Thanks so much San1ty for posting your bot for us all!  

I'll be taking a look at the code when I get a chance...

Until then, would you mind posting a couple screenshots of the bot in action?

Thanks for the reassurance, some escrow would give me faith in the bounty.

I'll see if ChuckOne is interested.

Thanks for the info!

Figured it must be a founder (assuming it's all legit)

I think we should move this discussion to somewhere on nxtforum and see what other people have the interest (and ability)

I am thinking a large project like this would probably take more than one dev. Two might work.
I mean, really, this feature is the Holy Grail of crypto.  

I would want to know who I'd be working with and to speak with whoever is putting up the NXT. The problem with doing such a big bounty like this is there is really nothing keeping the poster honest at the end of the day... It's a big leap of faith for a long project.

I can't speak for cryptowallets by my application is completely legit. You are completely right to have this worry and i recommend that anyone with these concerns run CryptoPapers fully offline.

We are still in Closed Beta but very soon we are releasing Open Beta to the Chrome App Store and GitHub.

Read about all of the advanced features that will be available here:
https://nxtforum.org/cryptopapers/



----

Let me try to address your questions.

- Yes, paper wallets are considered cold storage
- USB sticks are a good way to store coins but they are vulnerable to EMPs unlike paper, which is a very small risk depending who you ask but worth mentioning.
- An Address is just the public facing side of your Private Key. All coins are set up so that you can't spend from an Address unless you can properly Sign a Transaction with the correct Private Key.


(For those of you that want to get technical you turn the Private Key into the Public Key using a Public Key Cryptographic Curve called secp256k1. The Public Key is then turned into an address by running it through SHA256 twice and then RIPEMD160 once, then converting it to Base58Check)

Hi,

Glad to hear it.
What is your connection with NXT if you don't mind me asking?
Also, was proof of that much NXT posted somewhere?

I have some ideas how a cross-chain trustless system could be achieved but they are very out-of-the box ideas. I hope this will not be a problem.
If this were simple it'd already be done

Should we be talking about this on nxtforum? There are some users there that may want to help contribute to solving this challenge.

Cheers,
- Fractal

Is this bounty still active?

Who put up the 3-5M? Was it you pinarello?

I would give this my best shot, and find some others with cryptographic / programming experience to see if this can be done.

Along the same lines of this project: http://cryptopapers.com

Beta just got released, 25 coin types so far, tons of advanced features.

I also wanted to add, that while there weren't many more noteworthy features to announce at the time of his original post, we can now include the following, already done:

- BIP38 Encryption / Decryption for all coins
- 8 different variations of wallet including circular, credit-card sized, and coin-shaped
- Over 250 backgrounds
- Color shift, allows you to change the color of any background to whatever you want (Chrome only)

Coming Soon:

- Vanity address creation
- Split-key addresses (addresses requiring 2 private keys to spend)
- More: Vote for which features you want to see the most- http://cryptopapers.com/feedback/

You're right, it's not a stellar feature - it's an Essential feature! (and one we thought was worth mentioning)

I would fully agree with you if we were talking about keyboard-supplied entropy. However, mouse entropy is a lot better and this is why all the paper wallet generators do things this way.

I'm not sure if this is getting too technical - but here's how the Entropy process works:

The system starts out with data about your current time, browser, environment, etc to use as the starting RNG Pool.
The pool is then further randomized with between 300 and 400 points of not just mouse coordinates, but the exact time the event was hit.
Each coordinate point is then multiplied together and is factored down to 16 bits of data, per coordinate, plus an additional 32 bits from the time.

Collecting 300-400 coordinates is enough to go through the pool for several passes.

The process of guessing keys that were generated in this way should be no easier than brute-forcing *coin addresses at random.

------

Also - the Beta is live!

Head to http://cryptopapers.com to sign up!

Great news for people interested in altcoin paper wallets:

CryptoPapers.com is an offline paper wallet generator that we are about to release Beta for in the next day or two.

25 supported coin types so far - more on their way!

Bitcoin, Litecoin, Peercoin, Dogecoin, Namecoin, NXT (Coming Soon), Mastercoin, Primecoin, Auroracoin, Vertcoin, Mintcoin, Counterparty, Feathercoin, ProtoShares, Quark, Cryptogenic, Datacoin, Devcoin, Digitalcoin, Infinitecoin, Ixcoin, Memorycoin, Novacoin, Terracoin, Worldcoin, Zetacoin

In addition to all these coin types, CryptoPapers will have many advanced features including customizable backgrounds, wallet shapes, BIP38 encryption, integrated security dashboard, and more!

Sign up for Beta:
http://cryptopapers.com

If you'd like to encourage development of this project any amount of donation is appreciated:
http://cryptopapers.com/donate

Thanks and stay safe!

Yeah, I'm fairly certain they would need the keys to forge data... Unless you run Safari or iOS
http://www.macworld.com/article/2099987/what-you-need-to-know-about-apples-ssl-bug.html

Though I wouldn't completely write off the possibility that Gox had their keys stolen- at least this panic has a happy ending not requiring me to reinstall any of my machines yet again.

Haha! You caused me to have a good freak out there, but I've figured out what's going on.

The first clue was that this was only happening to me in Chrome. (I have Chrome in super locked down mode with cookies and javascript disabled by default)

This is what I was seeing:

<html><head><title>MtGox.com loading</title></head><body><p>Please wait...</p><script>function xdec(data){var o="[bunch of random text]=";var o1,o2,o3,h1,h2,h3,h4,bits,i=0,ac=0,dec="",tmp_arr=[];if(!data){return data}data+='';do{h1=o.indexOf(data.charAt(i++));h2=o.indexOf(data.charAt(i++));h3=o.indexOf(data.charAt(i++));h4=o.indexOf(data.charAt(i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){tmp_arr[ac++]=String.fromCharCode(o1)}else if(h4==64){tmp_arr[ac++]=String.fromCharCode(o1,o2)}else{tmp_arr[ac++]=String.fromCharCode(o1,o2,o3)}}while(i<data.length);dec=tmp_arr.join('');return dec};document.cookie=xdec('[More Random Text]').replace(String.fromCharCode(0),'').split('').reverse().join(''); location.href='/';</script></body></html>

So you see, they set a cookie before refreshing the page.

End panic mode.

Seriously though, thanks for the heads up. Everything checks out SSL and DNS-wise.
Correct me if I'm wrong, but DNS attacks couldn't actually forge data under SSL, could they?
(Unless of course Gox's server keys were compromised)

Yes, though this thread has been entertaining, this is not what I'm seeing for HTML source.

Did Gox Verify some of your accounts so they could withdraw your USD, and forget that the email notification was turned on??

Anyone else get a verification email?

Count me in!

Transaction: c2938a01293e6dfb8d008c5dab8f7c8790104e46f1fe75d8732beb56d5203d4e