[ANN] [LTC] [PPS] [OTP 2FA] [Stratum only] LTCMine PPS mining pool (3.3%)

[Slix]

Hm, that's strange. I have no problem with barcode scan with Android version, maybe it's specific IOS version issue?

We need more reports from IPhone users.

It could very well be an IOS specific issue. Also, I checked and have the latest version of GA for iphone (according to App Store anyway). Version is 1.1.4.757.

[algorithmic]

Hm, that's strange. I have no problem with barcode scan using Android version, maybe it's IOS version specific issue?

We need more reports from IPhone users.

Same problem here with barcode scanning using Google Authenticator on iOS.
The error message looks something like this:

Invalid Barcode
'otpauth://totp/LTCMine.ru mining pool?
secret=XXXXXXXXXXXXXXXX' is
not a valid authentication token barcode

Malformed URL?

[Balthazar]

It seems that iOS version of GoogleAuthenticator can't understand non-escaped spaces in URL. I added workaround for this issue, so it shouldn't appear again with the new barcodes. Thank you.  

[Balthazar]

algorithmic
I can reset your code, if you wish. And you will be able to try barcode scanning again with the new code.

[Slix]

algorithmic
I can reset your code, if you wish. And you will be able to try barcode scanning again with the new code.

Just tested the barcode scan in IOS and it works perfectly.

[Balthazar]

 

[algorithmic]

algorithmic
I can reset your code, if you wish. And you will be able to try barcode scanning again with the new code.

I was going to offer, but looks like someone else succeeded already.  Glad to do it if you need another test.

[ElJay]

Hey when is the option coming available to change my address? I've activated 2FA, but there is still no option appearing to change the address.

[Balthazar]

News for this weekend.

• We see massive brute-force attempts, some chinese subnets are banned because of this.
• Due to brute-force attempts at ltcmine.ru, btc-e.com and give-me-ltc.com we decided to force all users to change their passwords. Password change request will appear after authorization.
• Wallet address change option automatically appears for 2FA users with new passwords, if 24 hours passed since 2FA activation.

P.S. It is recommended to restart your session after password change or 2FA key generation.

[Frizz23]

When I go to http://ltcmine.ru I am immediately redirected to http://ltcmine.ru/tweak?act=newpassword which results in a "You are not authorized."

What's going on?

[Balthazar]

Fixed now. It was a problem with apache redirect settings.

[bengx]

Hi! Trying to mine right now but I keep getting bad worker credentials. Tried with a different worker and still unable to connect. Is everything okay?

[quimvi]

Hi, I have the same problem: bad worker credentials

[stenkross]

same here, stratum auth failed

edit: nm, it's up again

[Balthazar]

No, it wasn't OK. We had a technical problem with stratum server, now I applied workaround for this.

[Balthazar]

Current status:

132 users has enabled OTP authentication today.  

[talvivaara]

Cпacибo,
I was misguided by this post http://evadeflow.com/2011/09/desktop-authenticator-for-google-2fa/ , it seemed like google role there was just generating secret code for the phone/java app and developing android application . I have seen hardware time-based tokens, and how they work i believe you generate private/public key pair, embed public part in hardware token and use it together with system time to generate OTPs

Currently used implementation described by RFC 2289.

Working perfectly with jauth and without google account, much appreciated. And special thanks for pointing to the RFC. After reading it very pleased on the concept. Banking level security is wise when dealing with financial assets. 

[Balthazar]

Actually it's more secure to use mobile application.

[talvivaara]

Actually it's more secure to use mobile application.

Why is this? In my experience at least mobile os are much more vulnerable to trojans and viruses as it is that their av development usually falls far behind even compared to windows. And I for one feel uncomfortable running anything that private on anything else than on a *nix platform at home.

[Balthazar]

Actually it's more secure to use mobile application.

Why is this? In my experience at least mobile os are much more vulnerable to trojans and viruses as it is that their av development usually falls far behind even compared to windows. And I for one feel uncomfortable running anything that private on anything else than on a *nix platform at home.

It's more secure than authenticate using local generator just because the secret key is stored in another place. It will be required to compromise two devices instead of one.

P.S. Just one example - I use JAuth on my Windows tablet. But there is nothing linked with pool at this tablet. No history records, no saved passwords, etc.