Topic: [ANN][BURST] Burst | Efficient HDD Mining | New 1.2.3 Fork block 92000 - page 272. (Read 2170895 times)

Quote from: wmikrut on May 18, 2015, 08:36:11 PM

SSL is not strictly required, it just adds an additional level of security. If you take a look at a packet trace of you authenticating to a non-SSL wallet, the pass phrase is not sent over the wire. Instead, after you enter your passphrase, the browser requests the publickey for your account (The account ID is generated from the passphrase). Presumably then, the private key (also generated from the passphrase) is used to validate the public key and grant access.

So, even without SSL the passphrase cannot be harvested, SSL just adds an additional layer by making the entire conversation encrypted.

SSL is required for real security. SSL provides both encryption and authentication. Without SSL, it is possible to perform a man-in-the-middle attack.

For example: an attacker sitting in the middle of your non-SSL connection can replace the javascript on the webpage with malicious javascript that harvests your password.

I'm glad Burst City added SSL to their wallet, but it really should have been there all along. To be honest, in this day and age, every website should have SSL, especially a website that is dealing directly with sending and receiving a crypto-currency.

Two notes to that:
1. SSL is as good as the certificate is. There are different levels. Some, as this one, are only good that you know the connection is secure.
It misses contacts, background checks, ...
Basically this certificate says: the connection is correct!
2. The next step is what the server does with your information.
... I don't want to spell out what could happen, if the passphrase leaks to the owner/employee/hacker of that site.
With all anonymity, ... we know not even who is xxx of that site.

I strongly recommend NOT to use such site for MONEY sensitive issues! For me it is merrily a "proof of concept", but not to use!

1. it has already been stated and proven that BURST doesn't allow for password stealing in this manner.

2. The SSL was something that was done for peace of mind and for no other purpose

3. If you don't trust me, don't use my wallet, no one is forcing you.

I trust you enough for buy assets from you, but i wont trust any one include you for online wallet.

Exactly! To buy an asset is a different story than from giving somebody my (not-changeable) pin code of my ATM (that is basically the password of Burst wallet)

Elmit

hero member

Activity: 785

Merit: 500

BURST got Smart Contracts (AT)

Quote from: haitch on May 18, 2015, 08:28:48 PM

Quote from: Elit on May 18, 2015, 09:49:13 PM

SSL is not strictly required, it just adds an additional level of security. If you take a look at a packet trace of you authenticating to a non-SSL wallet, the pass phrase is not sent over the wire. Instead, after you enter your passphrase, the browser requests the publickey for your account (The account ID is generated from the passphrase). Presumably then, the private key (also generated from the passphrase) is used to validate the public key and grant access.

So, even without SSL the passphrase cannot be harvested, SSL just adds an additional layer by making the entire conversation encrypted.

SSL is required for real security. SSL provides both encryption and authentication. Without SSL, it is possible to perform a man-in-the-middle attack.

For example: an attacker sitting in the middle of your non-SSL connection can replace the javascript on the webpage with malicious javascript that harvests your password.

I'm glad Burst City added SSL to their wallet, but it really should have been there all along. To be honest, in this day and age, every website should have SSL, especially a website that is dealing directly with sending and receiving a crypto-currency.

Two notes to that:
1. SSL is as good as the certificate is. There are different levels. Some, as this one, are only good that you know the connection is secure.
It misses contacts, background checks, ...
Basically this certificate says: the connection is correct!
2. The next step is what the server does with your information.
... I don't want to spell out what could happen, if the passphrase leaks to the owner/employee/hacker of that site.
With all anonymity, ... we know not even who is xxx of that site.

I strongly recommend NOT to use such site for MONEY sensitive issues! For me it is merrily a "proof of concept", but not to use!

Elmit, Crowetic is a known, trusted, member of the burst community. I trust the services he provides totally. If you offered a web wallet I wouldn't trust it even if you offered 10x the encryption level. Reputation and history is everything, and you fail on both.

H.

Wow... in Crowetic's defense... he has been completely transparent if nothing else.
He has been a part of Burst when only like 5 or 6 of us were chatting in the beginning.

Elmit... if it's the same Elmit I know of from burstforum... you couldn't give me anything he has to offer if it was free and you added something to it.

I thought the PR team is already dead, but see, they all can jump up for their boss.

See the facts!
1. Crowtec has a cheap certificate, which requires minimal credentials!
I do NOT trust such a certificate my wallet.

2. SSL is the half part of the trust. It only says that the data from user to server is protected.
I do not know Crowtec, there is absolutely nothing to verify about him/his company, ... And the certificate does not make it better.

3. Further, it is not just Crowtec, who often said, he does not know (Linux, ....) by himself, we need to trust, that he hire the right people to fill this gap.
Who knows if these programers added a backdoor to steal passphrases?

Without accusing him to do that, but it could happen. Therefore I would never trust such a wallet! NEVER, NEVER, NEVER!

mczarnek

hero member

Activity: 527

Merit: 503

This is nice:
https://poloniex.com/support/aboutMarginTrading

I trust you enough for buy assets from you, but i wont trust any one include you for online wallet.

I hear you.. crowetic is awesome, I do trust him and consider him a friend but I want to know what's going on in my wallet.

The solution I see? Blockchain trimming. Burstdev and I came up with a way, that we can literally make the blockchain 1/100th of the size of the wallet while maintaining the same trustlessness. This is based off of cryptonite's blockchain trimming algo but with our own unique twist that significantly shortens the chain while upping the difficulty of faking the chain.

Unfortunately, most people also can't code and even if they can it is time consuming to look through the code and make sure offline wallets are sending your passwords places you don't want them to go. So we are stuck trusting a little bit at the moment. A really nice tool would be one where you could prepare the transaction on an offline computer and visually verify the fields of the transaction and copy it to an online computer for anyone serious about security.

Elit

member

Activity: 98

Merit: 10

Quote from: crowetic on May 18, 2015, 08:22:43 PM

Quote from: bitladen on May 18, 2015, 08:19:40 PM

SSL is not strictly required, it just adds an additional level of security. If you take a look at a packet trace of you authenticating to a non-SSL wallet, the pass phrase is not sent over the wire. Instead, after you enter your passphrase, the browser requests the publickey for your account (The account ID is generated from the passphrase). Presumably then, the private key (also generated from the passphrase) is used to validate the public key and grant access.

So, even without SSL the passphrase cannot be harvested, SSL just adds an additional layer by making the entire conversation encrypted.

SSL is required for real security. SSL provides both encryption and authentication. Without SSL, it is possible to perform a man-in-the-middle attack.

For example: an attacker sitting in the middle of your non-SSL connection can replace the javascript on the webpage with malicious javascript that harvests your password.

I'm glad Burst City added SSL to their wallet, but it really should have been there all along. To be honest, in this day and age, every website should have SSL, especially a website that is dealing directly with sending and receiving a crypto-currency.

Two notes to that:
1. SSL is as good as the certificate is. There are different levels. Some, as this one, are only good that you know the connection is secure.
It misses contacts, background checks, ...
Basically this certificate says: the connection is correct!
2. The next step is what the server does with your information.
... I don't want to spell out what could happen, if the passphrase leaks to the owner/employee/hacker of that site.
With all anonymity, ... we know not even who is xxx of that site.

I strongly recommend NOT to use such site for MONEY sensitive issues! For me it is merrily a "proof of concept", but not to use!

1. it has already been stated and proven that BURST doesn't allow for password stealing in this manner.

2. The SSL was something that was done for peace of mind and for no other purpose

3. If you don't trust me, don't use my wallet, no one is forcing you.

I trust you enough for buy assets from you, but i wont trust any one include you for online wallet.

cyberspacemonkey

legendary

Activity: 1288

Merit: 1002

Hey guys, is Dev's pool V2 still paying? I signed up yesteday with 6TB and have not received an payments, also the balance for my address doesn't change, I'm confused Huh

is that pool still active?

IncludeBeer

legendary

Activity: 1164

Merit: 1010

Quote from: mczarnek on May 18, 2015, 06:21:05 PM

Quote from: callmejack on May 18, 2015, 04:22:03 PM

Quote from: wmikrut on May 18, 2015, 08:36:11 PM

any news on mixer?

dont know but polo became a msb and limits withdrawals per day....
burst withdrawals temporarily dont work.
the blockexplorer says the last tx happened 20h ago (http://burstcoin.eu/address/5810532812037266198).
someone in the trollbox just asked when withdrawals will work again refering to the last tx on the blockchain and got roughly told by a mod to open a support ticket if there are any issues.

if this trend continues a AT based decentralized exchange may become huge Cool

I definitely see decentralized exchanges as the future, fixes the Mt Gox problem!

they even fix scenarios that didn't happen yet, like government seizure, which is the real threat

Exactly the first thing I though of when I saw we got first ACCT.

On another note, I contacted the guys at cryptomining-blog and asked for an article on the subject. I mean, this is pretty big shit ya?

crowetic

legendary

Activity: 2282

Merit: 1072

https://crowetic.com | https://qortal.org

Quote from: haitch on May 18, 2015, 08:28:48 PM

Quote from: haitch on May 18, 2015, 08:28:48 PM

SSL is not strictly required, it just adds an additional level of security. If you take a look at a packet trace of you authenticating to a non-SSL wallet, the pass phrase is not sent over the wire. Instead, after you enter your passphrase, the browser requests the publickey for your account (The account ID is generated from the passphrase). Presumably then, the private key (also generated from the passphrase) is used to validate the public key and grant access.

So, even without SSL the passphrase cannot be harvested, SSL just adds an additional layer by making the entire conversation encrypted.

SSL is required for real security. SSL provides both encryption and authentication. Without SSL, it is possible to perform a man-in-the-middle attack.

For example: an attacker sitting in the middle of your non-SSL connection can replace the javascript on the webpage with malicious javascript that harvests your password.

I'm glad Burst City added SSL to their wallet, but it really should have been there all along. To be honest, in this day and age, every website should have SSL, especially a website that is dealing directly with sending and receiving a crypto-currency.

Two notes to that:
1. SSL is as good as the certificate is. There are different levels. Some, as this one, are only good that you know the connection is secure.
It misses contacts, background checks, ...
Basically this certificate says: the connection is correct!
2. The next step is what the server does with your information.
... I don't want to spell out what could happen, if the passphrase leaks to the owner/employee/hacker of that site.
With all anonymity, ... we know not even who is xxx of that site.

I strongly recommend NOT to use such site for MONEY sensitive issues! For me it is merrily a "proof of concept", but not to use!

Elmit, Crowetic is a known, trusted, member of the burst community. I trust the services he provides totally. If you offered a web wallet I wouldn't trust it even if you offered 10x the encryption level. Reputation and history is everything, and you fail on both.

H.

Wow... in Crowetic's defense... he has been completely transparent if nothing else.
He has been a part of Burst when only like 5 or 6 of us were chatting in the beginning.

Elmit... if it's the same Elmit I know of from burstforum... you couldn't give me anything he has to offer if it was free and you added something to it.

Thanks guys. Yes, I am nothing but transparent, I don't hide, and all of my services are legitimate. I will never steal from anyone and never have. I truly believe in BURST and wish nothing but for its success.

wmikrut

hero member

Activity: 631

Merit: 501

SSL is not strictly required, it just adds an additional level of security. If you take a look at a packet trace of you authenticating to a non-SSL wallet, the pass phrase is not sent over the wire. Instead, after you enter your passphrase, the browser requests the publickey for your account (The account ID is generated from the passphrase). Presumably then, the private key (also generated from the passphrase) is used to validate the public key and grant access.

So, even without SSL the passphrase cannot be harvested, SSL just adds an additional layer by making the entire conversation encrypted.

SSL is required for real security. SSL provides both encryption and authentication. Without SSL, it is possible to perform a man-in-the-middle attack.

For example: an attacker sitting in the middle of your non-SSL connection can replace the javascript on the webpage with malicious javascript that harvests your password.

I'm glad Burst City added SSL to their wallet, but it really should have been there all along. To be honest, in this day and age, every website should have SSL, especially a website that is dealing directly with sending and receiving a crypto-currency.

Two notes to that:
1. SSL is as good as the certificate is. There are different levels. Some, as this one, are only good that you know the connection is secure.
It misses contacts, background checks, ...
Basically this certificate says: the connection is correct!
2. The next step is what the server does with your information.
... I don't want to spell out what could happen, if the passphrase leaks to the owner/employee/hacker of that site.
With all anonymity, ... we know not even who is xxx of that site.

I strongly recommend NOT to use such site for MONEY sensitive issues! For me it is merrily a "proof of concept", but not to use!

Elmit, Crowetic is a known, trusted, member of the burst community. I trust the services he provides totally. If you offered a web wallet I wouldn't trust it even if you offered 10x the encryption level. Reputation and history is everything, and you fail on both.

H.

Wow... in Crowetic's defense... he has been completely transparent if nothing else.
He has been a part of Burst when only like 5 or 6 of us were chatting in the beginning.

Elmit... if it's the same Elmit I know of from burstforum... you couldn't give me anything he has to offer if it was free and you added something to it.

haitch

hero member

Activity: 539

Merit: 500

SSL is not strictly required, it just adds an additional level of security. If you take a look at a packet trace of you authenticating to a non-SSL wallet, the pass phrase is not sent over the wire. Instead, after you enter your passphrase, the browser requests the publickey for your account (The account ID is generated from the passphrase). Presumably then, the private key (also generated from the passphrase) is used to validate the public key and grant access.

So, even without SSL the passphrase cannot be harvested, SSL just adds an additional layer by making the entire conversation encrypted.

SSL is required for real security. SSL provides both encryption and authentication. Without SSL, it is possible to perform a man-in-the-middle attack.

For example: an attacker sitting in the middle of your non-SSL connection can replace the javascript on the webpage with malicious javascript that harvests your password.

I'm glad Burst City added SSL to their wallet, but it really should have been there all along. To be honest, in this day and age, every website should have SSL, especially a website that is dealing directly with sending and receiving a crypto-currency.

Two notes to that:
1. SSL is as good as the certificate is. There are different levels. Some, as this one, are only good that you know the connection is secure.
It misses contacts, background checks, ...
Basically this certificate says: the connection is correct!
2. The next step is what the server does with your information.
... I don't want to spell out what could happen, if the passphrase leaks to the owner/employee/hacker of that site.
With all anonymity, ... we know not even who is xxx of that site.

I strongly recommend NOT to use such site for MONEY sensitive issues! For me it is merrily a "proof of concept", but not to use!

Elmit, Crowetic is a known, trusted, member of the burst community. I trust the services he provides totally. If you offered a web wallet I wouldn't trust it even if you offered 10x the encryption level. Reputation and history is everything, and you fail on both.

H.

crowetic

legendary

Activity: 2282

Merit: 1072

https://crowetic.com | https://qortal.org

Quote from: mczarnek on May 18, 2015, 06:21:05 PM

SSL is not strictly required, it just adds an additional level of security. If you take a look at a packet trace of you authenticating to a non-SSL wallet, the pass phrase is not sent over the wire. Instead, after you enter your passphrase, the browser requests the publickey for your account (The account ID is generated from the passphrase). Presumably then, the private key (also generated from the passphrase) is used to validate the public key and grant access.

So, even without SSL the passphrase cannot be harvested, SSL just adds an additional layer by making the entire conversation encrypted.

SSL is required for real security. SSL provides both encryption and authentication. Without SSL, it is possible to perform a man-in-the-middle attack.

For example: an attacker sitting in the middle of your non-SSL connection can replace the javascript on the webpage with malicious javascript that harvests your password.

I'm glad Burst City added SSL to their wallet, but it really should have been there all along. To be honest, in this day and age, every website should have SSL, especially a website that is dealing directly with sending and receiving a crypto-currency.

Two notes to that:
1. SSL is as good as the certificate is. There are different levels. Some, as this one, are only good that you know the connection is secure.
It misses contacts, background checks, ...
Basically this certificate says: the connection is correct!
2. The next step is what the server does with your information.
... I don't want to spell out what could happen, if the passphrase leaks to the owner/employee/hacker of that site.
With all anonymity, ... we know not even who is xxx of that site.

I strongly recommend NOT to use such site for MONEY sensitive issues! For me it is merrily a "proof of concept", but not to use!

1. it has already been stated and proven that BURST doesn't allow for password stealing in this manner.

2. The SSL was something that was done for peace of mind and for no other purpose

3. If you don't trust me, don't use my wallet, no one is forcing you.

bitladen

full member

Activity: 322

Merit: 100

Quote from: callmejack on May 18, 2015, 04:22:03 PM

any news on mixer?

dont know but polo became a msb and limits withdrawals per day....
burst withdrawals temporarily dont work.
the blockexplorer says the last tx happened 20h ago (http://burstcoin.eu/address/5810532812037266198).
someone in the trollbox just asked when withdrawals will work again refering to the last tx on the blockchain and got roughly told by a mod to open a support ticket if there are any issues.

if this trend continues a AT based decentralized exchange may become huge Cool

I definitely see decentralized exchanges as the future, fixes the Mt Gox problem!

they even fix scenarios that didn't happen yet, like government seizure, which is the real threat

Elmit

hero member

Activity: 785

Merit: 500

BURST got Smart Contracts (AT)

Quote from: bobafett on May 18, 2015, 09:37:26 AM

SSL is not strictly required, it just adds an additional level of security. If you take a look at a packet trace of you authenticating to a non-SSL wallet, the pass phrase is not sent over the wire. Instead, after you enter your passphrase, the browser requests the publickey for your account (The account ID is generated from the passphrase). Presumably then, the private key (also generated from the passphrase) is used to validate the public key and grant access.

So, even without SSL the passphrase cannot be harvested, SSL just adds an additional layer by making the entire conversation encrypted.

SSL is required for real security. SSL provides both encryption and authentication. Without SSL, it is possible to perform a man-in-the-middle attack.

For example: an attacker sitting in the middle of your non-SSL connection can replace the javascript on the webpage with malicious javascript that harvests your password.

I'm glad Burst City added SSL to their wallet, but it really should have been there all along. To be honest, in this day and age, every website should have SSL, especially a website that is dealing directly with sending and receiving a crypto-currency.

Two notes to that:
1. SSL is as good as the certificate is. There are different levels. Some, as this one, are only good that you know the connection is secure.
It misses contacts, background checks, ...
Basically this certificate says: the connection is correct!
2. The next step is what the server does with your information.
... I don't want to spell out what could happen, if the passphrase leaks to the owner/employee/hacker of that site.
With all anonymity, ... we know not even who is xxx of that site.

I strongly recommend NOT to use such site for MONEY sensitive issues! For me it is merrily a "proof of concept", but not to use!

almond

sr. member

Activity: 407

Merit: 254

Quote from: bobafett on May 14, 2015, 02:08:15 AM

-[ANNOUNCEMENT]- New Pool from Burstcoin.de // http://pool.burstcoin.de

Pool Name – Burstcoin.de Pool
Pool URL – pool.burstcoin.de
Pool Mining Port – 8080
Min Payout 250
Fee 2%

Bonus 100.000 Burst after the first month, paid to all miners, that are active
DONE! Bonus 10.000 Burst after reaching 10 Miners
DONE! Bonus 10.000 Burst after reaching 20 Miners
DONE! Bonus 10.000 Burst after reaching 30 Miners
DONE! Bonus 10.000 Burst after reaching 40 Miners
DONE! Bonus 10.000 Burst after reaching 50 Miners
Bonus 10.000 Burst after reaching 60 Miners
Bonus 10.000 Burst after reaching 70 Miners
Bonus 10.000 Burst after reaching 80 Miners
Bonus 10.000 Burst after reaching 90 Miners
Bonus 100.000 Burst after reaching 100 Miners
Bonus 100.000 Burst after reaching 200 Miners
Bonus 100.000 Burst after reaching 300 Miners
Bonus 200.000 Burst after reaching 400 Miners

Hardware Dual Quad Core Xeon with 3.0 Ghz, 24GB Ram
Internet 1GBit with DDos Protectoin
Fail Safe Replicated Host with Fallback

Geo location Germany
Quality Made in Germany
Pool Software Urays V2 pool modified and error fixed Version from Blago (thanks to blago for the support)

All my own miners already use the pool, with now over 160TB
Join and lets make some Burst together![/size]

Latest full configurated blago miner you the pool you find here: http://pool.burstcoin.de/howto.html
Just change the paths in the miner.conf

Next 10 new miners will get a welcome bonus of 1000 Burst

I 'm a little late to the party, as usual, but since I drive a german car, & love german lenses on my cameras, I had to give this a try. So far so good !

mczarnek

hero member

Activity: 527

Merit: 503

Quote from: callmejack on May 18, 2015, 04:22:03 PM

any news on mixer?

dont know but polo became a msb and limits withdrawals per day....
burst withdrawals temporarily dont work.
the blockexplorer says the last tx happened 20h ago (http://burstcoin.eu/address/5810532812037266198).
someone in the trollbox just asked when withdrawals will work again refering to the last tx on the blockchain and got roughly told by a mod to open a support ticket if there are any issues.

if this trend continues a AT based decentralized exchange may become huge Cool

I definitely see decentralized exchanges as the future, fixes the Mt Gox problem!

callmejack

sr. member

Activity: 256

Merit: 250

Quote from: mo35 on May 18, 2015, 11:47:27 AM

any news on mixer?

dont know but polo became a msb and limits withdrawals per day....
burst withdrawals temporarily dont work.
the blockexplorer says the last tx happened 20h ago (http://burstcoin.eu/address/5810532812037266198).
someone in the trollbox just asked when withdrawals will work again refering to the last tx on the blockchain and got roughly told by a mod to open a support ticket if there are any issues.

if this trend continues a AT based decentralized exchange may become huge Cool

bitladen

full member

Activity: 322

Merit: 100

any news on mixer?

Blago

sr. member

Activity: 416

Merit: 250

Quote from: smaxer on May 18, 2015, 10:42:11 AM

Quote from: Klarisskin on May 18, 2015, 09:42:21 AM

Quote from: Blago on April 28, 2015, 11:15:54 AM

new version Burst-miner v1.150509
https://github.com/Blagodarenko/miner-burst/releases/download/1.150509/miner-burst-1.150509.zip
- solved memory usage issue

I like the new version of your miner very much. Finally memory usage problem under Win7-x64 is solved. The problem is the miner randomly crashes within 1-3 days with the same error message:

Any idea whats wrong and what can be done to avoid these crashes? Previous versions worked for many weeks without crashes.

Sometimes I get the same error. Don't know how to fix it, sorry. Maybe Blago can help us with that.

happens with previous blago versions too, with latest ver. and on burstcoin.de rarely (thanks to fast server responses), its seems related with fastblocks when you send your nounce and next block hits before you receive server confirmation. (its just my observation)

Ok, I'll try to find and fix the problem

haitch

hero member

Activity: 539

Merit: 500

SSL is not strictly required, it just adds an additional level of security. If you take a look at a packet trace of you authenticating to a non-SSL wallet, the pass phrase is not sent over the wire. Instead, after you enter your passphrase, the browser requests the publickey for your account (The account ID is generated from the passphrase). Presumably then, the private key (also generated from the passphrase) is used to validate the public key and grant access.

So, even without SSL the passphrase cannot be harvested, SSL just adds an additional layer by making the entire conversation encrypted.

SSL is required for real security. SSL provides both encryption and authentication. Without SSL, it is possible to perform a man-in-the-middle attack.

For example: an attacker sitting in the middle of your non-SSL connection can replace the javascript on the webpage with malicious javascript that harvests your password.

I'm glad Burst City added SSL to their wallet, but it really should have been there all along. To be honest, in this day and age, every website should have SSL, especially a website that is dealing directly with sending and receiving a crypto-currency.

Good point - I hadn't considered the MitM attack - was only thinking of the encryption of the passphrase.

H.

jamoes

member

Activity: 89

Merit: 10