Bitcoin Forum
March 28, 2024, 02:56:40 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2  All
  Print  
Author Topic: Forum will be down in an hour  (Read 3303 times)
theymos (OP)
Administrator
Legendary
*
Offline Offline

Activity: 5152
Merit: 12580


View Profile
July 10, 2012, 10:09:50 PM
 #1

In an hour from this post, I will disable posting for most members, backup the forum database, and apply error's patch to SMF which upgrades the password hashing algorithm. This will probably take 30-60 minutes, or longer if something goes wrong. Don't write any long messages close to this time or you might lose your message.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
1711637800
Hero Member
*
Offline Offline

Posts: 1711637800

View Profile Personal Message (Offline)

Ignore
1711637800
Reply with quote  #2

1711637800
Report to moderator
1711637800
Hero Member
*
Offline Offline

Posts: 1711637800

View Profile Personal Message (Offline)

Ignore
1711637800
Reply with quote  #2

1711637800
Report to moderator
1711637800
Hero Member
*
Offline Offline

Posts: 1711637800

View Profile Personal Message (Offline)

Ignore
1711637800
Reply with quote  #2

1711637800
Report to moderator
"Governments are good at cutting off the heads of a centrally controlled networks like Napster, but pure P2P networks like Gnutella and Tor seem to be holding their own." -- Satoshi
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711637800
Hero Member
*
Offline Offline

Posts: 1711637800

View Profile Personal Message (Offline)

Ignore
1711637800
Reply with quote  #2

1711637800
Report to moderator
1711637800
Hero Member
*
Offline Offline

Posts: 1711637800

View Profile Personal Message (Offline)

Ignore
1711637800
Reply with quote  #2

1711637800
Report to moderator
Gladamas
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


Bitcoin today is what the internet was in 1998.


View Profile
July 10, 2012, 10:13:06 PM
 #2

Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?

1GLADMZ5tL4HkS6BAWPfJLeZJCDHAd9Fr3 - LQ6Zx8v7fHVBiDX5Lmhbp6oEDB7dUFjANu
GPG 0xF219D5BB3C467E12 - Litecoin Forum
Luceo
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250


Per aspera ad astra!


View Profile
July 10, 2012, 10:13:56 PM
 #3

Good news. Greater security is worth a little downtime. ^^

theymos (OP)
Administrator
Legendary
*
Offline Offline

Activity: 5152
Merit: 12580


View Profile
July 10, 2012, 10:16:31 PM
 #4

Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?

The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data.

Your password will be automatically upgraded to the new algorithm next time you login. I will log everyone out so that a lot of passwords are upgraded right away.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Tachikoma
Hero Member
*****
Offline Offline

Activity: 938
Merit: 1000



View Profile WWW
July 10, 2012, 10:22:17 PM
 #5

Great, thanks for the password upgrade Smiley

Electrum: the convenience of a web wallet, without the risks | Bytesized Seedboxes BTC/LTC supported
pekv2
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
July 10, 2012, 10:23:08 PM
 #6

Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?

The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data.

Your password will be automatically upgraded to the new algorithm next time you login. I will log everyone out so that a lot of passwords are upgraded right away.

Theymos, I salute you and the others that I don't know that are helping you for making the forum more tightly secure.

Great news to hear. When possible, I will donate, I've been wanting to so badly but cannot atm for a few months, it won't be small either.
myrkul
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
July 10, 2012, 10:30:49 PM
 #7

Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?

The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data.

Jesus.... that's better security than my bank.

Will that result in a noticeable delay in logging in?

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
Gladamas
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


Bitcoin today is what the internet was in 1998.


View Profile
July 10, 2012, 10:37:58 PM
 #8

Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?

The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data.

Jesus.... that's better security than my bank.

Will that result in a noticeable delay in logging in?

Well, let's say the server that Bitcointalk is hosted on could get 3 Mh/s mining on its CPU(s). One Bitcoin mining hash is 2 rounds of SHA-256, so 3,000,000/(7500/2) = 800 logins/second.

1GLADMZ5tL4HkS6BAWPfJLeZJCDHAd9Fr3 - LQ6Zx8v7fHVBiDX5Lmhbp6oEDB7dUFjANu
GPG 0xF219D5BB3C467E12 - Litecoin Forum
myrkul
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
July 10, 2012, 10:40:48 PM
 #9

Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?

The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data.

Jesus.... that's better security than my bank.

Will that result in a noticeable delay in logging in?

Well, let's say the server that Bitcointalk is hosted on could get 3 Mh/s mining on its CPU(s). One Bitcoin mining hash is 2 rounds of SHA-256, so 3,000,000/(7500/2) = 800 logins/second.

So.... No, huh? Wink

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
BrightAnarchist
Donator
Legendary
*
Offline Offline

Activity: 853
Merit: 1000



View Profile
July 10, 2012, 10:42:47 PM
 #10

Very nice! I'm going to have to upgrade my password of course.
theymos (OP)
Administrator
Legendary
*
Offline Offline

Activity: 5152
Merit: 12580


View Profile
July 10, 2012, 10:44:41 PM
 #11

Will that result in a noticeable delay in logging in?

No. It's pretty fast.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
pekv2
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
July 10, 2012, 10:55:51 PM
 #12

Very nice! I'm going to have to upgrade my password of course.

Diddo. I was thinking the same as a precaution. I don't believe it is a "have to" as theymos said it will be upgraded.
pekv2
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
July 10, 2012, 10:56:27 PM
 #13

Will that result in a noticeable delay in logging in?

No. It's pretty fast.

What processor is being used if you don't mind me asking?

I'd love to see a photo of the system but I doubt that will happen.
theymos (OP)
Administrator
Legendary
*
Offline Offline

Activity: 5152
Merit: 12580


View Profile
July 10, 2012, 11:03:33 PM
 #14

What processor is being used if you don't mind me asking?

/proc/cpuinfo says "Intel(R) Core(TM)2 Duo CPU     T7700  @ 2.40GHz". This might be virtual, though.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
myrkul
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
July 10, 2012, 11:07:01 PM
 #15

Hey, wait! I'm not ready ye-



Wink

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
unclemantis
Member
**
Offline Offline

Activity: 98
Merit: 10


(:firstbits => "1mantis")


View Profile
July 10, 2012, 11:08:44 PM
 #16

Fire away!

PHP, Ruby, Rails, ASP, JavaScript, SQL
20+ years experience w/ Internet Technologies
Bitcoin OTC | GPG Public Key                                                                               thoughts?
error
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500



View Profile
July 10, 2012, 11:30:28 PM
 #17

If it breaks, you get to keep both pieces.

Just kidding. Smiley

3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
gweedo
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000


View Profile
July 10, 2012, 11:36:33 PM
 #18

sounds good to me! Just wondering why no bcrypt?
error
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500



View Profile
July 11, 2012, 12:35:01 AM
 #19

Don't ask me. I was specifically advised not to say anything about the choice of algorithm. Smiley

3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
theymos (OP)
Administrator
Legendary
*
Offline Offline

Activity: 5152
Merit: 12580


View Profile
July 11, 2012, 12:38:26 AM
 #20

OK, it's done. Tell me if there are any problems.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Pages: [1] 2  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!