Bitcoin Forum
March 19, 2024, 11:46:34 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: 1 2 [All]
  Print  
Author Topic: Forum will be down in an hour  (Read 3303 times)
theymos (OP)
Administrator
Legendary
*
Offline Offline

Activity: 5138
Merit: 12565


View Profile
July 10, 2012, 10:09:50 PM
 #1

In an hour from this post, I will disable posting for most members, backup the forum database, and apply error's patch to SMF which upgrades the password hashing algorithm. This will probably take 30-60 minutes, or longer if something goes wrong. Don't write any long messages close to this time or you might lose your message.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
1710848794
Hero Member
*
Offline Offline

Posts: 1710848794

View Profile Personal Message (Offline)

Ignore
1710848794
Reply with quote  #2

1710848794
Report to moderator
1710848794
Hero Member
*
Offline Offline

Posts: 1710848794

View Profile Personal Message (Offline)

Ignore
1710848794
Reply with quote  #2

1710848794
Report to moderator
If you see garbage posts (off-topic, trolling, spam, no point, etc.), use the "report to moderator" links. All reports are investigated, though you will rarely be contacted about your reports.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
Gladamas
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


Bitcoin today is what the internet was in 1998.


View Profile
July 10, 2012, 10:13:06 PM
 #2

Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?

1GLADMZ5tL4HkS6BAWPfJLeZJCDHAd9Fr3 - LQ6Zx8v7fHVBiDX5Lmhbp6oEDB7dUFjANu
GPG 0xF219D5BB3C467E12 - Litecoin Forum
Luceo
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250


Per aspera ad astra!


View Profile
July 10, 2012, 10:13:56 PM
 #3

Good news. Greater security is worth a little downtime. ^^

theymos (OP)
Administrator
Legendary
*
Offline Offline

Activity: 5138
Merit: 12565


View Profile
July 10, 2012, 10:16:31 PM
 #4

Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?

The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data.

Your password will be automatically upgraded to the new algorithm next time you login. I will log everyone out so that a lot of passwords are upgraded right away.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Tachikoma
Hero Member
*****
Offline Offline

Activity: 938
Merit: 1000



View Profile WWW
July 10, 2012, 10:22:17 PM
 #5

Great, thanks for the password upgrade Smiley

Electrum: the convenience of a web wallet, without the risks | Bytesized Seedboxes BTC/LTC supported
pekv2
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
July 10, 2012, 10:23:08 PM
 #6

Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?

The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data.

Your password will be automatically upgraded to the new algorithm next time you login. I will log everyone out so that a lot of passwords are upgraded right away.

Theymos, I salute you and the others that I don't know that are helping you for making the forum more tightly secure.

Great news to hear. When possible, I will donate, I've been wanting to so badly but cannot atm for a few months, it won't be small either.
myrkul
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
July 10, 2012, 10:30:49 PM
 #7

Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?

The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data.

Jesus.... that's better security than my bank.

Will that result in a noticeable delay in logging in?

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
Gladamas
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


Bitcoin today is what the internet was in 1998.


View Profile
July 10, 2012, 10:37:58 PM
 #8

Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?

The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data.

Jesus.... that's better security than my bank.

Will that result in a noticeable delay in logging in?

Well, let's say the server that Bitcointalk is hosted on could get 3 Mh/s mining on its CPU(s). One Bitcoin mining hash is 2 rounds of SHA-256, so 3,000,000/(7500/2) = 800 logins/second.

1GLADMZ5tL4HkS6BAWPfJLeZJCDHAd9Fr3 - LQ6Zx8v7fHVBiDX5Lmhbp6oEDB7dUFjANu
GPG 0xF219D5BB3C467E12 - Litecoin Forum
myrkul
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
July 10, 2012, 10:40:48 PM
 #9

Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?

The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data.

Jesus.... that's better security than my bank.

Will that result in a noticeable delay in logging in?

Well, let's say the server that Bitcointalk is hosted on could get 3 Mh/s mining on its CPU(s). One Bitcoin mining hash is 2 rounds of SHA-256, so 3,000,000/(7500/2) = 800 logins/second.

So.... No, huh? Wink

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
BrightAnarchist
Donator
Legendary
*
Offline Offline

Activity: 853
Merit: 1000



View Profile
July 10, 2012, 10:42:47 PM
 #10

Very nice! I'm going to have to upgrade my password of course.
theymos (OP)
Administrator
Legendary
*
Offline Offline

Activity: 5138
Merit: 12565


View Profile
July 10, 2012, 10:44:41 PM
 #11

Will that result in a noticeable delay in logging in?

No. It's pretty fast.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
pekv2
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
July 10, 2012, 10:55:51 PM
 #12

Very nice! I'm going to have to upgrade my password of course.

Diddo. I was thinking the same as a precaution. I don't believe it is a "have to" as theymos said it will be upgraded.
pekv2
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
July 10, 2012, 10:56:27 PM
 #13

Will that result in a noticeable delay in logging in?

No. It's pretty fast.

What processor is being used if you don't mind me asking?

I'd love to see a photo of the system but I doubt that will happen.
theymos (OP)
Administrator
Legendary
*
Offline Offline

Activity: 5138
Merit: 12565


View Profile
July 10, 2012, 11:03:33 PM
 #14

What processor is being used if you don't mind me asking?

/proc/cpuinfo says "Intel(R) Core(TM)2 Duo CPU     T7700  @ 2.40GHz". This might be virtual, though.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
myrkul
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
July 10, 2012, 11:07:01 PM
 #15

Hey, wait! I'm not ready ye-



Wink

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
unclemantis
Member
**
Offline Offline

Activity: 98
Merit: 10


(:firstbits => "1mantis")


View Profile
July 10, 2012, 11:08:44 PM
 #16

Fire away!

PHP, Ruby, Rails, ASP, JavaScript, SQL
20+ years experience w/ Internet Technologies
Bitcoin OTC | GPG Public Key                                                                               thoughts?
error
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500



View Profile
July 10, 2012, 11:30:28 PM
 #17

If it breaks, you get to keep both pieces.

Just kidding. Smiley

3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
gweedo
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000


View Profile
July 10, 2012, 11:36:33 PM
 #18

sounds good to me! Just wondering why no bcrypt?
error
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500



View Profile
July 11, 2012, 12:35:01 AM
 #19

Don't ask me. I was specifically advised not to say anything about the choice of algorithm. Smiley

3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
theymos (OP)
Administrator
Legendary
*
Offline Offline

Activity: 5138
Merit: 12565


View Profile
July 11, 2012, 12:38:26 AM
 #20

OK, it's done. Tell me if there are any problems.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
July 11, 2012, 12:40:21 AM
 #21

OK, it's done. Tell me if there are any problems.
Just a half-second blip while LastPass logged me in again, and all is well!

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
error
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500



View Profile
July 11, 2012, 12:41:25 AM
 #22

I got logged out twice, once when the forum came back up, and again just a moment ago, but aside from that all seems well.

3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
opticbit
Hero Member
*****
Offline Offline

Activity: 695
Merit: 502


PGP: 6EBEBCE1E0507C38


View Profile WWW
July 11, 2012, 12:42:00 AM
 #23

Its back, login was quick

Bitrated user: opticbit.
https://www.bitrated.com/opticbit
Vod
Legendary
*
Offline Offline

Activity: 3640
Merit: 3009


Licking my boob since 1970


View Profile WWW
July 11, 2012, 12:57:06 AM
 #24

OK, it's done. Tell me if there are any problems.

Hmmm, based on the delay logging in, I think my password was hashed with 7550 rounds of SHA-256 and salted with 18 bytes of random data.   Sad

https://nastyscam.com - landing page up     https://vod.fan - advanced image hosting - coming soon!

OGNasty has early onset dementia; keep this in mind when discussing his past actions.
myrkul
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
July 11, 2012, 01:03:27 AM
 #25

OK, it's done. Tell me if there are any problems.

Hmmm, based on the delay logging in, I think my password was hashed with 7550 rounds of SHA-256 and salted with 18 bytes of random data.   Sad

I detected no such delay. :p

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
error
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500



View Profile
July 11, 2012, 01:05:28 AM
 #26

OK, it's done. Tell me if there are any problems.

Hmmm, based on the delay logging in, I think my password was hashed with 7550 rounds of SHA-256 and salted with 18 bytes of random data.   Sad

Naa, your tubes were just clogged up.

3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
payb.tc
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1000



View Profile
July 11, 2012, 01:11:00 AM
 #27

everything seems to be back, except my avatar URL is still in maintenance mode.
nm, just had to do a hard refresh on that specific URL.
Gladamas
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


Bitcoin today is what the internet was in 1998.


View Profile
July 11, 2012, 01:35:28 AM
 #28

everything seems to be back, except my avatar URL is still in maintenance mode.
nm, just had to do a hard refresh on that specific URL.


Same here, and how do you do that?

