Bitcoin Forum
June 26, 2017, 02:08:57 PM *
News: Latest stable version of Bitcoin Core: 0.14.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Forum will be down in an hour  (Read 2997 times)
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2702


View Profile
July 10, 2012, 10:09:50 PM
 #1

In an hour from this post, I will disable posting for most members, backup the forum database, and apply error's patch to SMF which upgrades the password hashing algorithm. This will probably take 30-60 minutes, or longer if something goes wrong. Don't write any long messages close to this time or you might lose your message.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1498486137
Hero Member
*
Offline Offline

Posts: 1498486137

View Profile Personal Message (Offline)

Ignore
1498486137
Reply with quote  #2

1498486137
Report to moderator
1498486137
Hero Member
*
Offline Offline

Posts: 1498486137

View Profile Personal Message (Offline)

Ignore
1498486137
Reply with quote  #2

1498486137
Report to moderator
Gladamas
Sr. Member
****
Offline Offline

Activity: 294


Bitcoin today is what the internet was in 1998.


View Profile
July 10, 2012, 10:13:06 PM
 #2

Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?

1GLADMZ5tL4HkS6BAWPfJLeZJCDHAd9Fr3 - LQ6Zx8v7fHVBiDX5Lmhbp6oEDB7dUFjANu
GPG 0xF219D5BB3C467E12 - Litecoin Forum
Luceo
Sr. Member
****
Offline Offline

Activity: 350


Per aspera ad astra!


View Profile
July 10, 2012, 10:13:56 PM
 #3

Good news. Greater security is worth a little downtime. ^^

theymos
Administrator
Legendary
*
Offline Offline

Activity: 2702


View Profile
July 10, 2012, 10:16:31 PM
 #4

Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?

The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data.

Your password will be automatically upgraded to the new algorithm next time you login. I will log everyone out so that a lot of passwords are upgraded right away.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Tachikoma
Hero Member
*****
Offline Offline

Activity: 938



View Profile WWW
July 10, 2012, 10:22:17 PM
 #5

Great, thanks for the password upgrade Smiley

Electrum: the convenience of a web wallet, without the risks | Bytesized Seedboxes BTC/LTC supported
pekv2
Hero Member
*****
Offline Offline

Activity: 770



View Profile
July 10, 2012, 10:23:08 PM
 #6

Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?

The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data.

Your password will be automatically upgraded to the new algorithm next time you login. I will log everyone out so that a lot of passwords are upgraded right away.

Theymos, I salute you and the others that I don't know that are helping you for making the forum more tightly secure.

Great news to hear. When possible, I will donate, I've been wanting to so badly but cannot atm for a few months, it won't be small either.
myrkul
Hero Member
*****
Offline Offline

Activity: 532


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
July 10, 2012, 10:30:49 PM
 #7

Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?

The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data.

Jesus.... that's better security than my bank.

Will that result in a noticeable delay in logging in?

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
Gladamas
Sr. Member
****
Offline Offline

Activity: 294


Bitcoin today is what the internet was in 1998.


View Profile
July 10, 2012, 10:37:58 PM
 #8

Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?

The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data.

Jesus.... that's better security than my bank.

Will that result in a noticeable delay in logging in?

Well, let's say the server that Bitcointalk is hosted on could get 3 Mh/s mining on its CPU(s). One Bitcoin mining hash is 2 rounds of SHA-256, so 3,000,000/(7500/2) = 800 logins/second.

1GLADMZ5tL4HkS6BAWPfJLeZJCDHAd9Fr3 - LQ6Zx8v7fHVBiDX5Lmhbp6oEDB7dUFjANu
GPG 0xF219D5BB3C467E12 - Litecoin Forum
myrkul
Hero Member
*****
Offline Offline

Activity: 532


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
July 10, 2012, 10:40:48 PM
 #9

Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?

The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data.

Jesus.... that's better security than my bank.

Will that result in a noticeable delay in logging in?

Well, let's say the server that Bitcointalk is hosted on could get 3 Mh/s mining on its CPU(s). One Bitcoin mining hash is 2 rounds of SHA-256, so 3,000,000/(7500/2) = 800 logins/second.

So.... No, huh? Wink

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
BrightAnarchist
Donator
Legendary
*
Offline Offline

Activity: 853



View Profile
July 10, 2012, 10:42:47 PM
 #10

Very nice! I'm going to have to upgrade my password of course.
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2702


View Profile
July 10, 2012, 10:44:41 PM
 #11

Will that result in a noticeable delay in logging in?

No. It's pretty fast.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
pekv2
Hero Member
*****
Offline Offline

Activity: 770



View Profile
July 10, 2012, 10:55:51 PM
 #12

Very nice! I'm going to have to upgrade my password of course.

Diddo. I was thinking the same as a precaution. I don't believe it is a "have to" as theymos said it will be upgraded.
pekv2
Hero Member
*****
Offline Offline

Activity: 770



View Profile
July 10, 2012, 10:56:27 PM
 #13

Will that result in a noticeable delay in logging in?

No. It's pretty fast.

What processor is being used if you don't mind me asking?

I'd love to see a photo of the system but I doubt that will happen.
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2702


View Profile
July 10, 2012, 11:03:33 PM
 #14

What processor is being used if you don't mind me asking?

/proc/cpuinfo says "Intel(R) Core(TM)2 Duo CPU     T7700  @ 2.40GHz". This might be virtual, though.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
myrkul
Hero Member
*****
Offline Offline

Activity: 532


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
July 10, 2012, 11:07:01 PM
 #15

Hey, wait! I'm not ready ye-



Wink

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
unclemantis
Member
**
Offline Offline

Activity: 98


(:firstbits => "1mantis")


View Profile
July 10, 2012, 11:08:44 PM
 #16

Fire away!

PHP, Ruby, Rails, ASP, JavaScript, SQL
20+ years experience w/ Internet Technologies
Bitcoin OTC | GPG Public Key                                                                               thoughts?
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
July 10, 2012, 11:30:28 PM
 #17

If it breaks, you get to keep both pieces.

Just kidding. Smiley

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
July 10, 2012, 11:36:33 PM
 #18

sounds good to me! Just wondering why no bcrypt?

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
July 11, 2012, 12:35:01 AM
 #19

Don't ask me. I was specifically advised not to say anything about the choice of algorithm. Smiley

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2702


View Profile
July 11, 2012, 12:38:26 AM
 #20

OK, it's done. Tell me if there are any problems.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!