Pages:
Author

Topic: [ANN] [LTC] [PPS] [OTP 2FA] [Stratum only] LTCMine PPS mining pool (3.3%) - page 52. (Read 227601 times)

legendary
Activity: 3108
Merit: 1359
Minor changes, service restarted.

  • Shares startup difficulty is increased to x64 from x16.
  • Targeting goal is decreased from 8 shares per minute to 6 shares per minute.

I'll perform some DB tweaks soon, this should help to make it faster.
legendary
Activity: 3108
Merit: 1359
Not at all. Mobile may be more secure because it can't be physically accessed without you knowing.  Wink

Edit: After all, it's java... and can't trust oracle! Grin
You can write your own OTP generator... Algorithm is quite simple Smiley

https://github.com/mbmccormick/Authenticator/blob/master/Common/CodeGenerator.cs#L182
member
Activity: 104
Merit: 10
You are right with that, separated key storage on VPS/DS/Box/whatever will be more secure than mobile application. But it looks quite paranoid, I think.  Cheesy
Guilty as charged! But still feeling safe at your pool party.
Пpивeтcтвия!

Edit: After all, it's java... and can't trust oracle! Grin
legendary
Activity: 3108
Merit: 1359
You are right with that, separated key storage on VPS/DS/Box/whatever will be more secure than mobile application. But it looks quite paranoid, I think.  Cheesy
member
Activity: 104
Merit: 10
Gotcha! That's absolutely true about not running it on the same machine you are logging in with, but still i think it's better to ssh to my miner/server through lan and run it there, no way mobile is gonna be more secure(?) The miner/server is a headless *nix box that has only the ports needed for mining opened to internet. Grin
legendary
Activity: 3108
Merit: 1359
Actually it's more secure to use mobile application.
Why is this? In my experience at least mobile os are much more vulnerable to trojans and viruses as it is that their av development usually falls far behind even compared to windows. And I for one feel uncomfortable running anything that private on anything else than on a *nix platform at home.
It's more secure than authenticate using local generator just because the secret key is stored in another place. It will be required to compromise two devices instead of one.

P.S. Just one example - I use JAuth on my Windows tablet. But there is nothing linked with pool at this tablet. No history records, no saved passwords, etc. Smiley
member
Activity: 104
Merit: 10
Actually it's more secure to use mobile application.
Why is this? In my experience at least mobile os are much more vulnerable to trojans and viruses as it is that their av development usually falls far behind even compared to windows. And I for one feel uncomfortable running anything that private on anything else than on a *nix platform at home.
legendary
Activity: 3108
Merit: 1359
Actually it's more secure to use mobile application.
member
Activity: 104
Merit: 10
Cпacибo,
I was misguided by this post http://evadeflow.com/2011/09/desktop-authenticator-for-google-2fa/ , it seemed like google role there was just generating secret code for the phone/java app and developing android application Smiley. I have seen hardware time-based tokens, and how they work i believe you generate private/public key pair, embed public part in hardware token and use it together with system time to generate OTPs
Currently used implementation described by RFC 2289.

Working perfectly with jauth and without google account, much appreciated. And special thanks for pointing to the RFC. After reading it very pleased on the concept. Banking level security is wise when dealing with financial assets. 
legendary
Activity: 3108
Merit: 1359
Current status:

132 users has enabled OTP authentication today.  Cool
legendary
Activity: 3108
Merit: 1359
No, it wasn't OK. We had a technical problem with stratum server, now I applied workaround for this.
sr. member
Activity: 330
Merit: 250
same here, stratum auth failed

edit: nm, it's up again
newbie
Activity: 51
Merit: 0
Hi, I have the same problem: bad worker credentials
full member
Activity: 202
Merit: 100
Hi! Trying to mine right now but I keep getting bad worker credentials. Tried with a different worker and still unable to connect. Is everything okay?
legendary
Activity: 3108
Merit: 1359
Fixed now. It was a problem with apache redirect settings.
hero member
Activity: 1162
Merit: 500
When I go to http://ltcmine.ru I am immediately redirected to http://ltcmine.ru/tweak?act=newpassword which results in a "You are not authorized."

What's going on?
legendary
Activity: 3108
Merit: 1359
News for this weekend.

  • We see massive brute-force attempts, some chinese subnets are banned because of this.
  • Due to brute-force attempts at ltcmine.ru, btc-e.com and give-me-ltc.com we decided to force all users to change their passwords. Password change request will appear after authorization.
  • Wallet address change option automatically appears for 2FA users with new passwords, if 24 hours passed since 2FA activation.

P.S. It is recommended to restart your session after password change or 2FA key generation.
full member
Activity: 208
Merit: 100
Hey when is the option coming available to change my address? I've activated 2FA, but there is still no option appearing to change the address.
newbie
Activity: 30
Merit: 0
algorithmic
I can reset your code, if you wish. And you will be able to try barcode scanning again with the new code. Roll Eyes

I was going to offer, but looks like someone else succeeded already.  Glad to do it if you need another test.
legendary
Activity: 3108
Merit: 1359
Pages:
Jump to: