Yes  I was wondering what effect carrying out a first transaction would have - I don't yet understand why that improves account security. Since you're offering to forge I might loan you my balance to try it out. Because it publishes your public key to the network which was before undisclosed. That means your NXTs are safe (for a very long time - remember cryptography is always bruteforcable but that requires huge amounts of energy and time) You can do that. Unfortunately, I have to pay 1 NXT to get it back to you. Tell me, when you are ready. EDIT: I like the new client, too. All other clients are so 80.  Ah, so maybe better to wait until that feature is up and running fully. |
|
|
|
Either way, I think I'll retire it asap. I assume I can just enter my privkey into Wesley's client and get started.
Exactly. That is why we call it a brain wallet. Yes I was wondering what effect carrying out a first transaction would have - I don't yet understand why that improves account security. Since you're offering to forge I might loan you my balance to try it out. Edit: says your account is unknown - no transactions in or out yet. Is that right and if so, are you only forging with loaned balances? |
|
|
|
I bet the FBI sold their coins to the NSA it was silly of us to think we'd get a piece of the action... That's if the Chinese government didn't offer them a better price.  |
|
|
|
Here's my clue: Two word description of this puzzle and its answers....
The solution: Horrible
Whore - Able
You Idiots
I'm going to take that as reassurance that this episode wasn't too easy. At least you didn't commit suicide in the end. |
|
|
|
Ok, so the new client looks great and seems to work really well.
Can someone help with a problem:
As I mentioned, I already bought some NXT and put them in an account made with a 30-character random key. I'm currently using an old Android app and it doesn't work well. I can't send out from it.
When I started Wesley's new client, I assumed I'd be able to use the same key, but it requires a 35-character key. So, how do I use my current key, or sweep the funds into my new account?
It doesn't require one, it just warns you that less than 35 is not secure. You can use it to log in. I just logged into his app with a 7 character password without issue. Thank you sir. I started by creating an account - didn't realise you could just log in with an existing password. May I send you 1 NXT to thank you and secure my account? Also - you use a 7-character password? Isn't that kind of risky? |
|
|
|
|
Ok, so the new client looks great and seems to work really well.
Can someone help with a problem:
As I mentioned, I already bought some NXT and put them in an account made with a 30-character random key. I'm currently using an old Android app and it doesn't work well. I can't send out from it.
When I started Wesley's new client, I assumed I'd be able to use the same key, but it requires a 35-character key. So, how do I use my current key, or sweep the funds into my new account?
|
|
|
|
|
The winner posted the solution in the main thread.
|
|
|
|
Can you paste the text here? Seems like some people are having problems accessing it. Thanks! |
|
|
|
The Android app is linked from http://wiki.nxtcrypto.org/wiki/Getting_StartedI'm not sure it works any more. When I tried to send a few NXT to safeguard my account, it said the transaction was successful but the amount didn't change and 12 hours later there's no record of the transaction. Either way, I think I'll retire it asap. I assume I can just enter my privkey into Wesley's client and get started. |
|
|
|
|
Weird.
Can someone post text here if they still have access?
|
|
|
|
|
Where is igorr? I miss that big cuddly bear with poor syntax.
|
|
|
|
|
That is bad. Hopefully it won't cause problems before I can download a proper client.
|
|
|
|
|
Thanks for the heads up. Will be moving to Wesley's client later today, assuming I have anything left to move...
|
|
|
|
|
Nothing. It accepted my password and there were no error messages, but no record of the transaction either. It's not on the blockchain, but neither is a transaction I made earlier today.
I'll wait a while and see what happens.
|
|
|
|
|
Hmm, weird. Sending from an Android app and it's not recording the transaction.
|
|
|
|
Thanks. I do use NXT - relative newcomer, though. I wasn't sure how the address was calculated from the key. Actually a lot simpler than I expected.
Do you happen to know why the triple hash/curve function is used? Is it that much more secure than one or two functions - and is there a greater risk of collisions for short addresses?
I can't exactly recall why the passphrase is first passed through SHA256, but it could be an issue of optimizing data lengths for the Curve function. The output of the curve function is the public key, which is what is written to the block-chain when an outgoing payment is sent from an address. Regarding collisions, you are only at risk if you receive Nxt to an address, but never send at least one transaction from that address. Since public keys are numerous bytes, but payment addresses are only 8, all an attacker has to do is find a public key that results in the same, first 8 bytes of the SHA-256 hash of your public key. Sending 1 payment from your account will prevent that from happening since sending a payment records your public key for future verification. If you never send a payment from your address someone could, theoretically, comprise your account. With that said, you don't have much to worry about. There are sizable Nxt accounts that have received Nxt but never sent any Nxt from their accounts. We're talking about accounts valued in the hundreds of BTC, in todays' market values. These accounts are called dark accounts and there is even a program that you can run to search for public keys that you could use to compromise these accounts. Someone over at Nxtforum.org ran some numbers and with numerous people, running numerous GPUs, for over a year, there is only a small-chance that 1 account will be found, that is in the list top 300 darkNxt accounts. But, again, even if you had 100,000,000 Nxt, you can safe guard yourself by creating an alias, donating a few Nxt to a faucet or initiating some form of payment transaction. I've just tried to send you 1 NXT to make sure. Not sure whether it's gone through ok... will try again in a minute if not. |
|
|
|
I'm not sure if you've used Nxt, but Nxt uses "brain wallets", which is a fancy way of saying you launch the client and then enter a passphrase. This is different than the typical wallet-file approach that BTC uses.
With this software, I generate a random passphrase of 50+ characters using a-z,A-Z,0-9, and a standard set of special chars. This is a string that is easy to copy and paste into the client.
Nxt addresses are the first 8 bytes of the output of SHA256(Curve2519(SHA256(passphrase))), expressed as an unsigned integer. Ergo, this software generates private keys, hashes them into their respective payment addresses and outputs really small addresses like the address in my sig.
Thanks. I do use NXT - relative newcomer, though. I wasn't sure how the address was calculated from the key. Actually a lot simpler than I expected. Do you happen to know why the triple hash/curve function is used? Is it that much more secure than one or two functions - and is there a greater risk of collisions for short addresses? |
|
|
|
Hey guys, in case you missed it over at the Nxtforum.org Project section, I've released a very simple vanitygen app for Nxt. Specifically, my application searches for progressively smaller Nxt addresses. Further discussion can take place at the original Nxtforum post ( https://nxtforum.org/nxt-projects/(ann)-nxtmin-a-vanitygen-application-that-searches-for-small-nxt-addresses/) For convenience, here is the contents of the OP: A a few months ago I wrote an app in C# that I used to find my small Nxt address. Granted, my address isn't 7 characters in length, but using a 2.3Ghz Core i7, I can usually find 1-2 10 digit addresses a day, hashing at a rate of about 31k addresses/sec. The files are listed below. The zip file contains 2 binaries. One compiled for 32-bit systems, and one for 64. The 64-bit file was marginally faster. The code is VERY simple. Once you download and compile it in Visual Studio, you should find it really easy to modify for other forms of pattern searches (i.e. large addresses, repeated numbers, sequences, etc.) HOW IT WORKSThis is a very simple search process. The application will generate a 50 character, random string. It will then sequentially append digits to the end of the key and check the address. The application will search for a new, minimal account value. When a new minimum is found, the address and privkey are written to nxt.txt and the application will continue looking for an even smaller address. The longer the application runs, the smaller the addresses will become. HOW TO USEFrom the command prompt, enter: You will be prompted to enter a minimum address value. If you want, you can enter a 0 and NxtMin will start with the maximum value of a unsigned 64-bit number. Alternatively, you can pass the application a few basic parameters. Pass the application a '--help' parameter for more information. SOURCE & DOWNLOADSGithub: https://github.com/rhartness/NxtMinBinaries: Both 32-bit and 64-bit files.(*) * I'm not shisting anyone but always be cautious when downloading binary files that generate private key information. I recommend downloading and compiling the details from source. I guarantee that these files are clean. However, in good conscience I must highly recommend you use these tools strictly for fun and NOT for storing significant amounts of Nxt if you are downloading the binary files and not the source code. NOTESThis can also work with Mono. I built this project using VS 2013 on Windows 7, in a Parallels VM. Running this in Mono from OS X yielded results that were near 50% slower?! So, if you have a Windows VM, this application will probably work better in that environment, but in either case, the application should still run. DONATIONSIf you find this application to be of use, please considering a small, token donation. Donation addresses are: * Nxt: 1102622531 * BTC: 1Mhk5aKnE6jN7yafQXCdDDm8T9Qoy2sTqS * LTC: LKTF6AjzFj2CG81rQravs164VsoJJnEPmm * DOGE: DGea4Qev7eJGmohWq2iKSeDkrTsPeYXQAC EDIT- Oops, sorry. If anyone downloaded the binary file from within the first 5 minutes of this post, I accidentally linked just the 32 bit file. The binaries link now contains a zip of both files. Nice idea I'm still learning about NXT. What's the function that turns the private key into the address, and what format is the address (presumably just the output displayed in decimal)? |
|
|
|
I think this guy yonce got a hidden agenda. It is a know fact among the HYIP players that HYIPs are in a very deep depression since a while already. We should just ignore him and he will stop giving us useless lessons here. He is a scammer who think with his badmouthing he can bring over clients to his shady HYIP world and can damage the reputation of BT. Considering the fact that BT currently has around 3,200 clients and only about two dozen or so are participating here, his "little plan" will not work out. So nothing to worry about, just chill out and ignore this lowlife.
The first piece of worthwhile information in a couple of pages. What's the source? I think somebody asked them this in a support ticket or something. I saw this piece of info before. Ok. I'm interested in total funds under management. We 'know' that there are a few $50k investors. I wonder how much arbitrage bitcoin's ~$20 million daily volume could support. |
|
|
|
I think this guy yonce got a hidden agenda. It is a know fact among the HYIP players that HYIPs are in a very deep depression since a while already. We should just ignore him and he will stop giving us useless lessons here. He is a scammer who think with his badmouthing he can bring over clients to his shady HYIP world and can damage the reputation of BT. Considering the fact that BT currently has around 3,200 clients and only about two dozen or so are participating here, his "little plan" will not work out. So nothing to worry about, just chill out and ignore this lowlife.
The first piece of worthwhile information in a couple of pages. What's the source? |
|
|
|
|
Show Posts
