Bitcoin Forum>Economy>Marketplace>Lending
Pages:
Author

Topic: [CLOSED] CoinLenders - page 21. (Read 226433 times)

btharper
sr. member
Activity: 389
Merit: 250
Re: [CLOSED] CoinLenders
July 02, 2013, 10:39:29 PM
#587
Quote from: halfawake on July 02, 2013, 10:34:46 PM
Quote from: 🏰 TradeFortress 🏰 on July 02, 2013, 07:59:15 PM
Yes, which takes 30 seconds. Not much different from a Facebook app or something that uses Google accounts.

Bummer.  If it's only 30 seconds, that's not too bad though.  I'm quite willing to put up with it for the 25% interest you're offering.
Kind of my thoughts, not quite pleasant, but not that big of a problem.

Any way to setup auto-deposit from an address, this was a handy feature for me. Perhaps as a feature request on Inputs? Addresses available that automatically pay another account upon deposit.
halfawake
hero member
Activity: 490
Merit: 500
Re: [CLOSED] CoinLenders
July 02, 2013, 10:34:46 PM
#586
Quote from: 🏰 TradeFortress 🏰 on July 02, 2013, 07:59:15 PM
Yes, which takes 30 seconds. Not much different from a Facebook app or something that uses Google accounts.

Bummer.  If it's only 30 seconds, that's not too bad though.  I'm quite willing to put up with it for the 25% interest you're offering.
🏰 TradeFortress 🏰
vip
Activity: 1316
Merit: 1043
👻
Re: [CLOSED] CoinLenders
July 02, 2013, 07:59:15 PM
#585
Yes, which takes 30 seconds. Not much different from a Facebook app or something that uses Google accounts.
halfawake
hero member
Activity: 490
Merit: 500
Re: [CLOSED] CoinLenders
July 02, 2013, 07:53:45 PM
#584
Quote from: 🏰 TradeFortress 🏰 on July 02, 2013, 10:13:55 AM
Announcement

CoinLenders will be using Inputs.io to handle bitcoin deposits and withdrawals. Here's some info:

Why?
It's more secure for the backend. CoinLenders soon will no longer run Bitcoind, which also requires less maintenance. It also makes it very easier to move your coins in and out of CoinLenders to other Inputs.io services.

Security Model
You'll only be able to deposit and withdraw from the same email. So if your CoinLenders email is "[email protected]", your Inputs.io email must be "[email protected]" - we only allow deposits from that address (so we know who to credit), and withdrawals to that Inputs.io account.

Deposits
Just send coins to [email protected] - it couldn't be simpler. Refresh the page, and you instantly have the balance  Smiley

Withdrawals
Currently, withdrawals are still using Bitcoind. This will soon be changed - you'll only be able to transfer coins to your Inputs.io account with the same email - which means that you just have to focus on your Inputs account not being compromised. We worked on a lot of security features for Inputs Smiley

So does this mean we have to create an Inputs.io account to use Coinlenders now?
🏰 TradeFortress 🏰
vip
Activity: 1316
Merit: 1043
👻
Re: [CLOSED] CoinLenders
July 02, 2013, 10:13:55 AM
#583
Announcement

CoinLenders will be using Inputs.io to handle bitcoin deposits and withdrawals. Here's some info:

Why?
It's more secure for the backend. CoinLenders soon will no longer run Bitcoind, which also requires less maintenance. It also makes it very easier to move your coins in and out of CoinLenders to other Inputs.io services.

Security Model
You'll only be able to deposit and withdraw from the same email. So if your CoinLenders email is "[email protected]", your Inputs.io email must be "[email protected]" - we only allow deposits from that address (so we know who to credit), and withdrawals to that Inputs.io account.

Deposits
Just send coins to [email protected] - it couldn't be simpler. Refresh the page, and you instantly have the balance  Smiley

Withdrawals
Currently, withdrawals are still using Bitcoind. This will soon be changed - you'll only be able to transfer coins to your Inputs.io account with the same email - which means that you just have to focus on your Inputs account not being compromised. We worked on a lot of security features for Inputs Smiley
Birdy
sr. member
Activity: 364
Merit: 250
Re: [CLOSED] CoinLenders
July 02, 2013, 09:26:27 AM
#582
Quote from: joeyjmr8484 on July 02, 2013, 08:47:01 AM
My loan is still pending. Can you approve it?
hm, 6 negative trust entries, 3 from trusted sources. I wonder what possibly could go wrong? Roll Eyes
vlees
full member
Activity: 196
Merit: 100
Re: [CLOSED] CoinLenders
July 02, 2013, 09:03:14 AM
#581
Quote from: joeyjmr8484 on July 02, 2013, 08:47:01 AM
My loan is still pending. Can you approve it?

joeyjmr8484
full member
Activity: 140
Merit: 100
Re: [CLOSED] CoinLenders
July 02, 2013, 08:47:01 AM
#580
My loan is still pending. Can you approve it?
sleger
full member
Activity: 167
Merit: 100
Re: [CLOSED] CoinLenders
July 02, 2013, 08:43:54 AM
#579
Hi TF,
What is the procedure to remove the 2fa authentification should the device be lost / stolen / wiped out ?
Thank you
🏰 TradeFortress 🏰
vip
Activity: 1316
Merit: 1043
👻
Re: [CLOSED] CoinLenders
July 01, 2013, 02:00:58 PM
#578
The message must be signed from the same address.

Quote

It should say: "Message verified to be from 15Cq6CSmEiGuqYEPmv877iA5dz4h83U4wk"

If it is not that address, then something went wrong.
siliclone
newbie
Activity: 23
Merit: 0
Re: [CLOSED] CoinLenders
July 01, 2013, 01:48:13 PM
#577
Quote from: shawshankinmate37927 on July 01, 2013, 02:30:55 AM
Quote from: siliclone on June 30, 2013, 11:48:12 PM
Quote from: shawshankinmate37927 on June 29, 2013, 08:18:26 PM
Quote from: siliclone on June 29, 2013, 04:16:18 PM
Quote from: wolverine.ks on June 29, 2013, 04:04:40 PM
So newb question to break up all the drama a bit....

what is all this verification to prevent MITM stuff?

ive seen it, but what do I do with it?

thanks
It's there for your peace of mind. It's an optional step that you can use to verify the authenticity of the deposit address prior to sending funds. My guess as to the reasoning is that if a MITM attack was taking place, the attacker would not posses certain information found in the message and therefore the generated signature from the injected address would not match.

The attacker would not possess the private key associated with that deposit address.  Only someone with the private key that corresponds to that deposit address would be able to generate that signature with that message.

I'm assuming that an attacker that injects a deposit address would also possess the private key for that address.

If an attacker injects a fake deposit address, then yes, it only makes sense to that he possesses the private key to that fake address.  However, when you attempt to verify a message that was signed with the private key of the real deposit address, the signature will not match up with the fake deposit address, causing validation to fail.

I think that was my point. Although I'll admit a certain ignorance when it comes to the soundness of this approach as it appears on the surface. One would think that if an attacker has the ability to inject a deposit address, then he would also have the ability to at the same time inject his own message and signature, which would then be verifiable when checked against the fake address.
The one way I can see around this is if the message contained some information that the attacker does not know, and is unable to intercept, and therefore unable to forge. This approach however, would require the user to know the content and format of the message to ensure it has all the elements and hasn't been tampered with...

I haven't had lunch. I can't think when I'm hungry.
shawshankinmate37927
hero member
Activity: 854
Merit: 1000
Bitcoin: The People's Bailout
Re: [CLOSED] CoinLenders
July 01, 2013, 02:30:55 AM
#576
Quote from: siliclone on June 30, 2013, 11:48:12 PM
Quote from: shawshankinmate37927 on June 29, 2013, 08:18:26 PM
Quote from: siliclone on June 29, 2013, 04:16:18 PM
Quote from: wolverine.ks on June 29, 2013, 04:04:40 PM
So newb question to break up all the drama a bit....

what is all this verification to prevent MITM stuff?

ive seen it, but what do I do with it?

thanks
It's there for your peace of mind. It's an optional step that you can use to verify the authenticity of the deposit address prior to sending funds. My guess as to the reasoning is that if a MITM attack was taking place, the attacker would not posses certain information found in the message and therefore the generated signature from the injected address would not match.

The attacker would not possess the private key associated with that deposit address.  Only someone with the private key that corresponds to that deposit address would be able to generate that signature with that message.

I'm assuming that an attacker that injects a deposit address would also possess the private key for that address.

If an attacker injects a fake deposit address, then yes, it only makes sense to that he possesses the private key to that fake address.  However, when you attempt to verify a message that was signed with the private key of the real deposit address, the signature will not match up with the fake deposit address, causing validation to fail.
🏰 TradeFortress 🏰
vip
Activity: 1316
Merit: 1043
👻
Re: [CLOSED] CoinLenders
June 30, 2013, 11:55:08 PM
#575
The message is signed with another address.
siliclone
newbie
Activity: 23
Merit: 0
Re: [CLOSED] CoinLenders
June 30, 2013, 11:48:12 PM
#574
Quote from: shawshankinmate37927 on June 29, 2013, 08:18:26 PM
Quote from: siliclone on June 29, 2013, 04:16:18 PM
Quote from: wolverine.ks on June 29, 2013, 04:04:40 PM
So newb question to break up all the drama a bit....

what is all this verification to prevent MITM stuff?

ive seen it, but what do I do with it?

thanks
It's there for your peace of mind. It's an optional step that you can use to verify the authenticity of the deposit address prior to sending funds. My guess as to the reasoning is that if a MITM attack was taking place, the attacker would not posses certain information found in the message and therefore the generated signature from the injected address would not match.

The attacker would not possess the private key associated with that deposit address.  Only someone with the private key that corresponds to that deposit address would be able to generate that signature with that message.

I'm assuming that an attacker that injects a deposit address would also possess the private key for that address. Therefore, the only discernible asset not possessed would be something found in the message itself. Unless MITM in this scenario has nothing to do with injecting a fraudulent address.
BigBitz
hero member
Activity: 672
Merit: 501
Re: [CLOSED] CoinLenders
June 30, 2013, 05:22:52 PM
#573
Just a small one.

Code:
2 factor auth has being enabled for your account.

typo Smiley it should be either "has been" or "is being" if there is some sort of back end work required.
🏰 TradeFortress 🏰
vip
Activity: 1316
Merit: 1043
👻
Re: [CLOSED] CoinLenders
June 30, 2013, 08:38:05 AM
#572
Quote from: vlees on June 30, 2013, 08:36:08 AM
Quote from: ?? on ??
Can someone help?  I can't for the life of me get the new MITM address verification message to verify using multibit or brainwallet.org.   Huh I had no problems before when it was associated with the address on these forums.  Now I can't send funds because maybe I AM being MITM attacked?  Most likely I'm doing something wrong, but I have tried every combo under the sun to get it to verify and it just won't. Huh

I tried emailing TF, but no reply.

You can verify the message in a normal Bitcoin client.

In Bitcoin-QT you can go to the first menu -> verify message.
The paste the entire message (including "signed with inputs.io.....")
As signer address take the first line from the signature block.
As signature, take the second line. Click verify. Should work.
That works too, but it's much easier with Inputs Smiley
vlees
full member
Activity: 196
Merit: 100
Re: [CLOSED] CoinLenders
June 30, 2013, 08:36:08 AM
#571
Quote from: ?? on ??
Can someone help?  I can't for the life of me get the new MITM address verification message to verify using multibit or brainwallet.org.   Huh I had no problems before when it was associated with the address on these forums.  Now I can't send funds because maybe I AM being MITM attacked?  Most likely I'm doing something wrong, but I have tried every combo under the sun to get it to verify and it just won't. Huh

I tried emailing TF, but no reply.

You can verify the message in a normal Bitcoin client.

In Bitcoin-QT you can go to the first menu -> verify message.
The paste the entire message (including "signed with inputs.io.....")
As signer address take the first line from the signature block.
As signature, take the second line. Click verify. Should work.
🏰 TradeFortress 🏰
vip
Activity: 1316
Merit: 1043
👻
Re: [CLOSED] CoinLenders
June 30, 2013, 08:07:59 AM
#570
Quote from: BigBitz on June 30, 2013, 06:50:27 AM
inputs.io something else you are working on TF?
Yes Smiley
BigBitz
hero member
Activity: 672
Merit: 501
Re: [CLOSED] CoinLenders
June 30, 2013, 06:50:27 AM
#569
inputs.io something else you are working on TF?
🏰 TradeFortress 🏰
vip
Activity: 1316
Merit: 1043
👻
Re: [CLOSED] CoinLenders
June 29, 2013, 10:06:22 PM
#568
Quote from: ?? on ??
Quote from: 🏰 TradeFortress 🏰 on June 29, 2013, 09:56:34 PM
Copy and paste the signed message here:

https://inputs.io/clearsign

It should say: "Message verified to be from 15Cq6CSmEiGuqYEPmv877iA5dz4h83U4wk"

Here's what came back:


Something still isn't working for me.

Heheh

I'll PM you a beta key Smiley
Pages:
Bitcoin Forum>Economy>Marketplace>Lending
Jump to: