I fully understand you, but I also believe that knowledge should be rewarded.
We all think like that. Until now, u wrote some text (posted a few lines yaddayadda here). There is nothing that could be recognized as knowledge yet. U surely understand that. When Dr. Evil exposed flaw, he did it in a noble manner. For that, he gained both (financial) reward and well-deserved respect, u see. That was truly cool, u see. That was not the "yo man I drive expensive cars and trade $100k at kraken, I'm the shit and can easily create nxt out of thin air, man" attitude... ah. Here is the original thread. https://nextcoin.org/index.php/topic,3884.0.htmlHe got 10 BTC fron CFB and several thousand nxt from private donations He never asked for money, by the way. It was all given impromptu
|
|
|
Also, Eadeqa, if I'd happen to get the OK from the developers, I would pull it off right away. But this would result in a total desaster.
I asked you to describe it in words before you can ask for money. You can do that just by sending a private message to CFB and he can confirm you have a point. You can't even do that much. By the way, there is already 100,000 Nxt reward here https://bitcointalk.org/index.php?topic=397183.0Try to find that one first and people might take you more seriously then
|
|
|
All I would ask for is to fund my new Burberry Trenchcoat Why I don't create them and sell them on BTER? Well, being a NXT holder myself I do not want prices to plunge You first need to demonstrate its possible. If you do that part, people might reward after that. The last person who found a security bug received 10 BTC reward. But it could be as well possible, that I spend a week of coding and get a 0.1 BTC reward There is so much other work to be done, which generates a larger income. Also, If would go for it, this would inevitably result in a denial of service at some point. yawn
|
|
|
All I would ask for is to fund my new Burberry Trenchcoat Why I don't create them and sell them on BTER? Well, being a NXT holder myself I do not want prices to plunge You first need to demonstrate its possible. If you do that part, people might reward after that. The last person who found a security bug received 10 BTC reward. But it could be as well possible, that I spend a week of coding and get a 0.1 BTC reward There is so much other work to be done, which generates a larger income. Or it could as well be possible that you (1) are a liar (2) mistaken/ You haven't even given an idea what exactly you are talking about, before "coding" What exactly are you going to "code" when you can't even describe it.
|
|
|
All I would ask for is to fund my new Burberry Trenchcoat Why I don't create them and sell them on BTER? Well, being a NXT holder myself I do not want prices to plunge You first need to demonstrate its possible. If you do that part, people might reward after that. The last person who found a security bug received 10 BTC reward.
|
|
|
What's up guys? I am not a good java programmer at all, but after a short audit of the code I am pretty sure that it is possible to fund your account with as much NXT as you like - out of thin air! If you guys want me to write a line-up on this, I would we willing to do it for a small "contribution towards expenses".
That's funny. If you could do it, why do you need people to fund it? Do it and sell them on BTER. There is your "fund"
|
|
|
"Bitcoin and other networks rely only on SHA-256, which was developed by the NSA. The Snowden revolations bring into question the security of SHA-256 and, thus, the true government independence of Bitcoin."
This is absolutely dishonest as SHA-256 is open source known algorithm studied by independent academic word for a decade now. It's irrelevant who was original developer. If we are going to play that game, then Keccak was approved by NIST (which is also US govt agency). Tor was originally developed by US military. Even the Internet itselfis US military invention.
Perhaps u misunderstand this statement which is about the fact that ONE SINGLE cryptographic hashfunction can potentially be broken and with it the entire security of the blockchain would be broken This is not what the site said. He dishonestly implied that US govt secretly controls bitcoin as it uses SHA256. He even mentioned Snowden. This is dishonest propaganda and it tells me the people involved in heavycoin are dishonest. I don't trust them.
|
|
|
You lost me.
I was about to buy 5 BTC worth until I clicked on the site and read
"Bitcoin and other networks rely only on SHA-256, which was developed by the NSA. The Snowden revolations bring into question the security of SHA-256 and, thus, the true government independence of Bitcoin."
This is absolutely dishonest as SHA-256 is open source known algorithm studied by independent academics for a decade now. It's irrelevant who was original developer. If we are going to play that game, then Keccak was approved by NIST (which is also US govt agency). Tor was originally developed by US military. Even the Internet itself is US military invention.
Not buying it when the author starts with dishonest propaganda.
Goodbye
|
|
|
Given that hacking a wallet file has the additional step of getting a copy of the wallet file, by how many bits of entropy should the password of the wallet file be protected?
Is wallet file encrypted by user password before you safe it to hard drive? Yes. Wallet holds account-account secret pairs, with the account secrets having 128 bits of entropy and the wallet file being encrypted with a wallet password of X bits of entropy. Wallet password is generated, but the user can set the wanted entropy. The user should be able to choose his own encryption password. He is more likely to remember it. Yes there is a risk, but the only way he can lose it if there is a torjan/keylogger on his machine that steals wallet file. And if that happens, longer generated password ism't going to help.
|
|
|
By the way, wallet file can be deterministic like Electrum. The user can have dozens of different accounts, but they will have to back up wallet file just once.
It could work like this: Secret seed (generated first time) and saved in wallet dat.
Account1 = Hash (Secret seed)
The user creates a new account (say two months later)
Account2 = Hash (Account1_ID + Secret seed)
Account3 = Hash (Account2_ID + Secret seed)
etc
As long they have secret seed (saved in wallet file) they would be able to recover all the accounts they ever created with the client.
|
|
|
Given that hacking a wallet file has the additional step of getting a copy of the wallet file, by how many bits of entropy should the password of the wallet file be protected?
Is wallet file encrypted by user password before you safe it to hard drive? It doesn't really matter. 128-bit entropy is fine. The user password is going to be much smaller than 128-bit, but that's the risk the user takes by not having to type a very long type password every time they login to Nxt. Otherwise there is no point having walet file if that encryption password is just as long as Nxt password. wallet file will allow the user to type smaller and easier to remember password. The real password (128-bit) will be stored in wallet file. Isn't that the purpose of wallet file?
|
|
|
Is this 1626 words dictionary enough now or should we go with a bigger one, also to allow less words?
Why? If crypto.getRandomValues is working properly then 1626 is just perfect. If crypto.getRandomValues isn't working then even 20,000 words won't be enough, as real entropy will be limited by the random number generator. Some people are having difficulty comprehending that 128-bit is a very big number. Lets assume the worst case. Lets say in two years, 1 billion people are using wesleh'sy client and everyone created their pass phrase using these randomly generated words. Now lets assume that every bitcoin miner in the world (millions of dollars of electricity per day) all work together to find just one of these 1 billion randomly generated pass phrase. The current hash rate on bitcoin network is 3 million GH/s. How long would it take for the entire bitcoin network combined to find just one of 1 billion pass phrase? Total number (aprox 128-bit) 1626^12 = 3.4×10^38 1 billion users, 3.4×10^38 / 1000000000 = 3.4 x 10^29 Now the entire bitcoin network combined works to find just one pass phrase 3.4 x 10^29 / 300000000000000000 = 1133333333333 seconds that's 36,000 years (36 thousand years). lets assume they get very lucky and find one pass phrase only after 1% of search, that's still 3 thousand years And after all that work (and electricity) and 3 thousand years later, they might discover that the account they did find only had 2 Nxt in it. The point is that the problem (if there is) will be with random number generator -- not with number of words, which are just fine. That's why I keep saying you don't need 50 or 100 character password (not even 35, actually -- 25 is fine). . It doesn't add any more security. If there is a security hole (like for example keyloggers) even 1 million character password isn't going to help. You're right, bitcoinpaul was only suggesting that, from the end user point of view, a 10 words passphrase is a little more convenient than a 12 words one. This is possible with a larger dictionary. That will require about 7200 words. That's 4.4 times more words. wesleyh will have to find a lot more words that are still simple every day words.
|
|
|
Is this 1626 words dictionary enough now or should we go with a bigger one, also to allow less words?
Why? If crypto.getRandomValues is working properly then 1626 is just perfect. If crypto.getRandomValues isn't working then even 20,000 words won't be enough, as real entropy will be limited by the random number generator. Some people are having difficulty comprehending that 128-bit is a very big number. Lets assume the worst case. Lets say in two years, 1 billion people are using wesleh'sy client and everyone created their pass phrase using these randomly generated words. Now lets assume that every bitcoin miner in the world (millions of dollars of electricity per day) all work together to find just one of these 1 billion randomly generated pass phrase. The current hash rate on bitcoin network is 3 million GH/s. How long would it take for the entire bitcoin network combined to find just one of 1 billion pass phrase? Total number (aprox 128-bit) 1626^12 = 3.4×10^38 1 billion users, 3.4×10^38 / 1000000000 = 3.4 x 10^29 Now the entire bitcoin network combined works to find just one pass phrase 3.4 x 10^29 / 300000000000000000 = 1133333333333 seconds that's 36,000 years (36 thousand years). lets assume they get very lucky and find one pass phrase only after 1% of search, that's still 3 thousand years And after all that work (and electricity) and 3 thousand years later, they might discover that the account they did find only had 2 Nxt in it. The point is that the problem (if there is) will be with random number generator -- not with number of words, which are just fine. That's why I keep saying you don't need 50 or 100 character password (not even 35, actually -- 25 is fine). . It doesn't add any more security. If there is a security hole (like for example keyloggers) even 1 million character password isn't going to help.
|
|
|
very cool adding the random word for passwd. There are space between random words of password or just consecutive random words without space? Spaces
|
|
|
35 char is more than enough. Don't need to add special character
Exactly. 50 characters is even stronger than 256-bit, even though curve25519 is only 128-bit (at best) strong.
|
|
|
I just wanted to ask you guys, if it is really safe to invest in NXT. I mean, the address is just 64bits long: what would prevent someone (with a whole bunch of GPUs) to steal my account?
Once you send a transaction from that account, your public key (that is 256-bit) is linked to that 64-bit account number. So it's no longer just 64-bit once an outgoing transaction is made.
|
|
|
I seriously want to see what all those people that have been bitching about Nxt not having a user-friendly client will say after using this KICKASS client!!! By the way... hate to be doing this... but how about repeating the message below even when people want to choose the passphrase themselves... Attention: Don't ever disclose your secret phrase. If you lose it you lose access to your account! I think i(like marcus's client) it should also implement local signing of transactions. Then people with too few Nxt (and no chance of forging) don't even have to download NRS. they can connect to any public node and use it. There is already Javascript implementation of curve25519 https://github.com/Jaguar0625/JavaScriptNrsNext version of NRS server is going to have prepareTransaction api which returns raw bytes, then I will implement local signing of transactions. Much easier than implementing it manually, because then you also have to check for errors on client side, which I don't think is very good. So I will wait a bit to implement this Once that is done, you should submit it as Chrome app in Chrome's App store https://chrome.google.com/webstore?utm_source=chrome-ntp-icon
|
|
|
I seriously want to see what all those people that have been bitching about Nxt not having a user-friendly client will say after using this KICKASS client!!! By the way... hate to be doing this... but how about repeating the message below even when people want to choose the passphrase themselves... Attention: Don't ever disclose your secret phrase. If you lose it you lose access to your account! I think i(like marcus's client) it should also implement local signing of transactions. Then people with too few Nxt (and no chance of forging) don't even have to download NRS. they can connect to any public node and use it. There is already Javascript implementation of curve25519 https://github.com/Jaguar0625/JavaScriptNrs
|
|
|
|