[PoS+PoW] eXocoin [EXO]-gen 2.0- dev. from scratch! Give-Away | Open Beta - page 251.

CryptKeeper

legendary

Activity: 2044

Merit: 1055

Quote from: Eadeqa on March 15, 2014, 05:30:41 AM

Quote from: CryptKeeper on March 15, 2014, 03:35:06 AM

No, I actually thought of AES256-CBC:

Quote

Wallet encryption uses AES-256-CBC to encrypt only the private keys that are held in a wallet. The keys are encrypted with a master key which is entirely random. This master key is then encrypted with AES-256-CBC with a key derived from the passphrase using SHA512 and OpenSSL's EVP_BytesToKey and a dynamic number of rounds determined by the speed of the machine which does the initial encryption (and is updated based on the speed of a computer which does a subsequent passphrase change).

https://en.bitcoin.it/wiki/Wallet_encryption

Exactly what I said. AES is encryption. It's not applied "repeatedly". The password is HASHED repeatedly (in this case with SHA512)

PBKDF2 does exactly the same thing

http://en.wikipedia.org/wiki/PBKDF2

The encryption can still be AES with PBKDF2

So it works like this.

User's password = password

Hash the password, lets say 100,000 times to slow brute force.

100,000 times: password = Hash (password) ..

Use the end result of that 100K hashes to encrypt with AES

You are right, that is exactly what should be done. Thanks for straightening this out!

Your turn, eXo_coin...

Eadeqa

hero member

Activity: 644

Merit: 500

Quote from: CryptKeeper on March 15, 2014, 03:35:06 AM

No, I actually thought of AES256-CBC:

Quote

Wallet encryption uses AES-256-CBC to encrypt only the private keys that are held in a wallet. The keys are encrypted with a master key which is entirely random. This master key is then encrypted with AES-256-CBC with a key derived from the passphrase using SHA512 and OpenSSL's EVP_BytesToKey and a dynamic number of rounds determined by the speed of the machine which does the initial encryption (and is updated based on the speed of a computer which does a subsequent passphrase change).

https://en.bitcoin.it/wiki/Wallet_encryption

Exactly what I said. AES is encryption. It's not applied "repeatedly". The password is HASHED repeatedly (in this case with SHA512)

PBKDF2 does exactly the same thing

http://en.wikipedia.org/wiki/PBKDF2

The encryption can still be AES with PBKDF2

So it works like this.

User's password = password

Hash the password, lets say 100,000 times to slow brute force.

100,000 times: password = Hash (password) ..

Use the end result of that 100K hashes to encrypt with AES

burningzoul

sr. member

Activity: 280

Merit: 250

+1 waiting for mining phase good luck!

CryptKeeper

legendary

Activity: 2044

Merit: 1055

Quote from: Eadeqa on March 15, 2014, 03:00:23 AM

Quote from: CryptKeeper on March 14, 2014, 03:27:27 AM

Please consider using multiple rounds of AES256 encryption for the wallet (bitcoin-qt style) until you meet a given time,

You mean multiple rounds of password hashing to generate the AES key

http://en.wikipedia.org/wiki/PBKDF2

Repeatedly doing AES does nothing, as AES is designed to be fast and it is implemented at hardware, like in Intel CPUs

No, I actually thought of AES256-CBC:

Quote

Wallet encryption uses AES-256-CBC to encrypt only the private keys that are held in a wallet. The keys are encrypted with a master key which is entirely random. This master key is then encrypted with AES-256-CBC with a key derived from the passphrase using SHA512 and OpenSSL's EVP_BytesToKey and a dynamic number of rounds determined by the speed of the machine which does the initial encryption (and is updated based on the speed of a computer which does a subsequent passphrase change).

https://en.bitcoin.it/wiki/Wallet_encryption

rew74dse

newbie

Activity: 14

Merit: 0

Good

Eadeqa

hero member

Activity: 644

Merit: 500

Quote from: CryptKeeper on March 14, 2014, 03:27:27 AM

Please consider using multiple rounds of AES256 encryption for the wallet (bitcoin-qt style) until you meet a given time,

You mean multiple rounds of password hashing to generate the AES key

http://en.wikipedia.org/wiki/PBKDF2

Repeatedly doing AES does nothing, as AES is designed to be fast and it is implemented at hardware, like in Intel CPUs

CryptKeeper

legendary

Activity: 2044

Merit: 1055

Quote from: eXo_coin on March 13, 2014, 05:21:01 PM

You are right we shoudl have updated the ETA time there as well.

Here is the next version:

whitepaper v1.2

You can expect a major update on the whitepaper as of 1.3
1.2 "just" have some more/updated screenshots, small text rework but 2 diagrams for better understanding. And added some code snippets.
V1.3 will contain security important code implementations (like the whole crypto implementations maybe).

As stated - we will use the time from now on for code redesign, generating more debug information, fixing bugs and guard threads. Open beta *ETA* is 30th march (trying to get a working linux implementation until then as well (good chances we get it on-time), otherwise WINE will work at least.....)

Website redesign and more "marketing things" will be faced in one or two weeks.

Thank you!

After the known theft of wallets with other altcoins because of weak passwords, I recommend that you prioritize the security of the wallet. Please consider using multiple rounds of AES256 encryption for the wallet (bitcoin-qt style) until you meet a given time, say one second, and store that number of rounds unencrypted in the wallet file. So every time you want to decrypt the wallet you have to cycle through the AES256 decryption the given amount of rounds. That would make brute-forcing the wallet much harder. A minimum length of the wallet password would help too!

Keep up the good work!

eXo_coin

sr. member

Activity: 294

Merit: 250

Quote from: cnaiguozhe on March 13, 2014, 04:38:01 AM

Quote from: cnaiguozhe on February 21, 2014, 06:26:55 AM

1.5BTC send to 1CdK3k3kgyn8rhhUihcF1ZpFmwmzFLai6Y

transaction ID (TXID):
abccfb0b11aeebbd39b02267b22c3c77e4354f8106140cd3d99a7536b6ecbe2a

email address:
[email protected]

username:
cnaiguozhe

Thanks!

This is my investment , why not invest hosting my list

Thank you

Oh! Thank you so much for your reply. We did not saw that post - I am very sorry! On our list that transaction were not associated to anyone. I updated it now, so I can say: Thank you very much for your investment and I can confirm hereby that your 1.5 BTC investment will count as early-bird.

eXo_coin

sr. member

Activity: 294

Merit: 250

Quote from: Anon136 on March 12, 2014, 01:54:50 PM

lyynx pulled out. check spreadsheet for details.

Thanks for notification. Updated.

S3MKi

legendary

Activity: 1540

Merit: 1016

Greate!

eXo_coin

sr. member

Activity: 294

Merit: 250

You are right we shoudl have updated the ETA time there as well.

Here is the next version:

whitepaper v1.2

You can expect a major update on the whitepaper as of 1.3
1.2 "just" have some more/updated screenshots, small text rework but 2 diagrams for better understanding. And added some code snippets.
V1.3 will contain security important code implementations (like the whole crypto implementations maybe).

As stated - we will use the time from now on for code redesign, generating more debug information, fixing bugs and guard threads. Open beta *ETA* is 30th march (trying to get a working linux implementation until then as well (good chances we get it on-time), otherwise WINE will work at least.....)

Website redesign and more "marketing things" will be faced in one or two weeks.

edok

full member

Activity: 167

Merit: 100

Quote from: hala on March 13, 2014, 08:26:37 AM

Quote from: loveyouforever on March 13, 2014, 05:54:54 AM

When can we see the whitepaper V1.2? The below is your timeline.

V1.2 ETA 12th March not yet - updated Screenshots
-more source

Hey, man ,you are careless.

Quote from: eXo_coin on March 12, 2014, 01:00:11 PM

we might offer a bounty for the homepage design.

whitepaper will be released probably on 13th ~20:00:00 GMT, maybe earlier. It will include new screenshots of our application and some more source code.

That's a bit rude. It was easy to miss, if OP wants everyone to have the most updated info he will update the original post. You can't expect everyone to read through the entire thread to get the most up to date information.

hala

hero member

Activity: 546

Merit: 500

Quote from: loveyouforever on March 13, 2014, 05:54:54 AM

When can we see the whitepaper V1.2? The below is your timeline.

V1.2 ETA 12th March not yet - updated Screenshots
-more source

Hey, man ,you are careless.

Quote from: eXo_coin on March 12, 2014, 01:00:11 PM

we might offer a bounty for the homepage design.

whitepaper will be released probably on 13th ~20:00:00 GMT, maybe earlier. It will include new screenshots of our application and some more source code.

loveyouforever

sr. member

Activity: 269

Merit: 250

When can we see the whitepaper V1.2? The below is your timeline.

V1.2 ETA 12th March not yet - updated Screenshots
-more source

sakkosekk

full member

Activity: 224

Merit: 100

Quote from: TheMightyX on March 12, 2014, 02:39:43 PM

Quote from: chihao87 on March 10, 2014, 11:33:47 AM

Quote from: ?? on ??

Quote from: TheMightyX on March 10, 2014, 01:59:48 AM

Quote from: ?? on ??

Please allow people who already invested 1.5 btc on first step to invest at least up to another 1.5 btc on second stage. I - or anybody else who'd be interested - could easily bend this rule by creating another account or just sending with another address but I wanna be honest. It's stupid to put these low limits because people who really want can bend it and I bet there are people who already did it and more will do so
I just wanna invest another 1.5 btc, that's not much
thanks and i hope this idea isn't received with hostility by other members

You can't "bend it" if he only takes investments from accounts created before march 01 2014. Which if he wanted to be fair is what he would do.

This whole "tier 1/tier 2" investment scheme is stupid because it rewards those who either A: have enough capital to not worry about blowing 1.5 BTC on a risky investment or B: are stupid.

Someone who makes less money than you has to be more careful about their investments. If they put in the same amount of money as you, why are you getting more? "Because you risked more" it not a proper answer, you are risking the exact same amount.
All this is doing is rewarding people for making risky decisions.
This seems similar to class warfare. Hey lets reward those with more money! Good idea!
I suppose this horse has already been beaten to death though.

There are many people who visit this forum without making account. I did that for a very long time before just now deciding to create one. That wouldn't be fair to them, and to me.
And yes, people who take risks are more rewarded (or screwed) such is life

Yes, that is true. I always look through threads rather than create a reply a topic.

Yes, we should let a majority of people scam the system so as to protect a minority of people who lurk but don't sign up. This seems foolish. It's nice to think that there is such an influx of new users every day but the reality is there are far more users already than are signing up each day. Those users (majority) should be protected, not the (minority). Talk about the needs of the few outweighing the needs of the many!!

Shouldn't we just say, look if you want to be a part of this community you should make an account RIGHT NOW, so as not to miss out on future events? If you missed out on this event because you don't have an account, we are sorry but its for the good of the community? Can't you see that? Why should we let unethical people sign up for this and that event (NEM, faircoin, etc) 20x, 50x, or 100x more than ethical users just so we don't leave out a select few? You would have to be pretty selfish to argue with that Lips sealed

Self-entitled people are impossible to please. Even when they don't do anything to reach their goal it isn't their fault things didn't work out. "I did not create an account in time so it is not fair to me Grin

cnaiguozhe

newbie

Activity: 10

Merit: 0

Quote from: cnaiguozhe on February 21, 2014, 06:26:55 AM

1.5BTC send to 1CdK3k3kgyn8rhhUihcF1ZpFmwmzFLai6Y

transaction ID (TXID):
abccfb0b11aeebbd39b02267b22c3c77e4354f8106140cd3d99a7536b6ecbe2a

email address:
[email protected]

username:
cnaiguozhe

Thanks!

This is my investment , why not invest hosting my list

Thank you

zhile11911

sr. member

Activity: 308

Merit: 250

Quote from: hala on February 23, 2014, 11:39:19 AM

Quote from: hala on February 23, 2014, 11:03:29 AM

Quote from: sunnyW78 on February 23, 2014, 10:10:11 AM

Quote from: hala on February 23, 2014, 10:05:20 AM

Hi , eveyone .

   I am a chinese and every happy meet so many frineds in this thread . I build a QQ group, the number is 367448911 . U can get some

informatin and talk with each other . Please Join Us .

   I am very excite if U join us 。

   QQ 群： 367448911

   我创建一个QQ群： 367448911 。欢迎喜爱eXoCoin朋友们前来加入交流讨论。

Joined the group.

I u see it , please join

provenceday

legendary

Activity: 1148

Merit: 1000

better website is needed!

zhile11911

sr. member

Activity: 308

Merit: 250

Quote from: eXo_coin on March 12, 2014, 01:00:11 PM

we might offer a bounty for the homepage design.

whitepaper will be released probably on 13th ~20:00:00 GMT, maybe earlier. It will include new screenshots of our application and some more source code.

Thats no matter , just make everthing fine.

Re-desgin office website is necessary.

TheMightyX

sr. member

Activity: 350

Merit: 250

Vires in Numeris

Quote from: chihao87 on March 10, 2014, 11:33:47 AM

Quote from: ?? on ??

Quote from: TheMightyX on March 10, 2014, 01:59:48 AM

Quote from: ?? on ??

Please allow people who already invested 1.5 btc on first step to invest at least up to another 1.5 btc on second stage. I - or anybody else who'd be interested - could easily bend this rule by creating another account or just sending with another address but I wanna be honest. It's stupid to put these low limits because people who really want can bend it and I bet there are people who already did it and more will do so
I just wanna invest another 1.5 btc, that's not much
thanks and i hope this idea isn't received with hostility by other members

You can't "bend it" if he only takes investments from accounts created before march 01 2014. Which if he wanted to be fair is what he would do.

This whole "tier 1/tier 2" investment scheme is stupid because it rewards those who either A: have enough capital to not worry about blowing 1.5 BTC on a risky investment or B: are stupid.

Someone who makes less money than you has to be more careful about their investments. If they put in the same amount of money as you, why are you getting more? "Because you risked more" it not a proper answer, you are risking the exact same amount.
All this is doing is rewarding people for making risky decisions.
This seems similar to class warfare. Hey lets reward those with more money! Good idea!
I suppose this horse has already been beaten to death though.

There are many people who visit this forum without making account. I did that for a very long time before just now deciding to create one. That wouldn't be fair to them, and to me.
And yes, people who take risks are more rewarded (or screwed) such is life

Yes, that is true. I always look through threads rather than create a reply a topic.

Yes, we should let a majority of people scam the system so as to protect a minority of people who lurk but don't sign up. This seems foolish. It's nice to think that there is such an influx of new users every day but the reality is there are far more users already than are signing up each day. Those users (majority) should be protected, not the (minority). Talk about the needs of the few outweighing the needs of the many!!

Shouldn't we just say, look if you want to be a part of this community you should make an account RIGHT NOW, so as not to miss out on future events? If you missed out on this event because you don't have an account, we are sorry but its for the good of the community? Can't you see that? Why should we let unethical people sign up for this and that event (NEM, faircoin, etc) 20x, 50x, or 100x more than ethical users just so we don't leave out a select few? You would have to be pretty selfish to argue with that Lips sealed

Topic: [PoS+PoW] eXocoin [EXO]-gen 2.0- dev. from scratch! Give-Away | Open Beta - page 251. (Read 415634 times)