1GLADMZ5tL4HkS6BAWPfJLeZJCDHAd9Fr3 - LQ6Zx8v7fHVBiDX5Lmhbp6oEDB7dUFjANu
GPG 0xF219D5BB3C467E12 - Litecoin Forum
pekv2
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
July 11, 2012, 01:50:34 AM
 #29

No delay here for logging in for me, it was very fast, faster than a blink of an eye < exaggerating, but pretty much close. Boom, logged in.
theymos (OP)
Administrator
Legendary
*
Offline Offline

Activity: 5138
Merit: 12565


View Profile
July 11, 2012, 02:10:58 AM
 #30

sounds good to me! Just wondering why no bcrypt?

bcrypt is no more difficult to brute-force than SHA-256 is with an appropriate number of rounds. But SHA-256, unlike Blowfish, is recommended by NIST and other standards organizations for password hashing, and it was specifically designed for one-way hashing.

I also have an aversion to any overly-hyped technology.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
payb.tc
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1000



View Profile
July 11, 2012, 02:20:45 AM
 #31

everything seems to be back, except my avatar URL is still in maintenance mode.
nm, just had to do a hard refresh on that specific URL.


Same here, and how do you do that?

right-click on your broken image where the avatar should be and choose "Open image in a new tab/window".
go to that new tab/window and hold down shift while you click refresh.
go back to the forum page and hit refresh.

these instructions work in windows on chrome.

by the way, for comparison, the bitcoinmax login is hashed around 80,000 times with sha-256 and even that 'overkilll' doesn't produce a noticeable delay when logging in.
Gladamas
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


Bitcoin today is what the internet was in 1998.


View Profile
July 11, 2012, 02:35:43 AM
 #32

everything seems to be back, except my avatar URL is still in maintenance mode.
nm, just had to do a hard refresh on that specific URL.


Same here, and how do you do that?

right-click on your broken image where the avatar should be and choose "Open image in a new tab/window".
go to that new tab/window and hold down shift while you click refresh.
go back to the forum page and hit refresh.

these instructions work in windows on chrome.

Thank you!

1GLADMZ5tL4HkS6BAWPfJLeZJCDHAd9Fr3 - LQ6Zx8v7fHVBiDX5Lmhbp6oEDB7dUFjANu
GPG 0xF219D5BB3C467E12 - Litecoin Forum
Maged
Legendary
*
Offline Offline

Activity: 1204
Merit: 1015


View Profile
July 11, 2012, 07:35:56 AM
 #33

I will, personally, be keeping the backup theymos made for a week, and I don't know how long theymos plans on keeping his copy, so if you have any problems at all, let us know before then.

Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
July 11, 2012, 08:04:45 AM
 #34

everything seems to be back, except my avatar URL is still in maintenance mode.
nm, just had to do a hard refresh on that specific URL.


Same here, and how do you do that?

right-click on your broken image where the avatar should be and choose "Open image in a new tab/window".
go to that new tab/window and hold down shift while you click refresh.
go back to the forum page and hit refresh.

these instructions work in windows on chrome.

CTRL+F5 also works Wink
caveden
Legendary
*
Offline Offline

Activity: 1106
Merit: 1004



View Profile
July 11, 2012, 08:17:03 AM
 #35

OK, it's done. Tell me if there are any problems.

I had to clear my browser's (Chrome) cookies in order to log in back again. Was it to be expected?
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
July 11, 2012, 08:25:03 AM
 #36

OK, it's done. Tell me if there are any problems.

I had to clear my browser's (Chrome) cookies in order to log in back again. Was it to be expected?

Didn't happen to me on Firefox, so I would say no.
Probably a browser quirk only. It happens sometimes.
Serenata
Sr. Member
****
Offline Offline

Activity: 250
Merit: 250



View Profile WWW
July 11, 2012, 12:14:12 PM
 #37

Didn't notice any delay logging in or any other issues whatsoever.

Keep up the great work!

BitcoinX.gr - To ελληνικό στέκι τoυ Bitcoin

My GPG Key
error
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500



View Profile
July 12, 2012, 01:20:51 AM
 #38

OK, it's done. Tell me if there are any problems.

I had to clear my browser's (Chrome) cookies in order to log in back again. Was it to be expected?

A few people may need to clear their cookies to login again after the changes. The cookie name was changed, among other things.

3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
Raize
Donator
Legendary
*
Offline Offline

Activity: 1419
Merit: 1015


View Profile
July 12, 2012, 02:03:55 AM
 #39

I think there needs to be a new Internet law. It goes like this:
As talk about one-way hashes and seeding continues, the probability that someone will mention bcrypt approaches 1.

No offense to gweedo, of course. Tongue
Raize
Donator
Legendary
*
Offline Offline

Activity: 1419
Merit: 1015


View Profile
July 12, 2012, 04:05:42 AM
 #40

Nothing is necessarily wrong with it. It's just always mentioned in every thread dealing with hashes and seeding.

This probably has to do with it:
http://codahale.com/how-to-safely-store-a-password/

There's really nothing wrong with scrypt or PBKDF2, either, they all intend to solve the same problem.
Pages: 1 2 [All]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!