Why on earth would anyone need 100 char password? ED25519 offers 128 bits security, which is equal to 22 character password (no special characters) 22 * log (62) / log) (2) = 130 <-------- already larger than 128 with just 22 characters
We discussed it back at time, and decided that suggesting people to use a long password will help achieving the effect of a random password. You however have a point here, and I have asked Bitseed to review and comment if shorter password length should be suggested. I suggest follow Wesley's client (Nxt client) and generate a password for new users. That's way safer. Also, enforce minimum password length (anything over 16 would be fine). You can enforce this limit in the GUI.
|
|
|
How was the hash you posted generated? What I mean is that usually you'll generate the hash with a private key. So not knowing what the private key is, it would seem to make it next to impossible to figure out the password. Or is there some "standard" way of generating the private key for these sorts of things, like another sha256 hash of something? Don't know much about this sort of stuff.
Hash was generated by something like this . http://onlinemd5.com/ It's SHA256. So for example hash for "Fp7fq7aHSRNupa5" is 79641338EF8FFE97C337C023E6ECB2B35EF32B206A85E79C9131491052BE0F99 Cool, will be downloading some rainbow tables this weekend to see if any of them contain the hash. Good luck Rainbow tables only handle short passwords. http://blog.erratasec.com/2013/01/nytimes-and-more-rainbow-table-nonsense.html#.U_eEx_m-18EAnd no Rainbow Table exists for complex passwords 9 characters and longer. The 15 char password was picked using shuffled deck of cards (62 cards in the deck)
|
|
|
How was the hash you posted generated? What I mean is that usually you'll generate the hash with a private key. So not knowing what the private key is, it would seem to make it next to impossible to figure out the password. Or is there some "standard" way of generating the private key for these sorts of things, like another sha256 hash of something? Don't know much about this sort of stuff.
Hash was generated by something like this . http://onlinemd5.com/ It's SHA256. So for example hash for "Fp7fq7aHSRNupa5" is 79641338EF8FFE97C337C023E6ECB2B35EF32B206A85E79C9131491052BE0F99
|
|
|
Without knowing the key, wouldn't this basically be impossible? lol Cracking a 15 random character password like this one: Fp7fq7aHSRNupa5 ? Pretty close to impossible even for entire bitcoin network combined (well will take them 50+ years at current hash rate) The problem is that people don't generate random passwords. If someone has a password like "Philippians4:6-7" or a password like, "one small step for man, one giant step for mankind" then that easy to crack -- as these are not random characters. Pick 15 cards from a shuffled deck of cards (that's how I picked that 15 char password in the challenge), and that is pretty close to impossible to crack. Make it 22 characters and that is same as ED25519 security.
|
|
|
Guessing a bot will find this acc in no time. Sure he will He will be 50,000 Nxt + 1 nem stake richer. No problem, huh? Yeah, I am losing sleep already (not really, that was sarcasm) The largest ever publicly known brute force attack was against 64 bit (took 2 years by distributed-net -- hundreds of computers) and 64-bit is is weaker than 12 random characters.
|
|
|
Make sure you use a strong 100 character pass phrase. Plus I would also recommend paying the 100 crypti for an equally strong secondary pass phrase.
Why on earth would anyone need 100 char password? ED25519 offers 128 bits security, which is equal to 22 character password (no special characters) 22 * log (62) / log) (2) = 130 <-------- already larger than 128 with just 22 characters Better safe then sorry. The underlying crypto is ED25519 which offers 128 bit security, so even if you put million char password, the security is still only 128 bit, which is equal to 22 random chars.
|
|
|
Make sure you use a strong 100 character pass phrase. Plus I would also recommend paying the 100 crypti for an equally strong secondary pass phrase.
Why on earth would anyone need 100 char password? ED25519 offers 128 bits security, which is equal to 22 character password (no special characters) 22 * log (62) / log) (2) = 130 <-------- already larger than 128 with just 22 characters
|
|
|
Where is the link to download software? Please update the first post
|
|
|
We need a lightweight version, like trade.secure. I tried talking to some c4s sellers, but of course not a single one was interested in installing softwares.
Zero interest.
I have seen saying for ages we need lightweight clients, and things like chrome plugins.
|
|
|
https://www.ethereum.org/Right now it's showing "Estimated ether purchased: 4,917,732 ETH" WTF? What happened to rest of 50 million?
|
|
|
Actually the biggest downside I can see to the DGS is that it might place downward pressure on NXT's price. There's a lot of NXT whales, who can't pull their wallets without crashing the value of NXT, and yet are paper millionaires who want goods & services.
If there are a lot new buyers and new users, that would mean upward pressure as those people would need nxt to buy
|
|
|
Is this going to be like ebay for digital stuff? It doesn't really have to be digital stuff. You can communicate with the sellers via encrypted messages and make it physical stuff too. In that sense, it's also encrypted email service where you can send someone shipping address and no one -- not even FBI -- will be able to decrypt the message.
|
|
|
As Im looking over the last to big hacks... Vericoin and NXT something came to mind... Both of these are of a Gen 1 PoS style... Meaning If these exchanges want to take advantage of there Big stake and PoS there wallets must stay Hot... keeping this many coins in a Hot wallet is dangerous...
Irrelevant point as Bter never forged with their Nxt account. Since they never used their account to forge, they could have kept it offline if they wanted to do that. Besides, Nxt allows leasing forging power. You can still forge with offline Nxt by leasing the forging power to an online wallet that has just one Nxt -- so nothing would be at risk.
|
|
|
smaragda is the new EMule of this thread. Like him he continuously posts same stupid shit, but rarely makes sense. He is boring and not very intelligent, but tries to make up for his deficiencies by being vulgar and abusive.
|
|
|
Oh boy... STFU ASSHOLES!!! Yeah, if you say so, Fucking Qora troll
|
|
|
If you are reading this thread... please donate some BTC and/or NXT to the addresses in my signature as I was the only one that still left open the possibility for you to return the stolen NXT!!! You were the only one? Bter themselves were negotiating with the hacker who already got 330 BTC + 8 million nxt
|
|
|
|