Topic: [XCR] Crypti | Dapps | Sidechains | Dapp Store | OPEN SOURCE | 100% own code | DPoS - page 559. (Read 804701 times)
July 10, 2014, 06:36:10 AM
I bought the share from bter but it is not showing in my account balance and also they deducted my btc from my btc account?
July 10, 2014, 06:33:04 AM
@all DEVs
Using platform to IPO is really unfair for the guys who has been following and giving good suggestions to this coin in the community, I am not in, you DEVs are just interesting in money not tech innovation, I don't know why you don't register a company and sell the coins, why should you get support from the community for free?!so disappointed!
Using platform to IPO is really unfair for the guys who has been following and giving good suggestions to this coin in the community, I am not in, you DEVs are just interesting in money not tech innovation, I don't know why you don't register a company and sell the coins, why should you get support from the community for free?!so disappointed!
Is the IPO already running? How does it work?
July 10, 2014, 06:30:29 AM
@all DEVs
Using platform to IPO is really unfair for the guys who has been following and giving good suggestions to this coin in the community, I am not in, you DEVs are just interesting in money not tech innovation, I don't know why you don't register a company and sell the coins, why should you get support from the community for free?!so disappointed!
Using platform to IPO is really unfair for the guys who has been following and giving good suggestions to this coin in the community, I am not in, you DEVs are just interesting in money not tech innovation, I don't know why you don't register a company and sell the coins, why should you get support from the community for free?!so disappointed!
Welcome to my Ignore List!
...follow my lead folks...
LOL, account created 10 minutes ago
This is my sock puppet, I am a senior member in the community and has been following on this coin from the very beginning, can you answer my question, don't change the topic, I am very pleased to argue with you,this is a democratic community
July 10, 2014, 06:29:27 AM
Just bumping this up :
Reason I ask this as Node.js doesn't have the same amount of developers or as big a community backing as say Java or C++. Nevertheless from what I know about it is that it scales better, but it suffers when tasked to do mathematical equations etc. Considering that all digital currencies are based on cryptography which itself is extremely mathematical intense, wouldn't that hinder Crypti's ability to scale as Node.js just doesn't run mathematical tasks as quick as other languages.
Quote
you say that a Crypti SDK can leverage the network to allow the development of "decentralized networks with its own fee structure and assets", will you guys actually develop any of the mentioned platforms such as cloud storage etc yourself or will you leave that up to third-party developers
Reason I ask this as Node.js doesn't have the same amount of developers or as big a community backing as say Java or C++. Nevertheless from what I know about it is that it scales better, but it suffers when tasked to do mathematical equations etc. Considering that all digital currencies are based on cryptography which itself is extremely mathematical intense, wouldn't that hinder Crypti's ability to scale as Node.js just doesn't run mathematical tasks as quick as other languages.
July 10, 2014, 06:20:32 AM
@all DEVs
Using platform to IPO is really unfair for the guys who has been following and giving good suggestions to this coin in the community, I am not in, you DEVs are just interesting in money not tech innovation, I don't know why you don't register a company and sell the coins, why should you get support from the community for free?!so disappointed!
Using platform to IPO is really unfair for the guys who has been following and giving good suggestions to this coin in the community, I am not in, you DEVs are just interesting in money not tech innovation, I don't know why you don't register a company and sell the coins, why should you get support from the community for free?!so disappointed!
Welcome to my Ignore List!
...follow my lead folks...
LOL, account created 10 minutes ago
July 10, 2014, 06:18:04 AM
To be constructive, here is a simple proposal which includes 2FA for creating private key, run on the client:
result = hash('username', password');
private-key = hash(result, '2fa');
This way people can remember their details, and the overall length is high and hard to crack, whilst the resulting private key is as strong as whatever you choose for the hashing algorithm in terms of collissions.
If you want send private key via post over https to server.
Alternatively you can store the key locally using sessionStorage and sign transactions with it to send to server, then you can potentially use system as web wallet, as no keys ever leave the private device. Upgrade to RSA keys to fully encrypt instead of just sign.
result = hash('username', password');
private-key = hash(result, '2fa');
This way people can remember their details, and the overall length is high and hard to crack, whilst the resulting private key is as strong as whatever you choose for the hashing algorithm in terms of collissions.
If you want send private key via post over https to server.
Alternatively you can store the key locally using sessionStorage and sign transactions with it to send to server, then you can potentially use system as web wallet, as no keys ever leave the private device. Upgrade to RSA keys to fully encrypt instead of just sign.
Ok,
username=test
password=test
var userpass = username + password; //testtest
var hash = sha256(userpass);
var keypair = keypair(hash);
Good. But it's same that i will use as username = tes, as password=ttest
var userpass = username + password; // testtest
Same hash, same public and private key.
About https, as i said, today we will add SSL.
I'm sure you follow what I meant, you can put in a special char, wrap each of user/pass in a hash function, whatever needed to make it work... it is much better than /unlock?secretPhrase=test you must agree.
July 10, 2014, 06:10:34 AM
@all DEVs
Using platform to IPO is really unfair for the guys who has been following and giving good suggestions to this coin in the community, I am not in, you DEVs are just interesting in money not tech innovation, I don't know why you don't register a company and sell the coins, why should you get support from the community for free?!so disappointed!
Using platform to IPO is really unfair for the guys who has been following and giving good suggestions to this coin in the community, I am not in, you DEVs are just interesting in money not tech innovation, I don't know why you don't register a company and sell the coins, why should you get support from the community for free?!so disappointed!
July 10, 2014, 06:10:20 AM
Quick question, will the desktop clients for Windows be packaged as .exe's? Also from a usability perspective don't you think a 100 character pass-phrase is a bit long?
We are looking to eventually package the node via NSIS installing, making them indeed one-click installable.
XCP wallet (https://counterwallet.co) uses about 80 - 85, hence the extra 15 are negligible and bring you towards the round number of 100.
Ah okay, never used XCP hence the confusion at the long pass-phrase, coming from a QT here so thought it would be shorter
. Also you say that a Crypti SDK can leverage the network to allow the development of "decentralized networks with its own fee structure and assets", will you guys actually develop any of the mentioned platforms such as cloud storage etc yourself or will you leave that up to third-party developers July 10, 2014, 06:09:35 AM
To be constructive, here is a simple proposal which includes 2FA for creating private key, run on the client:
result = hash('username', password');
private-key = hash(result, '2fa');
This way people can remember their details, and the overall length is high and hard to crack, whilst the resulting private key is as strong as whatever you choose for the hashing algorithm in terms of collissions.
If you want send private key via post over https to server.
Alternatively you can store the key locally using sessionStorage and sign transactions with it to send to server, then you can potentially use system as web wallet, as no keys ever leave the private device. Upgrade to RSA keys to fully encrypt instead of just sign.
result = hash('username', password');
private-key = hash(result, '2fa');
This way people can remember their details, and the overall length is high and hard to crack, whilst the resulting private key is as strong as whatever you choose for the hashing algorithm in terms of collissions.
If you want send private key via post over https to server.
Alternatively you can store the key locally using sessionStorage and sign transactions with it to send to server, then you can potentially use system as web wallet, as no keys ever leave the private device. Upgrade to RSA keys to fully encrypt instead of just sign.
Ok,
username=test
password=test
var userpass = username + password; //testtest
var hash = sha256(userpass);
var keypair = keypair(hash);
Good. But it's same that i will use as username = tes, as password=ttest
var userpass = username + password; // testtest
Same hash, same public and private key.
About https, as i said, today we will add SSL.
July 10, 2014, 05:56:35 AM
To be constructive, here is a simple proposal which includes 2FA for creating private key, run on the client:
result = hash('username', password');
private-key = hash(result, '2fa');
This way people can remember their details, and the overall length is high and hard to crack, whilst the resulting private key is as strong as whatever you choose for the hashing algorithm in terms of collissions.
If you want send private key via post over https to server.
Alternatively you can store the key locally using sessionStorage and sign transactions with it to send to server, then you can potentially use system as web wallet, as no keys ever leave the private device. Upgrade to RSA keys to fully encrypt instead of just sign.
result = hash('username', password');
private-key = hash(result, '2fa');
This way people can remember their details, and the overall length is high and hard to crack, whilst the resulting private key is as strong as whatever you choose for the hashing algorithm in terms of collissions.
If you want send private key via post over https to server.
Alternatively you can store the key locally using sessionStorage and sign transactions with it to send to server, then you can potentially use system as web wallet, as no keys ever leave the private device. Upgrade to RSA keys to fully encrypt instead of just sign.
July 10, 2014, 05:53:22 AM
This looks good, very professional looking crypto, i like it. I noticed totaly new design for the presentation, which is rare.
Thanks, appreciate the kind words.
July 10, 2014, 05:52:51 AM
Quick question, will the desktop clients for Windows be packaged as .exe's? Also from a usability perspective don't you think a 100 character pass-phrase is a bit long?
We are looking to eventually package the node via NSIS installing, making them indeed one-click installable.
XCP wallet (https://counterwallet.co) uses about 80 - 85, hence the extra 15 are negligible and bring you towards the round number of 100.
July 10, 2014, 05:49:08 AM
This looks good, very professional looking crypto, i like it. I noticed totaly new design for the presentation, which is rare.
July 10, 2014, 05:47:01 AM
Quick question, will the desktop clients for Windows be packaged as .exe's? Also from a usability perspective don't you think a 100 character pass-phrase is a bit long?
July 10, 2014, 05:44:59 AM
Next:
Since the passphrase provided appears to be the only reference to the account, what happens if two people select the same password? same private key and account?
If this was crypti now, could I just dictionary attack the api to generate keys and gain access to accounts? .. can I just do this http://crypti.me:6040/api/unlock?secretPhrase=test on any crypti instance to get full access to any account?
Since the passphrase provided appears to be the only reference to the account, what happens if two people select the same password? same private key and account?
If this was crypti now, could I just dictionary attack the api to generate keys and gain access to accounts? .. can I just do this http://crypti.me:6040/api/unlock?secretPhrase=test on any crypti instance to get full access to any account?
As the wallet is deterministic, the pass-phrase is actually used to generate your private/public keys on fly. We are going to introduce enforcement to make sure the pass-phrases are 100 or higher, ensuring there will be no collisions between users.
It's same technique used in NXT and XCP wallets.
100 characters will effectively prevent dictionary attacks, coupled with the brute-force measures that we will implement.
July 10, 2014, 05:36:12 AM
How is that secure? Click it to send 100 coins from an account to another one.
I understand where you're coming from at this stage but eventually all this will be done locally... this needs to be clear because many people might think that what you're describing will always be the case.
Yes, it is important to note that it's done locally. But it's still shockingly insecure. POST and SSL will help.
Next:
Since the passphrase provided appears to be the only reference to the account, what happens if two people select the same password? same private key and account?
If this was crypti now, could I just dictionary attack the api to generate keys and gain access to accounts? .. can I just do this http://crypti.me:6040/api/unlock?secretPhrase=test on any crypti instance to get full access to any account?
July 10, 2014, 05:34:35 AM
You provide valid secretPhrase and you can send crypti
http://crypti.me:6040/api/sendMoney?accountAddress=15413165176907764021C&amount=100&fee=0.31640625&recepient=2896597140253424866C&secretPharse=lksdjfhsdkfjsdhfksdjfhsdkjfhsdkjfhksjdfhkjsdf1hksdjfhaskdjfhksadjfhaskldf
Result:
{
"success": false,
"error": "Invalid passphrase, check your passphrase please"
}
And again, it's beta, we will move all operations with secretPhrase in POST and add SSL Now
http://crypti.me:6040/api/sendMoney?accountAddress=15413165176907764021C&amount=100&fee=0.31640625&recepient=2896597140253424866C&secretPharse=lksdjfhsdkfjsdhfksdjfhsdkjfhsdkjfhksjdfhkjsdf1hksdjfhaskdjfhksadjfhaskldf
Result:
{
"success": false,
"error": "Invalid passphrase, check your passphrase please"
}
And again, it's beta, we will move all operations with secretPhrase in POST and add SSL Now
To be more exact, this is part of the upcoming Crypti API to be published soon (already used by the wallet).
However you have a good point about the requests being non-secure at the moment. As Boris said, we will solve it soon by POST'ing and SSL'ing the requests.
Also note that the wallet is still on the testnet, hence no real impact will be done in case of breach (if any).
July 10, 2014, 05:20:28 AM
And yes, you can see balances of accounts. Blockexplorer too.
But, we will add SSL today and move operations with secretPhrase to POST requests.
But, we will add SSL today and move operations with secretPhrase to POST requests.
http://crypti.me:6040/api/sendMoney?accountAddress=15413165176907764021C&amount=100&fee=0.31640625&recepient=2896597140253424866C&secretPharse=lksdjfhsdkfjsdhfksdjfhsdkjfhsdkjfhksjdfhkjsdfhksdjfhaskdjfhksadjfhaskldf
How is that secure? Click it to send 100 coins from an account to another one.
You provide valid secretPhrase and you can send crypti
okay I cannot help here.thank you - we will switch to post and ssl ASAP.
Also, we are working to bring known security expert to do a security audit for Crypti.
July 10, 2014, 05:19:37 AM
And yes, you can see balances of accounts. Blockexplorer too.
But, we will add SSL today and move operations with secretPhrase to POST requests.
But, we will add SSL today and move operations with secretPhrase to POST requests.
http://crypti.me:6040/api/sendMoney?accountAddress=15413165176907764021C&amount=100&fee=0.31640625&recepient=2896597140253424866C&secretPharse=lksdjfhsdkfjsdhfksdjfhsdkjfhsdkjfhksjdfhkjsdfhksdjfhaskdjfhksadjfhaskldf
How is that secure? Click it to send 100 coins from an account to another one.
You provide valid secretPhrase and you can send crypti
okay I cannot help here. 
July 10, 2014, 05:18:25 AM
ok, why don't have topic in russian language?
+1
OP, please, start russian thread
Jump to: