Author

Topic: Cloud.Synergycoin.com - Cryptocurrency Automated Trading (Bots) in the Cloud!! (Read 790 times)

sr. member
Activity: 462
Merit: 250


The following updates to Synergy Cloud have been pushed live to the production site.

Buy/Sell Only on Accumulator Bot:
The Accumulator bot has been updated with the options to allow you to re-list only buys, sells or both and the % difference you indicate.

Timed Orders / Ping Pong Update
The Timed Orders and Ping Pong bots have been updated to allow for continuous monitoring of balances in order to execute transactions.  What this means is that if you are attempting to sell coin XYZ and the balance of this coin goes below the criteria you set, the bot will continue to check the balance and when the balance is within range of what is programmed for the bot an order will execute.

The bot updates above were made in order to improve bot flexibility and allow for different strategies using multiple bots together.  With a little thought, you'll likely see why these small updates were made.

Bug Fixes:
- Code for "Stop if Coin Price Less Than" was corrected, previous functionality was reversed.


-nextgen
sr. member
Activity: 462
Merit: 250


The following updates to Synergy Cloud will be made at 8:30pm pacific this evening (29-Oct-2015).

Enhanced API Key Encryption:
This update vastly improves password and API security. According to security best practices, passwords are not stored on our servers (and never were). Instead only the cryptographic fingerprint ("hash") of a password is stored. When a user logs in, the hash of the attempted password is calculated and then compared to what is stored on our server. To discover the password, an attacker can try to hash many different passwords to find those that match hashes stored on our servers.

To thwart this type of brute force search, we do not use a simple one-step hash. Instead, our new system stores the a hash of the password using a large number of cycles of a very computationally expensive hash, made more secure with a large 256 bit random salt. To get a sense of how long a 256 bit salt is, an example would be bb5d3f9c0e396c3f8884f24ec43a16a31e6139e4e10d44512c261fc305df427f.
These security measures mean that an attacker must have a prohibitive amount of computing resources to "crack" any passwords that may be exposed if our database server, hosted by a third party, is compromised.

We use similar technology to protect API keys. We do not store the actual API key on our servers. Instead we store the encrypted version, using AES encryption, which is one of the strongest encryption algorithms available. We also do not store the decryption keys to the encrypted API keys anywhere. When a user logs in, the decryption key is generated dynamically from the user's password, using a key derivation method similar to the method we use to create the password hashes for login. Are the password hashes and API decryption keys the same? No. Just the method to generate them are similar in that they are created using numerous rounds of strong cryptographic hashing with a random salt. The random salts are different.

Finally, the salts are stored and the hashing is performed on a server remote from our database server, meaning that even if an attacker recovers the password hashes and encrypted API keys, they will still have to compromise the remote server to learn the hashing algorithm and salts. But, even in the highly unlikely event that they compromise both servers, discovering the hashes, encrypted keys, salts, and hashing algorithms, they will still be stifled by the need to brute force passwords under the burden of our very computationally expensive hashing system.

Please Note: Due to the change in the way API keys are being stored, when you log in to your account after the update you will need to re-add the keys from the exchanges you wish to use.  To ensure maximum security, please generate and use new keys.


Google Two Factor Authentication
Google Two Factor Authentication will be added to the site in order to increase your account security.  Please visit your account settings to activate as soon as possible.  We encourage ALL users to activate 2FA in order to better protect your account.


Automated Calculation and Updating of SNRG Burning Price:
The SNRG burn rate will now be updated daily based on market indicators.  This will allow us to automatically maintain a consistent rate for using the sites services without having to do daily, manual calculations.  This will mark the end of the introductory burn rate of 3 SNRG/day.


Enabling of Automated System Email:
Automated email functionality has been added in order to allow users to be able to utilize the Password Reset functionality should it be needed.  Users will now also be required to confirm their email address prior to using the sites functionality.  This will allow us to ensure users will have access to reset their password and additional site functionality that will be added in the future.  


As always, please feel free to let myself or Grandpa Jones know if you have any questions.  We'll be available in the Slack channel tonight during the release to keep an eye on things and make sure the release goes as smoothly as possible for our users.

-nextgen

This release is now complete.  Please remember you must update your API keys!
sr. member
Activity: 462
Merit: 250


The following updates to Synergy Cloud will be made at 8:30pm pacific this evening (29-Oct-2015).

Enhanced API Key Encryption:
This update vastly improves password and API security. According to security best practices, passwords are not stored on our servers (and never were). Instead only the cryptographic fingerprint ("hash") of a password is stored. When a user logs in, the hash of the attempted password is calculated and then compared to what is stored on our server. To discover the password, an attacker can try to hash many different passwords to find those that match hashes stored on our servers.

To thwart this type of brute force search, we do not use a simple one-step hash. Instead, our new system stores the a hash of the password using a large number of cycles of a very computationally expensive hash, made more secure with a large 256 bit random salt. To get a sense of how long a 256 bit salt is, an example would be bb5d3f9c0e396c3f8884f24ec43a16a31e6139e4e10d44512c261fc305df427f.
These security measures mean that an attacker must have a prohibitive amount of computing resources to "crack" any passwords that may be exposed if our database server, hosted by a third party, is compromised.

We use similar technology to protect API keys. We do not store the actual API key on our servers. Instead we store the encrypted version, using AES encryption, which is one of the strongest encryption algorithms available. We also do not store the decryption keys to the encrypted API keys anywhere. When a user logs in, the decryption key is generated dynamically from the user's password, using a key derivation method similar to the method we use to create the password hashes for login. Are the password hashes and API decryption keys the same? No. Just the method to generate them are similar in that they are created using numerous rounds of strong cryptographic hashing with a random salt. The random salts are different.

Finally, the salts are stored and the hashing is performed on a server remote from our database server, meaning that even if an attacker recovers the password hashes and encrypted API keys, they will still have to compromise the remote server to learn the hashing algorithm and salts. But, even in the highly unlikely event that they compromise both servers, discovering the hashes, encrypted keys, salts, and hashing algorithms, they will still be stifled by the need to brute force passwords under the burden of our very computationally expensive hashing system.

Please Note: Due to the change in the way API keys are being stored, when you log in to your account after the update you will need to re-add the keys from the exchanges you wish to use.  To ensure maximum security, please generate and use new keys.


Google Two Factor Authentication
Google Two Factor Authentication will be added to the site in order to increase your account security.  Please visit your account settings to activate as soon as possible.  We encourage ALL users to activate 2FA in order to better protect your account.


Automated Calculation and Updating of SNRG Burning Price:
The SNRG burn rate will now be updated daily based on market indicators.  This will allow us to automatically maintain a consistent rate for using the sites services without having to do daily, manual calculations.  This will mark the end of the introductory burn rate of 3 SNRG/day.


Enabling of Automated System Email:
Automated email functionality has been added in order to allow users to be able to utilize the Password Reset functionality should it be needed.  Users will now also be required to confirm their email address prior to using the sites functionality.  This will allow us to ensure users will have access to reset their password and additional site functionality that will be added in the future.  


As always, please feel free to let myself or Grandpa Jones know if you have any questions.  We'll be available in the Slack channel tonight during the release to keep an eye on things and make sure the release goes as smoothly as possible for our users.

-nextgen
sr. member
Activity: 462
Merit: 250
The time has come.  Synergy Cloud has arrived.

I couldn’t be happier to announce that today, we are officially launching our cloud based platform, Synergy Cloud.  As you can see below, this first release of Synergy Cloud will include 5 different trading bots in addition to manual trading on your favorite 4 exchanges (Bittrex, Poloniex, Cryptsy and C-cex).  This project has been in the works for roughly 2 months now and we feel we have a great product that many in the crypto community will find useful and provides us with a great platform to build upon.

As you have noticed in past posts, functionality on the site will be unlocked in your account by burning SNRG to an unspendable address (more info).  The current, introductory rate to use the site will be 3 SNRG per day and will be limited to 28 days of maximum funding.  

As you are using the site, if you have any issues, notice any bugs or have any suggestions/feedback, please reach out to us at [email protected] and we will address your request as soon as possible.  If you find a bug, big or small, we may have a little reward for you as well!  You can also find immediate assistance and our community on our Slack channel, please click here for an instant invite.

Thank you all for your support and we look forward to building a bigger and better Synergy Cloud in the days to come!


Jump to: