We've created a new Bitcoin Crowd Funding website - BitGrants.com

[BitGrants]

Hi all,

We've created a Bitcoin CROWD FUNDING website and would really appriciate the your feedback!

Our site is called BitGrants and can be found here: https://bitgrants.com

I look forward to hearing your criticisms, opinions, rants and suggestions...

Thanks!

[piebeyb]

site looks quite simple and easily accessible when the site opens you do not feel heavy, I thought how about verification on the inside, what is needed there to verify

[BitGrants]

site looks quite simple and easily accessible when the site opens you do not feel heavy, I thought how about verification on the inside, what is needed there to verify

Hi piebeyb,

Thank you for your feedback!

Our verification process is quite simple. We require documents for:

a). Identity (a photo of your passport, driving license, or National Photo ID card)
b). Address (a utility bill showing your name and address)
c). Income (an income statement, payslip or tax return)

The rest of the verification process involves linking your internet accounts to our site, such as Facebook, Google and Paypal.

I hope that answers your question.

[piebeyb]

site looks quite simple and easily accessible when the site opens you do not feel heavy, I thought how about verification on the inside, what is needed there to verify

Hi piebeyb,

Thank you for your feedback!

Our verification process is quite simple. We require documents for:

a). Identiy (a photo of your passport, driving license, or National Photo ID card)
b). Address (a utility bill showing your name and address)
c). Income (an income statement, payslip or tax return)

The rest of the verification process involves linking your internet accounts to our site, such as Facebook, Google and Paypal.

I hope that answers your question.

okay I see it is quite safe and well, I have not created an account and signed up there, maybe after this look into your site is better now, thanks to the quick response from you

[Rmcdermott927]

Excellent, I have been looking for a new borrowing / crowd funding site for some time now. I will check it out and report back with some feedback.

[Westernory]

Seems nice but you have to realise that your competitors like btcJam has a real advantage over you guys - user base.

You are a new service, and your site seems to look worse than btcjam's and less established with less trust, why should people choose you over btcjam?

That is something to think about, to add features that would attract potential customers.

[BitGrants]

Seems nice but you have to realise that your competitors like btcJam has a real advantage over you guys - user base.

You are a new service, and your site seems to look worse than btcjam's and less established with less trust, why should people choose you over btcjam?

That is something to think about, to add features that would attract potential customers.

Hi Westernory

Thank you for your feedback!

We believe the Bitcoin crowd funding market is in infancy. To make assumptions that their are any clear winners/losers at this point in my mind a little premature. New people are entering the Bitcoin space every single day. And, we believe their is plenty of room for several competing crowd funding services.

We're a scrappy startup, but we're eager to learn and get users on-board. We're always trying to find new ways of doing things and hopefully we will add more user requested features as time rolls along.

If there's any particular feature you would like to see on the site, please feel to share your ideas. We are nothing without a community, so your ideas are important to us.

I hope I answered your question.

[Westernory]

Thanks for the response. I haven't got any suggestions myself but hopefully your site's development can go as planned.

Good luck!

[6RScZy5uvw]

I've made an account just to warn you all about bitgrants.com. Do not give them any of your data.

They store your password in plaintext. This is MASSIVELY irresponsible and insecure.

To see for yourself, make an account, click forgot password and check your email. It will be written right there in the email.

[BitGrants]

I've made an account just to warn you all about bitgrants.com. Do not give them any of your data.

They store your password in plaintext. This is MASSIVELY irresponsible and insecure.

To see for yourself, make an account, click forgot password and check your email. It will be written right there in the email.

Hi 6RScZy5uvw

I've just been in contact with our head IT developer and he assures me the password is transmitted to your email via TLS, which means it's secured by SSL and thus encrypted when transmitted to your inbox.

Our passwords are not kept as plaintext, but are encrypted and password protected. I can't go in to our security procedures much more but I assure you they are inaccessible via conventional means.

I hope that rests your concern.

Thanks

[6RScZy5uvw]

It doesn't rest my concern at all, it massively heightens it.

Sorry, but your head IT developer is dangerously inept and unqualified.

Under NO CIRCUMSTANCES should a raw password EVER be accessible to you, password-protected or not. They should be hashed with a unique salt. Honestly, this is security 101.

If they are this irresponsible with passwords I dare not think how they're storing the rest of your users' information.

[nandibear]

It doesn't rest my concern at all, it massively heightens it.

Sorry, but your head IT developer is dangerously inept and unqualified.

Under NO CIRCUMSTANCES should a raw password EVER be accessible to you, password-protected or not. They should be hashed with a unique salt. Honestly, this is security 101.

If they are this irresponsible with passwords I dare not think how they're storing the rest of your users' information.

I second that!

[nandibear]

...Our passwords are not kept as plaintext, but are encrypted and password protected. I can't go in to our security procedures much more but I assure you they are inaccessible via conventional means...

What does that even mean?

[nandibear]

...I've just been in contact with our head IT developer and he assures me the password is transmitted to your email via TLS, which means it's secured by SSL and thus encrypted when transmitted to your inbox.

Our passwords are not kept as plaintext, but are encrypted and password protected. I can't go in to our security procedures much more but I assure you they are inaccessible via conventional means.

I hope that rests your concern.

Thanks

Yes I visited your site and I see the "https" (SSL certificate)...

My opinion is that having an SSL certificate (I have SSL too for some of my sites) doesn't mitigate the fact that you shouldn't even know (and shouldn't be storing) raw passwords in the first place.

All that you should have in your database are the hashed password.

When a user logs into your site their raw password will correspond with the hashed password in your database.

If your database is ever compromised or if a hacker dumps the password table all that they will have are the hashed passwords. Hashed passwords cannot be used to login.

Moreover, if you do start hashing user passwords I suggest that you make sure that you aren't using old vulnerable hash function such as MD5.

MD5 (and others) can be easily converted back to raw password in few seconds on google.

I recommend using a strong one-way hashing like PHP5.5 / PHP7 -

Code: Select all

password_hash()

and

Code: Select all

password_verify()

Read more at - http://php.net/manual/en/function.password-hash.php

[miffman]

You should use multiple rounds of hashing using sha256crypt, with a unique salt for each password. Afaik, bitcointalk does this and it is very strong.