Author

Topic: how is a miner using http secure? (Read 647 times)

cvk
newbie
Activity: 4
Merit: 0
June 21, 2011, 03:35:17 PM
#5
how is it secure when a miner is using insecure http to send the user and password?

Your miner will be insecure, but that's not a problem as long as you are using a different password for your user account.

If an attacker gets one of your workers' passwords by sniffing your unencrypted HTTP traffic, I think the worst thing he could do is execute a denial of service attack in your name in an attempt to get you banned from your pool.
newbie
Activity: 5
Merit: 0
June 21, 2011, 03:23:11 PM
#4
Either use a unique miner-only password or use a pool that doesn't require a password (eligius).
hero member
Activity: 527
Merit: 500
June 21, 2011, 03:15:37 PM
#3
Are there currently any pools which support https for miners?
newbie
Activity: 21
Merit: 0
June 21, 2011, 03:08:38 PM
#2
how is it secure when a miner is using insecure http to send the user and password?

"No Mr. Bond, I expect you to die."

Translation: it isn't.  If you mine in a pool and this fact worries you:

A) ask your pool admins to enable HTTPS urls for miners
B) move to a pool that uses HTTPS for miners
C) move to a pool that allows you to create miner-only passwords (e.g. you can use them in a URL for your miner, but they cannot be used to log in to that pools' web site to change your account, a la bitcoinpool.com)
newbie
Activity: 34
Merit: 0
June 20, 2011, 07:44:16 PM
#1
how is it secure when a miner is using insecure http to send the user and password?
Jump to: