Pages:
Author

Topic: [SNRG] 🔥 Synergy 🔥 Cloud.Synergycoin.com Cloud Bot Now Live!! 🔥 - page 11. (Read 162188 times)

hero member
Activity: 742
Merit: 500
To thwart this type of brute force search, we do not use a simple one-step hash. Instead, our new system stores the a hash of the password using a large number of cycles of a very computationally expensive hash, made more secure with a large 256 bit random salt. To get a sense of how long a 256 bit salt is, an example would be bb5d3f9c0e396c3f8884f24ec43a16a31e6139e4e10d44512c261fc305df427f.
These security measures mean that an attacker must have a prohibitive amount of computing resources to "crack" any passwords that may be exposed if our database server, hosted by a third party, is compromised.


This looks like the right way to do it.

Hmmmm....I wonder what hashing algorithm they are using?  Roll Eyes

It looks like they might be using scrypt from their last commits. Or why else make this commit at this time? I hope it's a lot of rounds.


https://github.com/Grandpa-Jones/Synergy/commit/df02c93105bc03772e9af58f6b80f6886cfb61e5#diff-31dd861cd0a6a9747cbc540ac1e3bf72R362

Code:
Value scrypthash(const Array& params, bool fHelp)
{
   if (fHelp || params.size() < 3 || params.size() > 4)
        throw runtime_error(
            "scrypthash [force=false]\n"
            "The and arguments are strings, is an integer.\n"
            "If [force] is false, then bigger than 1024 trigger an error.\n"
            "Returns hex of the hash sha256(scrypt(sha256(message, salt))).");

sr. member
Activity: 462
Merit: 250


The following updates to Synergy Cloud will be made at 8:30pm pacific this evening (29-Oct-2015).

Enhanced API Key Encryption:
This update vastly improves password and API security. According to security best practices, passwords are not stored on our servers (and never were). Instead only the cryptographic fingerprint ("hash") of a password is stored. When a user logs in, the hash of the attempted password is calculated and then compared to what is stored on our server. To discover the password, an attacker can try to hash many different passwords to find those that match hashes stored on our servers.

To thwart this type of brute force search, we do not use a simple one-step hash. Instead, our new system stores the a hash of the password using a large number of cycles of a very computationally expensive hash, made more secure with a large 256 bit random salt. To get a sense of how long a 256 bit salt is, an example would be bb5d3f9c0e396c3f8884f24ec43a16a31e6139e4e10d44512c261fc305df427f.
These security measures mean that an attacker must have a prohibitive amount of computing resources to "crack" any passwords that may be exposed if our database server, hosted by a third party, is compromised.

We use similar technology to protect API keys. We do not store the actual API key on our servers. Instead we store the encrypted version, using AES encryption, which is one of the strongest encryption algorithms available. We also do not store the decryption keys to the encrypted API keys anywhere. When a user logs in, the decryption key is generated dynamically from the user's password, using a key derivation method similar to the method we use to create the password hashes for login. Are the password hashes and API decryption keys the same? No. Just the method to generate them are similar in that they are created using numerous rounds of strong cryptographic hashing with a random salt. The random salts are different.

Finally, the salts are stored and the hashing is performed on a server remote from our database server, meaning that even if an attacker recovers the password hashes and encrypted API keys, they will still have to compromise the remote server to learn the hashing algorithm and salts. But, even in the highly unlikely event that they compromise both servers, discovering the hashes, encrypted keys, salts, and hashing algorithms, they will still be stifled by the need to brute force passwords under the burden of our very computationally expensive hashing system.

Please Note: Due to the change in the way API keys are being stored, when you log in to your account after the update you will need to re-add the keys from the exchanges you wish to use.  To ensure maximum security, please generate and use new keys.


Google Two Factor Authentication
Google Two Factor Authentication will be added to the site in order to increase your account security.  Please visit your account settings to activate as soon as possible.  We encourage ALL users to activate 2FA in order to better protect your account.


Automated Calculation and Updating of SNRG Burning Price:
The SNRG burn rate will now be updated daily based on market indicators.  This will allow us to automatically maintain a consistent rate for using the sites services without having to do daily, manual calculations.  This will mark the end of the introductory burn rate of 3 SNRG/day.


Enabling of Automated System Email:
Automated email functionality has been added in order to allow users to be able to utilize the Password Reset functionality should it be needed.  Users will now also be required to confirm their email address prior to using the sites functionality.  This will allow us to ensure users will have access to reset their password and additional site functionality that will be added in the future.  


As always, please feel free to let myself or Grandpa Jones know if you have any questions.  We'll be available in the Slack channel tonight during the release to keep an eye on things and make sure the release goes as smoothly as possible for our users.

-nextgen
sr. member
Activity: 462
Merit: 250
944 SNRG burned!

Yessir!  Slowly but surely people are starting to notice and join Synergy Cloud.

Should have a little update for you guys later today!  Check back.
legendary
Activity: 984
Merit: 1000
sr. member
Activity: 354
Merit: 252
Thank you for yuor answer.

However why there is so small voices?  Shy people or what?

I'm just a SNRG supporter and lurker with a really small voice.

But I see new updates on github.....


I'm a lurker too in the slack, but the devs are on fire in there. You can't go by what they post on bitcointalk even though they don't leave you guessing. Join the slack and lurk like me if you don't have time to chat to see what is really going on.

hero member
Activity: 784
Merit: 500
FLY DONATION ADDRESS IN SIGNATURE
Thank you for yuor answer.

However why there is so small voices?  Shy people or what?


It's a no drama coin. There are probably a lot of lurkers.

Ya that's good when there is no drama in a coin lol
hero member
Activity: 742
Merit: 500
Thank you for yuor answer.

However why there is so small voices?  Shy people or what?


It's a no drama coin. There are probably a lot of lurkers.
sr. member
Activity: 462
Merit: 250
Can someone tell me how to set it up with Tor?

Here are the full instructions:

1. Start your client.

You are welcome.


Wow, even I forgot about this until I was looking at the node list on the explorer the other day.

Great feature and even though we don't focus on anonymity, we still put a lot of time and effort into security.
legendary
Activity: 984
Merit: 1000
Thank you for yuor answer.

However why there is so small voices?  Shy people or what?

What voices are you talking about?
sr. member
Activity: 414
Merit: 250
Thank you for yuor answer.

However why there is so small voices?  Shy people or what?
hero member
Activity: 742
Merit: 500
Can someone tell me how to set it up with Tor?

Here are the full instructions:

1. Start your client.

You are welcome.
newbie
Activity: 12
Merit: 0
full member
Activity: 224
Merit: 100
How does the stealth address thing work?

A stealth address is a way to collect money anonymously, where only you and the sender know both participants in the transaction.

When you make a new receiving address, you can select the option to create a stealth address. A stealth address is a very long address that allows the sender to make a one-time address that belongs to the stealth address. It is practically impossible for a third party ("adversary") to link the stealth address to the one-time address based just on the addresses alone.  Because senders can create practically unlimited stealth addresses, you can receive unlimited payments that can not be linked to the stealth address.

It is also practically impossible for an adversary to link any two one-time addresses without some additional information that comes from how you send coins. It is important that you be careful how you spend funds that get payed to your stealth address because addresses can be linked if you combine them when making a payment yourself. Coin control is good for preventing, or at least reducing, this kind of linking.

Unless you are very, very careful about coin control, I do not recommend relying on stealth addresses for anonymity. However, stealth addresses are very useful because they provide a way to perform a cryptographic key exchange called a Diffie-Hellman key exchange where only the sender and recipient know the exchanged secret key. This means it is possible to create an encrypted message with a very strong cipher that uses the same encryption and decryption keys ("symmetric cipher"). This strong symmetric cipher enables a sender to encode encrypted messages in the block chain. This is exactly the technology we use for the pump group pick, where we provide the pick information in tiers. Even though the pick is sent to a participant in the block chain, only the participant (and sender, who knows the pick anyway) can decode the pick.

Disclaimer: Although it has anonymity features like built-in tor and stealth addresses, Synergy is not a coin focused on anonymity. Synergy's anonymity features are considered "light weight", to protect users from small-time hackers. For example, it would take a government to find you through your Tor address, but no hacker without government-scale resources could do it.

legendary
Activity: 984
Merit: 1000
How does the stealth address thing work?
legendary
Activity: 984
Merit: 1000
624 burned  Smiley



Nice, it's now 866 currently I'm hoping that the price will not skyrocket in a couple of days so I can buy some more this weekend.   Smiley

That`s nice. Round about 10 months of bot usage at current rates. Imagine we get some real traction...
sr. member
Activity: 462
Merit: 250
Please briefly present what's news here?



I present to you Synergy Cloud

(and, see the image 4 posts above)
sr. member
Activity: 414
Merit: 250
Please briefly present what's news here?

hero member
Activity: 916
Merit: 500
624 burned  Smiley



Nice, it's now 866 currently I'm hoping that the price will not skyrocket in a couple of days so I can buy some more this weekend.   Smiley
sr. member
Activity: 462
Merit: 250
If there are any great writers out there who are interested in doing some writing in return for some SNRG, please shoot me a PM.

Thanks!
legendary
Activity: 984
Merit: 1000
Pages:
Jump to: