Topic: Blockchain.info - Bitcoin Block explorer & Currency Statistics - page 99. (Read 482537 times)

Typo on the 'pingit' page, https://blockchain.info/wallet/deposit-pingit:

is it possible to do a blockchain.info like service for litecoin??
would be awesome

I meant $1,500, given an exchange rate of approximately $10.

piuk I have a small problem. I logged out of my wallet but then accidentally landed on the login screen again which prompted the server to send me another sms for two factor auth but I didn't log in and I deleted the sms. Now when I try again it wont send me a new sms. What should I do?

EDIT: nvm, typing in the correct pw and some incorrect sms code resets it

I think you mean $150. But it is costly still. I don't see it as being quite so mandatory for business.

The proper way to accept pmts is to use many addresses, one per transaction. If you do that carefully (and perhaps this is where business apps need improvement) there should be no association between addresses and no way to see any meaningful balance.

Sorry for the late reply. I'm not snoopy, but I would like to know what the demand for mixing coins is. Clearly, this should be done in a way that preserves privacy.

The reason I am interested is because I believe that mixing services are essential for legitimate businesses to be able to conduct transactions with Bitcoins. It's not appealing to commercial interests that wallet balances are public. The only way to keep this private is for mixing to be easily obtained, and cheap.

As it stands, 1.5% to anonymize coins is an outrageous price. MtGox doesn't even charge that much if you add up both ends, and they have to pay employees, provide support, retain legal services, and deal with the cost of compliance with the traditional banking system. If you had 10,000 coins and you wanted to mix them, it would cost $1,500!

I think that over time, the cost to mix coins will trend towards zero. Everyone will be interested in mixing, and they will just run some open source app, for example one that implements the body of a recent paper regarding decentralized mixing.

I requested another feature, see: http://blockchain.uservoice.com/forums/152743-general-ideas/suggestions/3191540-keep-signed-in-on-wallet-even-if-i-click-on-other-

Oh damn, great news for UK users. Looking forward to testing.

Update: Tested. Works. Blown away. This is massive.

Hi Piuk. I think there's something wrong with your signature verification function. Please refer to this post: https://bitcointalksearch.org/topic/m.1210994

The message was signed, from the very first --- to the very last --- (dashed stuff included) using the Satoshi 0.7 wallet. Mine was signed using my 1Rassahgt3XSxKVJ62oSrQJxtH3wk4MKX address, and the other was signed using their 1BYkTioZnM7mQQMzmxSkjJaPyzVN2PiTEY address. Signatures for both addresses were added below. These signatures verify to the same addresses using the Satoshi client, but when I try to use your site to verify a message, it gives me a key totally different from the two mentioned that were used to sign the messages. Do you use your own message signing algorithm that's different from Satoshi?

If you login a website that has good security and use the wrong password, it says your username or password is wrong.

There is a reason behind it, its to prevent people with huge passwords list from knowing if they have a valid username or valid password.

If you use an Invalid 2 factor on GLBSE it says Username or Password is invalid.

MtGox is a little different you have to input username & password first then 2 factor. Not as secure but they allow multiple 2 factor devices so it makes up in the long run.

Besides current trending security practices dictate not to reuse passwords, I use unique passwords on 95% of the websites i use(per my last security Audit)

I have an IT background, and when I see something that could possibly be exploited I report it.(I've seen a ton of exploits over the years)

I don't agree with the 1st issue, I want to know which one I got wrong, so I as a legitimate user can correct it. If we went with your implementation of security, imagine if I always typed in the wrong account password for some reason, but I might think google authenticator is broken, since I can't distinguish which password I got wrong.

The 2nd issue is really minor, so in less than 30 seconds, some one might be able to make another attempt on my account password, who cares. I can give them 10 years and they wouldn't be able to crack my account password. They either know it by obtaining my password storage file, or they don't.

Great service. I appreciate the security model.

Minor Security Concern

When you use a Correct 2 factor Password but an incorrect account password, it informs you that the account password is wrong.

IMHO, a website should never verify which password is incorrect when there are two and should give a generic message saying one of the two passwords are incorrect.

Same theory behind when having account name or password wrong, best practice is to say the password or account is wrong.

---

The Second Issue

It appears that Google Authenticator is not correctly implemented.

Google Authenticator is a Time-based One-time Password (TOTP) algorithm

If you verify that the Google Authenticator password is correct when using a bad account password,it should burn that password.

I have verified this operation with other authenticator based accounts, and if you use a try to reused a code before the time-limit expires it will not let you.

This is designed this way that if  the password is intercepted, and used by the User it can't be reused within the Time-Limit.

RFC 4226
RFC 6238

Puik,

I suggested 3 features on uservoice:

1- http://blockchain.uservoice.com/forums/152743-general-ideas/suggestions/3177586-new-chart-for-addresses-without-activity

2- http://blockchain.uservoice.com/forums/152743-general-ideas/suggestions/3173858-show-the-usd-price-of-1-btc-in-the-exact-time-of-s

3- http://blockchain.uservoice.com/forums/152743-general-ideas/suggestions/3177397-show-date-when-clicking-on-charts

What do you think? Any chance to be implemented?

Getting "ERROR 500" when trying to send funds between addresses hosted in the same wallet. Working again

Thanks, that looks like it'll work nicely.

I don't have an answer exactly but I can recommend bitaddress.org to create a 100% offline paper wallet. It works well. And it's easy to import your addresses for watching purposes afterwards into blockchain.info. That let's you still create your keys completely offline.

Anybody know the answer here?

Aren't you snoopy misterbigg and I am sure you are not the only one. I think the less logs the better also.

But getting to demand, perhaps the market could set the rate instead of it constantly being 1.5%. Then 'interest' could be earned on bitcoin balances. Of course, one of the risks may be that the private key needs to be entrusted to Blockchain.info ....

But a whole range of products could be developed like CDs, for depositors, where the bitcoins are entrusted for a certain amount of time, etc. or for customers automated payments that could be made based on an algorithm where the variables of which could be tweaked by the user (time, amount, randomness, etc.).

For example, 50 BTC are sent and over 30 days those 50 BTC are sent via 27 addresses, all with 0% taint to each other, to 1 address and the amounts of each payment are of a same amount (like for children's allowances, etc.) or sufficiently random, or fall within a normal distribution for particular behavior like website donations, etc., to provide plausible deniability for the receiver.

This could all help drive the 1.5% fee lower, which is competing with other goods/services, while revenues and profits could be increased through volumes since marginal cost is 0. And we all like cheap!

And if Blockchain.info is able to maintain its trust agent status it could develop a very useful business for both depositors and customers.

There is always the next year


Thank you for the complement, I think:) Investment is not need currently as the site is sufficiently funded for it's current goal. Which is to be a profitable, sustainable business within the current bitcoin economy - "Bitcoin wallet for bitcoiners". Maybe in future we will be looking for more funding for marketing etc, but that is way off yet.


Since the API is really simple to implement I have added it. I'm not sure if the My Wallet app needs approval by the boxcar.io admins but it seems to work for me.




I'm not sure what window you mean? A popup dialog?


Thanks for letting me know, I have added some extra checks to hopefully prevent this from happening again.


I think your right about number 4. If the header was going to be re-designed it would be at the point when the entire Site was re-designed professionally (ditching bootstrap), for the moment I think it is ok.



As far as i'm concerned the less logs the better, even if it's only a counter. I would say that demand is moderate, the reason TorWallet turned rogue may have been that demand for mixing wasn't high enough.