Pages:
Author

Topic: Bitcoin-Central - why don't people use this exchange?? - page 2. (Read 3612 times)

legendary
Activity: 1358
Merit: 1002
0 fees on exchange but charging €15 for a FREE SEPA transfer... good luck lol
hero member
Activity: 714
Merit: 500
Why don't people use bitcoin ?
newbie
Activity: 47
Merit: 0
Yes, but you should also know that bcrypt use more complicated algorithm to slow down the speed of calculation, this can be used as a vulnerable of DDOS attack.
donator
Activity: 1218
Merit: 1079
Gerald Davis
what do you think about SHA512 with salt?

Already asked and answered.  SHA2 (which SHA-256, SHA-384, SHA-512 are all part of) was optimized for speed.  It also can be easily accelerated in parallel (GPU cough cough).  While any strong hashing function is better than nothing (or trying to roll your own) you DON'T WANT AN ALGORITHM OPTIMIZED FOR SPEED.  You don't want an algorithm where it is possible for an attacker to brute force tens of billions of possible combinations per second.

bcrypt was designed to protect password files.  It is optimized to protect password files.
newbie
Activity: 47
Merit: 0
we are using long random words as hash to mix user's original password before hash it again with double md5/sha265.
MD5 is weak, salts are probably stored in your DB, SHA2 is designed for speed which is precisely what *you do not want* in a password hash function, especially when half of this community is actively working on making SHA2 bruteforce more and more efficient Wink

Don't reinvent the wheel, use bcrypt, it was designed specifically for that use case, it is designed to be slow which is a good thing for a password hash function.
[/quote]

Code:
bcrypt is an adaptive cryptographic hash function for passwords designed by Niels Provos and David Mazières, based on the Blowfish cipher, and presented at USENIX in 1999.[1] Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive hash: over time it can be made slower and slower so it remains resistant to specific brute-force search attacks against the hash and the salt.

what do you think about SHA512 with salt?
legendary
Activity: 1372
Merit: 1008
1davout
we are using long random words as hash to mix user's original password before hash it again with double md5/sha265.
MD5 is weak, salts are probably stored in your DB, SHA2 is designed for speed which is precisely what *you do not want* in a password hash function, especially when half of this community is actively working on making SHA2 bruteforce more and more efficient Wink

Don't reinvent the wheel, use bcrypt, it was designed specifically for that use case, it is designed to be slow which is a good thing for a password hash function.
newbie
Activity: 47
Merit: 0
I don't trade a lot, but a big reason to favor Mt.Gox is that they have already been hacked once and successfully emerged from that with most users unharmed. Presumably, this means a future hack will be that more difficult. As some of these upstart exchanges get bigger, they will become more of a target and perhaps have weaker security.

yes, you can think at that way. but other exchangers do also learn from that hack event. for example. we are using long random words as hash to mix user's original password before hash it again with double md5/sha265. so if very unfortunately we get hacked, our user's passwords are still safe (for each user has a long random hash pre-key, to brute force all passwords will become a mission almost impossible)

i agree with that you should also give other small exchangers a try. such like Bitcoin-Central or BtcTree.com. we have nice price of bitcoins and fast withdrawal service here, you might be interesting.
legendary
Activity: 1372
Merit: 1008
1davout
We get small volume for EUR. But I hear you, there's *ahem* room for improvement Cheesy

There've been a lot of behind-the-scenes improvements since BC isn't a hobby anymore but a professionnal endeavour!

I'm working to integrate BitInstant as we speak, Ukash is next, after that the roadmap is as follows :
 - improve design and usability,
 - Merge LR with fiat (currently LREUR and EUR are separate markets, seemed like a good decision at the time but apparently users think it wasn't, and users are mostly right)
 - rewrite of the trading engine to make it execute trades against multiple other trading platforms (= virtually the combined liquidity of all other exchanges)
 - improvement of the merchant API to take advantage of the rewritten trading engine, with the bigger goal of providing the tightest spreads for merchant/buyer auto-exchange

I don't trade a lot, but a big reason to favor Mt.Gox is that they have already been hacked once and successfully emerged from that with most users unharmed. Presumably, this means a future hack will be that more difficult. As some of these upstart exchanges get bigger, they will become more of a target and perhaps have weaker security.
Our code's been open since December 31 2010, not a single hack. I'll let you reach your own conclusions regarding the quality of the code Wink

The only exchange that's older than BC is mtgox (when Jed still operated it). So you can trust the fact that we're animated by passion and here to stay Smiley
newbie
Activity: 21
Merit: 0
I don't trade a lot, but a big reason to favor Mt.Gox is that they have already been hacked once and successfully emerged from that with most users unharmed. Presumably, this means a future hack will be that more difficult. As some of these upstart exchanges get bigger, they will become more of a target and perhaps have weaker security.
hero member
Activity: 518
Merit: 500
When I was doing arb trading, it was a good place, but volumes/liquidity were a bit hit and miss.  Didn't have any problems though.
legendary
Activity: 1120
Merit: 1003
The only thing wrong about this site is that it doesn't have enough volume, so I'm curious - why not?

Not to sound like an ad for the site, but it DOESN'T HAVE TRADING FEES!! If this exchange had the volume, it'd be my main exchange just for that.

They are also one of the only exchanges that takes pecunix, which is cool. And their LR deposits AND withdraws are instant!

Why is this exchange a ghost town then?? Just curious to hear what people think.

I think you answered your own question.

Not entirely..even with the low volume, I still place some trades there. Apparently most people don't. I'm mostly curious if there are other reasons besides volume.
newbie
Activity: 21
Merit: 0
The only thing wrong about this site is that it doesn't have enough volume, so I'm curious - why not?

Not to sound like an ad for the site, but it DOESN'T HAVE TRADING FEES!! If this exchange had the volume, it'd be my main exchange just for that.

They are also one of the only exchanges that takes pecunix, which is cool. And their LR deposits AND withdraws are instant!

Why is this exchange a ghost town then?? Just curious to hear what people think.

I think you answered your own question.
legendary
Activity: 1120
Merit: 1003
The only thing wrong about this site is that it doesn't have enough volume, so I'm curious - why not?

Not to sound like an ad for the site, but it DOESN'T HAVE TRADING FEES!! If this exchange had the volume, it'd be my main exchange just for that.

They are also one of the only exchanges that takes pecunix, which is cool. And their LR deposits AND withdraws are instant!

Why is this exchange a ghost town then?? Just curious to hear what people think.
Pages:
Jump to: