bitfloor.secret.txt

With that example, your truecrypt stuff is mounted at D:

The jauth.rc file is optional, and only used if you don't want to create a custom shortcut to launch with an argument. You could store the secret there, and then no other changes would need to be made.

Thanks for your help. One last thing I want to verify though:

Quote
Also, if I write down the secret provided by google authenticator I can simply input that into JAuth if I lose my phone, which will then generate the 6 digit pin that allows me to log in.

Is the above true?
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
June 23, 2012, 09:11:24 PM
 #114

Thanks for your help. One last thing I want to verify though:

Quote
Also, if I write down the secret provided by google authenticator I can simply input that into JAuth if I lose my phone, which will then generate the 6 digit pin that allows me to log in.

Is the above true?
Yes. The secret is the key to it, and it theoretically should work across several devices and always generate a working OTP. Your clock must be correct since it is a time-based system.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
bb113
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
June 23, 2012, 09:21:48 PM
 #115

Thanks for your help. One last thing I want to verify though:

Quote
Also, if I write down the secret provided by google authenticator I can simply input that into JAuth if I lose my phone, which will then generate the 6 digit pin that allows me to log in.

Is the above true?
Yes. The secret is the key to it, and it theoretically should work across several devices and always generate a working OTP. Your clock must be correct since it is a time-based system.

Sounds good. So to bitfloor: What is the protocol for when I lose my phone and no longer trust my secret key? I like the yubikey because it can simply remain in a safe place.
ErebusBat
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500

I am the one who knocks


View Profile
June 23, 2012, 09:23:13 PM
 #116

Thanks for your help. One last thing I want to verify though:

Quote
Also, if I write down the secret provided by google authenticator I can simply input that into JAuth if I lose my phone, which will then generate the 6 digit pin that allows me to log in.

Is the above true?
Yes. The secret is the key to it, and it theoretically should work across several devices and always generate a working OTP. Your clock must be correct since it is a time-based system.

Sounds good. So to bitfloor: What is the protocol for when I lose my phone and no longer trust my secret key? I like the yubikey because it can simply remain in a safe place.

Right because something that size can never got lost so that isn't a problem with the yubikey  Roll Eyes

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
June 23, 2012, 09:25:11 PM
 #117

Sounds good. So to bitfloor: What is the protocol for when I lose my phone and no longer trust my secret key? I like the yubikey because it can simply remain in a safe place.

I'm assuming you would just log in and disable 2FA, then re-enable it to generate a new OTP.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
bb113
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
June 23, 2012, 09:26:21 PM
 #118

Thanks for your help. One last thing I want to verify though:

Quote
Also, if I write down the secret provided by google authenticator I can simply input that into JAuth if I lose my phone, which will then generate the 6 digit pin that allows me to log in.

Is the above true?
Yes. The secret is the key to it, and it theoretically should work across several devices and always generate a working OTP. Your clock must be correct since it is a time-based system.

Sounds good. So to bitfloor: What is the protocol for when I lose my phone and no longer trust my secret key? I like the yubikey because it can simply remain in a safe place.

Right because something that size can never got lost so that isn't a problem with the yubikey  Roll Eyes

I don't travel with it... I have lost/destroyed a good number of phones in my time.


Sounds good. So to bitfloor: What is the protocol for when I lose my phone and no longer trust my secret key? I like the yubikey because it can simply remain in a safe place.

I'm assuming you would just log in and disable 2FA, then re-enable it to generate a new OTP.

From Bitfloor site:
Quote
You can setup two factor authentication for your account through Google Authenticator (free Android and iOS app). This provides a higher level of security for your account.

Note: Once two factor authentication has been activated, it will be required to access your account at all times.
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
June 23, 2012, 09:28:15 PM
 #119

Sounds good. So to bitfloor: What is the protocol for when I lose my phone and no longer trust my secret key? I like the yubikey because it can simply remain in a safe place.

I'm assuming you would just log in and disable 2FA, then re-enable it to generate a new OTP.

From Bitfloor site:
Quote
You can setup two factor authentication for your account through Google Authenticator (free Android and iOS app). This provides a higher level of security for your account.

Note: Once two factor authentication has been activated, it will be required to access your account at all times.
Right, but if you have backed up the compromised secret, you could use it one last time to log in and disable 2FA. This assumes that disabling it is an option, of course.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
bb113
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
June 23, 2012, 09:29:07 PM
 #120

Sounds good. So to bitfloor: What is the protocol for when I lose my phone and no longer trust my secret key? I like the yubikey because it can simply remain in a safe place.

I'm assuming you would just log in and disable 2FA, then re-enable it to generate a new OTP.

From Bitfloor site:
Quote
You can setup two factor authentication for your account through Google Authenticator (free Android and iOS app). This provides a higher level of security for your account.

Note: Once two factor authentication has been activated, it will be required to access your account at all times.
Right, but if you have backed up the compromised secret, you could use it one last time to log in and disable 2FA. This assumes that disabling it is an option, of course.

Not sure.
Pages: « 1 2 3 4 5 [6] 7 8 9 10 11 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!