Pages:
Author

Topic: Giving away free bitcoins!!! (Read 2368 times)

sr. member
Activity: 490
Merit: 250
November 11, 2011, 02:30:29 PM
#39
Also, make sure the salt is included in both of the hash calculations. That will make the process safer.
If you do not include a salt, and just hash the password several times, you won't be making it harder, but easier, for an attacker to get the password.
And make sure the hash includes special characters, not just alphanumeric ones.

Just my 2 cents Wink
full member
Activity: 154
Merit: 102
Bitcoin!
November 10, 2011, 10:47:25 AM
#38
Please, please, please, please, please, please, please, please, please, please, please, please, please, please do not store passwords as plain text. It is a huge breach of user trust. You should immediately change it to store passwords as a salted hash.  If you don't know how to do this, ask me and I will give you details. As a start, you can read this: http://codahale.com/how-to-safely-store-a-password/
Like bwagner, I hope I am being helpful and educational with this, as that is my intent.

Passwords being stored as plain text really is a Big Deal. I love to see new Bitcoin-related business start up, and I am all for them. But when a website is negligent in terms of security issues, I cringe.

For minimum levels of security do this:

1. When user registers, generate a random salt for the user (say 20 random characters)
2. Take the user's password and hash it with the salt in a loop (pseudocode):
Code:
salt = "9sOqlp09Juy336Fvz,)jk@kxccq1>Mf"; // different for every user
password = "blahblah";
hash = password;
for (i = 0; i < 10000; ++i)
{
    hash = sha256(sha256(hash) + salt);
}
3. Save hash and salt in your users table.

When a user logs in, run the password through the same process as above (using the salt stored for that user), and if the resultant hash is the same as the one stored in the database for that user, log them in.

EDIT: OP had PMed me before I wrote this, bit I didn't see the PM. Oops.  Replied to PM as well.
sr. member
Activity: 422
Merit: 250
November 09, 2011, 09:56:48 PM
#37
So the coins I sent dont say: received from: "14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF"?

My fiinal post on this point, I hope I am being helpful and educational here - that is my intent.

Just as an example the 0.10 BTC you sent to me can be seen here:

http://blockexplorer.com/address/1Kuktw1ebnL3ySLx3AJK5kEA3xbkibH535

Notice they were sent from and address you probably didn't even know you had Smiley

Thanks for your help. I think I will take your idea and make process something like this:

1. Enter the number of credits you wish to purchase and press submit:
[#number of credits]
2. Send [# number of credits submitted]/[100*(Mt Gox buy price at the time they press submit)] bitcoins to the following address
[MokiMarket bitcoin address]

What do you think of that?


legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
November 09, 2011, 09:39:32 PM
#36
So the coins I sent dont say: received from: "14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF"?

My fiinal post on this point, I hope I am being helpful and educational here - that is my intent.

Just as an example the 0.10 BTC you sent to me can be seen here:

http://blockexplorer.com/address/1Kuktw1ebnL3ySLx3AJK5kEA3xbkibH535

Notice they were sent from and address you probably didn't even know you had Smiley
legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
November 09, 2011, 09:15:46 PM
#35
I am glad to help in any way I can.  I love to see businesses join the Bitcoin community.  I see why you want the "from" address - so you can see who sent the BTC so you can credit their account.  The way this is usually done is to generate a new TO address for each order, then when you get the BTC you know who it was from since you see where they sent it to.  If you look at the standard client - at least the version I am using - and click on a transaction the from field is often (always?) blank.  So if you have everyone send BTC to your single address of 14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF then it is a pain to figure out who sent it (look in the block explorer and look at all the transaction to 14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF), like this:

http://blockexplorer.com/address/14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF

If you do that you will notice that I sent you 1 BTC.  You know this because I am in the minority in that I can send from a known vanity address of http://firstbits.com/1burtw.  Most payments from most users will appear to just come from random addresses, many times from multiple addresses for a single transaction.  So it would be best if your site just generated a different payment address every time someone sends you coins, then when you get coins at that address you know you can credit that person's account with the proper number of credits.

sr. member
Activity: 422
Merit: 250
November 09, 2011, 09:11:08 PM
#34
OK, I finally read the fine print:

Quote
Example: One bitcoin payment is submited at 1:00pm when MtGox is trading at $3, worth 300 credits. If payment is processed at 1:30pm and MtGox is trading at $3.20, your account will receive 320 credits; if payment is processed at 2:30pm and MtGox is trading at $2.90 your account will receive 290 credits.”

So I will send you 1 BTC and see what happens.  I think with some work this could be a very fun site.

I just processed your payment, sorry for the confusion. I will fix this issue to make it more user friendly.
sr. member
Activity: 422
Merit: 250
November 09, 2011, 08:55:56 PM
#33
So I guess I am waiting to hear from you as to how many BTC you expect me to send in order to get $1.00 worth of credits?

I think it may be simpler to have the following on the credit sale page when buying using BTC:

1) how many credits to you want? (have a numeric entry box here)
2) I enter 100 and submit
3) next/response page:  That will cost you 0.33783783 BTC, please send payment to 14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF
 

That's a good idea. See this is why I need the bitcoin community to help me out with these issues. I'm just trying to create what I think would be a really cool service and am open to any help i can get!
sr. member
Activity: 422
Merit: 250
November 09, 2011, 08:51:47 PM
#32
I got the coupon code, but haven't bid yet -- the auction ending in one hour is of no interest to me. I'll bid later, when the more interesting auctions are nearer.
In any case:
username: BTCurious
Address: 1NaNoBitU2q8czqE2y5rEQPj4qcW6K3mFp

Payment sent!
legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
November 09, 2011, 08:48:24 PM
#31
OK, I finally read the fine print:

Quote
Example: One bitcoin payment is submited at 1:00pm when MtGox is trading at $3, worth 300 credits. If payment is processed at 1:30pm and MtGox is trading at $3.20, your account will receive 320 credits; if payment is processed at 2:30pm and MtGox is trading at $2.90 your account will receive 290 credits.”

So I will send you 1 BTC and see what happens.  I think with some work this could be a very fun site.
legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
November 09, 2011, 08:26:23 PM
#30
So I guess I am waiting to hear from you as to how many BTC you expect me to send in order to get $1.00 worth of credits?

I think it may be simpler to have the following on the credit sale page when buying using BTC:

1) how many credits to you want? (have a numeric entry box here)
2) I enter 100 and submit
3) next/response page:  That will cost you 0.33783783 BTC, please send payment to 14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF

BUT to easily track your incomming payments you should probably generate a new address for each order instead of using 14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF for every order
 
legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
November 09, 2011, 08:13:48 PM
#29
hey moki thanks for getting the spam issue sorted out, have another one for you though
you have this on the "buy credit" page...
Code:
1. Enter the bitcoin address you will be sending coins from and press submit:

umm, how am i supposed to know from what address i will be sending the coins ? clients selects automatically one or more input addresses to sum the total amount
I find this very confusing also.  No one ever asks the address the Bitcoins are coming FROM.  In fact the average user of the standard Bitcoin client has no idea what account the Bitcoins are coming FROM - and really no control as to what address they will come from.  I happen to have created my own vanity key pairs using vanitygen and imported them into a StrongCoin account where I can have total control of the from address - but that is not the usual case.  You should really not ask for this information.  Also I have no idea how many coins to send you in order to buy $1.00 worth of credits.  Your site should calculate this for me and then give me an address and an amount to send.
legendary
Activity: 924
Merit: 1004
Firstbits: 1pirata
November 09, 2011, 08:12:47 PM
#28
hey moki thanks for getting the spam issue sorted out, have another one for you though
you have this on the "buy credit" page...
Code:
1. Enter the bitcoin address you will be sending coins from and press submit:

umm, how am i supposed to know from what address i will be sending the coins ? clients selects automatically one or more input addresses to sum the total amount

Hmmm..I thought that it sent payment from this address listed on the client:

Your bitcoin address: 14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF

I guess I was wrong. Payments can still be processed, but I will change it so that it says enter the amount of coins that will be sent instead. Thanks for pointing that out.





So the coins I sent dont say: received from: "14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF"?

i don't get you very well, in the standard client you can't possibly know what addresses will be used to send a payment before hitting the pay button.
Example transactions that have multiple inputs and one output, destination address. You enter destination address and the software combines various inputs to make the sum of bitcoins.
Knowing from what address the bitcoins will come it's quite impossible, really  Cheesy
hero member
Activity: 714
Merit: 504
^SEM img of Si wafer edge, scanned 2012-3-12.
November 09, 2011, 08:12:41 PM
#27
I got the coupon code, but haven't bid yet -- the auction ending in one hour is of no interest to me. I'll bid later, when the more interesting auctions are nearer.
In any case:
username: BTCurious
Address: 1NaNoBitU2q8czqE2y5rEQPj4qcW6K3mFp
legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
November 09, 2011, 08:09:23 PM
#26
bwagner
please use 1Kuktw1ebnL3ySLx3AJK5kEA3xbkibH535

Payment sent! I believe you were lucky number 10  Grin


Whew! Just made the cut.  Got the payment.  Thanks!
sr. member
Activity: 422
Merit: 250
November 09, 2011, 07:57:25 PM
#25
Please Enter Right Coupn Code

 Angry  Grin

Only 10 slots were available for coupon code...sorry. I will be doing another one soon though, so check back.
full member
Activity: 190
Merit: 100
Par Pari Refertur
November 09, 2011, 07:53:53 PM
#24
Please Enter Right Coupn Code

 Angry  Grin
sr. member
Activity: 422
Merit: 250
November 09, 2011, 07:53:49 PM
#23
hey moki thanks for getting the spam issue sorted out, have another one for you though
you have this on the "buy credit" page...
Code:
1. Enter the bitcoin address you will be sending coins from and press submit:

umm, how am i supposed to know from what address i will be sending the coins ? clients selects automatically one or more input addresses to sum the total amount

Hmmm..I thought that it sent payment from this address listed on the client:

Your bitcoin address: 14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF

I guess I was wrong. Payments can still be processed, but I will change it so that it says enter the amount of coins that will be sent instead. Thanks for pointing that out.





So the coins I sent dont say: received from: "14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF"?
sr. member
Activity: 422
Merit: 250
November 09, 2011, 07:52:24 PM
#22
hey moki thanks for getting the spam issue sorted out, have another one for you though
you have this on the "buy credit" page...
Code:
1. Enter the bitcoin address you will be sending coins from and press submit:

umm, how am i supposed to know from what address i will be sending the coins ? clients selects automatically one or more input addresses to sum the total amount

Hmmm..I thought that it sent payment from this address listed on the client:

Your bitcoin address: 14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF

I guess I was wrong. Payments can still be processed, but I will change it so that it says enter the amount of coins that will be sent instead. Thanks for pointing that out.



legendary
Activity: 924
Merit: 1004
Firstbits: 1pirata
November 09, 2011, 07:45:29 PM
#21
hey moki thanks for getting the spam issue sorted out, have another one for you though
you have this on the "buy credit" page...
Code:
1. Enter the bitcoin address you will be sending coins from and press submit:

umm, how am i supposed to know from what address i will be sending the coins ? clients selects automatically one or more input addresses to sum the total amount
sr. member
Activity: 422
Merit: 250
November 09, 2011, 07:36:39 PM
#20
bwagner
please use 1Kuktw1ebnL3ySLx3AJK5kEA3xbkibH535

Payment sent! I believe you were lucky number 10  Grin

Pages:
Jump to: