caratheodory
Newbie
 Offline
Activity: 23
Merit: 0
|
 |
February 07, 2014, 06:30:33 PM |
|
Right and if you read it, they argue the same as I do. The only way to guess such a passphrase is if it's already in their database because a lot of people use it. That it was is, I think, surprising. There are a lot of sentences and quotes from books in the world, either the opening phrase from 1984 is very widely used (seems unlikely given how uneducated people are) or there's something more to this. I'd like if EvilDoctor could comment on this, given that he cracked the passphrase in a day, it would be great. I'm interested in how crackers are building their passphrase dictionaries nowadays. |
|
|
|
|
|
|
|
|
|
|
|
The forum was founded in 2009 by Satoshi and Sirius. It replaced a
SourceForge forum.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
msin
Legendary
Offline
Activity: 1470
Merit: 1004
|
|
February 07, 2014, 06:33:04 PM |
|
Do we have a thread for those who deserve Dev Bounties from unclaimed Nxt? I recommend the following allocation for dev:
QBTC (nxtcrypto) - 100k
Passion_LTC (Nxtvote, Nxtion, etc) - 150k
l8oore (asset exchange) - 200k
We can add to these amounts in the future for ongoing projects.
Also, should I even bother with the crypto algo review? Sounds like Jesse James can help us with that. On that note I recommend a 250k bounty for Jesse James from unclaimed dev Nxt. If we still want a crypto review, I can use 10 BTC from my own wallet, but I need a very clear and concise response on what we specifically need from someone reviewing the algo.
|
|
|
|
|
|
opticalcarrier
|
|
February 07, 2014, 06:34:34 PM |
|
Please critique my security strategy:
1. ubuntu OS on 8GB RAM laptop
2. comment out swap entry in fstab
3. fstab has a tmpfs RAMdrive mounted on boot
4. use onetime to generate an encrypted file on the RAMdrv where key is same length as passphrase
5. move that encrypted file to disk for local storage, USB, cloud, family, friends, etc for safekeeping
6. bonus: make OTP key such that an easily-memorized misspell generates a different passphrase that belongs to other account that has history. PLAUSIBLE DENIABILITY
|
|
|
|
|
|
bitcoinpaul
|
|
February 07, 2014, 06:37:07 PM |
|
S/he must be a Grandmaster of Cryptography.
That's an argument from authority. That's not how you prove things. Even if Schneider were to say "it looks ok" it doesn't matter much. You prove code by formally verifying it and giving your proof. Someone could post it anonymously and it still would be valid. There's always the possibility of bugs due to bugs in language implementation itself, or even hardware, but there's no way around that. A reputable cryptographer analyses our code and you don't know, what that would mean for Nxt? Jesus... |
|
|
|
|
xyzzyx
Sr. Member
Offline
Activity: 490
Merit: 250
I don't really come from outer space.
|
|
February 07, 2014, 06:37:32 PM |
|
Right and if you read it, they argue the same as I do. The only way to guess such a passphrase is if it's already in their database because a lot of people use it. That it was is, I think, surprising. There are a lot of sentences and quotes from books in the world, either the opening phrase from 1984 is very widely used (seems unlikely given how uneducated people are) or there's something more to this. I'd like if EvilDoctor could comment on this, given that he cracked the passphrase in a day, it would be great. I'm interested in how crackers are building their passphrase dictionaries nowadays. I don't know how he did it, but read this: http://arstechnica.com/security/2013/10/how-the-bible-and-youtube-are-fueling-the-next-frontier-of-password-cracking/ |
"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
|
|
|
|
bitcoinpaul
|
|
February 07, 2014, 06:38:24 PM |
|
Although the Nxt Asset Exchange will be a useful addition I think that we are missing something that could be much more useful (and perhaps a "killer" addition) and that is "atomic cross-chain crypto-currency transfers" (some of you would recall I've already mentioned it). As far as I can tell no-one has actually built such a system and also so far I can't even tell if such a transfer using TierNolan's approach ( https://en.bitcoin.it/wiki/Atomic_cross-chain_trading) has ever actually been tested (if anyone has a link that shows such a transaction having taken place then I'd be very interested to see it). IMO this would really be a "game changer" as it could allow people to trade crypto's directly without an exchange and without risk (beyond having to wait for the "refund" problem that is necessary for TierNolan's solution in case the trade doesn't get finalised). It wouldn't work fast enough to do "day trading" but for those not in a huge rush the promise of 100% secure transactions with only minimal blockchain fees would be pretty appealing. What do you guys think? Good idea, also for marketing. Don't know how this would work though  Are smart people besides CIYAM thinking about it? |
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
February 07, 2014, 06:38:54 PM |
|
Right and if you read it, they argue the same as I do. Sorry, I meant that 1 sentence from a book is equal to 1 word from English dictionary. Thus we have a password with only 1 (one) "symbol" and entropy equal to number of sentences. More popular sentences have a higher chance to be used, thus if u try all sentences in order according to their Google "citing" index u'll pick a passphrase quite quickly. |
|
|
|
|
pinarello
Full Member
Offline
Activity: 266
Merit: 100
NXT is the future
|
|
February 07, 2014, 06:39:14 PM |
|
Do we have a thread for those who deserve Dev Bounties from unclaimed Nxt? I recommend the following allocation for dev:
QBTC (nxtcrypto) - 100k
Passion_LTC (Nxtvote, Nxtion, etc) - 150k
l8oore (asset exchange) - 200k
We can add to these amounts in the future for ongoing projects.
Also, should I even bother with the crypto algo review? Sounds like Jesse James can help us with that. On that note I recommend a 250k bounty for Jesse James from unclaimed dev Nxt. If we still want a crypto review, I can use 10 BTC from my own wallet, but I need a very clear and concise response on what we specifically need from someone reviewing the algo.
very generous thank you msin! |
|
|
|
gimre
Legendary
Offline
Activity: 866
Merit: 1002
|
|
February 07, 2014, 06:41:27 PM |
|
Jean Luc: R U planning to include change proposed by BloodyRookie below: Lots of people are still complaining about it. (I was looking at decompiled Curve here: https://github.com/stevedoe/nxt-client/blob/experimental/src/nxt/crypto/Curve25519.java fix is still not there) (below is only a piece, full post here: https://bitcointalk.org/index.php?topic=397183.msg4645132#msg4645132) There is only one method left, that is Curve25519.sign(), so the bug must inside that method. Let's take a look at it. It calculates (x-h)*s mod q. Looks legit? Not! If x<h then x-h is negativ! That's not going to work. (x-h)*s will be negativ too (remember: s is positiv) and the mod q reduction will not return the desired value. We have to take care of the case x<h. I think the easiest way is to reduce the x and h mod q in the beginning. Only then you can test for a negativ result by looking at the highest bit and, in case it is set, add q to the result making it positive (If you don't reduce x and h mod q then you can't use mula_small because you can't test the result by looking at the highest bit). So the new method Curve25519.sign() should look like this: private static final void reduce(byte[] x) {
byte[] tmp=new byte[32];
divmod(tmp, x, 32, ORDER, 32);
if ((x[31] & 0x80) != 0)
{
// x is negativ, add q to it
mula_small(x, x , 0, ORDER, 32, 1);
}
}
public static final boolean sign(byte[] v, byte[] h, byte[] x, byte[] s) {
// v = (x - h) s mod q
int w, i;
byte[] h1 = new byte[32], x1 = new byte[32];
byte[] tmp1 = new byte[64];
byte[] tmp2 = new byte[64];
// Don't clobber the arguments, be nice!
cpy32(h1, h);
cpy32(x1, x);
// Reduce modulo group order
reduce(h1);
reduce(x1);
// v = x1 - h1
// If v is negative, add the group order to it to become positiv.
mula_small(v, x1, 0, h1, 32, -1);
if ((v[31] & 0x80) != 0)
{
mula_small(v, v , 0, ORDER, 32, 1);
}
// tmp1 = (x-h)*s mod q
mula32(tmp1, v, s, 32, 1);
divmod(tmp2, tmp1, 64, ORDER, 32);
for (w = 0, i = 0; i < 32; i++)
w |= v[i] = tmp1[i];
return w != 0;
}
I have tested the new sign() method with 10000 random pass phrases and messages and the verification has not failed a single time! The bug I found is not the last flaw but nevertheless it is an anoying bug making verify() fail sometimes. |
|
|
|
|
bitcoinpaul
|
|
February 07, 2014, 06:42:52 PM |
|
Ah come on don't put the blame on me they broke your software and its worthless now, blame bcnext
 |
|
|
|
|
|
EvilDave
|
|
February 07, 2014, 06:46:02 PM |
|
Guys, sorry for the super silly question. I read every post here but when i saw that FC was promoting NEM i ignored every post in which i see "NEM". Now i see that Utopianfuture is responsible for NEM and most of the active people here are in the staheholders' list of NEM (are they really? Anon? Come-from-beyond?). Will NEM have the same features like Nxt (especially transparent forging)? And the only difference will be the community and developers? I know I gotta be missing something and i sound silly but i have to ask. Thank you for the response!
NEM is a clone of Nxt created by Nxt insiders. So rather than improving on Nxt, these folks have decided to fork a clone of Nxt. With a "fairer" distribution stategy (in principle), u used to be very keen on fairness, as I recall. NEX does not involve Nxt insiders. nex seems to involve almost no-one. Love your dev thread, btwhttps://bitcointalk.org/index.php?topic=398461.msg4956801#msg4956801[/i] So Nxt folks condone NEM efforts because they are all buddies with them. And maybe because no-one on the NEM project has vowed to destroy NXT ? And we r buddies, u got some?
Nxt folks however take great efforts to criticize NEX because NEX folks aren't Nxt insiders. If u remember, FCs, you were the one who started this game.....
@eMule: u missed a great chance to kill NXT in the last 24 hours. One good hard dump from u could have started a panic sell, if u dumped hard like u are always promising us. Are u ever going to back up your talk with just a little bit of action? |
|
|
|
|
Eadeqa
|
|
February 07, 2014, 06:47:53 PM |
|
Critical bug disclosureFew days ago the guy who found a vulnerability in Blockchain.Info and picked the secret phrase of Nxt genesis account found a security flaw in NRS cryptographic algorithm. ... I can't explain details of the flaw, coz it's out of my area of expertise. U can contact him directly via nextcoin.org forum. I'm the guy. I just created a thread providing more technical details https://nextcoin.org/index.php/topic,3884.0.html and to answer questions. I don't really check this forum/thread so posting there is the best way to reach me. Let's get this guy on board, Klee is in charge of the infrastructure team, so perhaps Klee can get him on board and a good chunk of Nxt from unclaimed. That would be best use of unclaimed funds |
|
|
|
FrictionlessCoin
Legendary
Offline
Activity: 868
Merit: 1000
Cryptotalk.org - Get paid for every post!
|
|
February 07, 2014, 06:49:10 PM |
|
Jean Luc: R U planning to include change proposed by BloodyRookie below: Lots of people are still complaining about it. (I was looking at decompiled Curve here: https://github.com/stevedoe/nxt-client/blob/experimental/src/nxt/crypto/Curve25519.java fix is still not there) (below is only a piece, full post here: https://bitcointalk.org/index.php?topic=397183.msg4645132#msg4645132) There is only one method left, that is Curve25519.sign(), so the bug must inside that method. Let's take a look at it. It calculates (x-h)*s mod q. Looks legit? Not! If x<h then x-h is negativ! That's not going to work. (x-h)*s will be negativ too (remember: s is positiv) and the mod q reduction will not return the desired value. We have to take care of the case x<h. I think the easiest way is to reduce the x and h mod q in the beginning. Only then you can test for a negativ result by looking at the highest bit and, in case it is set, add q to the result making it positive (If you don't reduce x and h mod q then you can't use mula_small because you can't test the result by looking at the highest bit). So the new method Curve25519.sign() should look like this: private static final void reduce(byte[] x) {
byte[] tmp=new byte[32];
divmod(tmp, x, 32, ORDER, 32);
if ((x[31] & 0x80) != 0)
{
// x is negativ, add q to it
mula_small(x, x , 0, ORDER, 32, 1);
}
}
public static final boolean sign(byte[] v, byte[] h, byte[] x, byte[] s) {
// v = (x - h) s mod q
int w, i;
byte[] h1 = new byte[32], x1 = new byte[32];
byte[] tmp1 = new byte[64];
byte[] tmp2 = new byte[64];
// Don't clobber the arguments, be nice!
cpy32(h1, h);
cpy32(x1, x);
// Reduce modulo group order
reduce(h1);
reduce(x1);
// v = x1 - h1
// If v is negative, add the group order to it to become positiv.
mula_small(v, x1, 0, h1, 32, -1);
if ((v[31] & 0x80) != 0)
{
mula_small(v, v , 0, ORDER, 32, 1);
}
// tmp1 = (x-h)*s mod q
mula32(tmp1, v, s, 32, 1);
divmod(tmp2, tmp1, 64, ORDER, 32);
for (w = 0, i = 0; i < 32; i++)
w |= v[i] = tmp1[i];
return w != 0;
}
I have tested the new sign() method with 10000 random pass phrases and messages and the verification has not failed a single time! The bug I found is not the last flaw but nevertheless it is an anoying bug making verify() fail sometimes. What is the impact if this is changed? Will some folks lose access to their accounts? |
|
|
|
|
EvilDave
|
|
February 07, 2014, 06:51:16 PM |
|
Although the Nxt Asset Exchange will be a useful addition I think that we are missing something that could be much more useful (and perhaps a "killer" addition) and that is "atomic cross-chain crypto-currency transfers" (some of you would recall I've already mentioned it). As far as I can tell no-one has actually built such a system and also so far I can't even tell if such a transfer using TierNolan's approach ( https://en.bitcoin.it/wiki/Atomic_cross-chain_trading) has ever actually been tested (if anyone has a link that shows such a transaction having taken place then I'd be very interested to see it). IMO this would really be a "game changer" as it could allow people to trade crypto's directly without an exchange and without risk (beyond having to wait for the "refund" problem that is necessary for TierNolan's solution in case the trade doesn't get finalised). It wouldn't work fast enough to do "day trading" but for those not in a huge rush the promise of 100% secure transactions with only minimal blockchain fees would be pretty appealing. What do you guys think? Good idea, also for marketing. Don't know how this would work though Are smart people besides CIYAM thinking about it? Isn't Xio's idea somewhere in the same area? Everyone feel free to donate to my account to help fund something not yet seen in the world of Nxt that will help people get in touch with ease.
Yes, I am pretty much a stranger here.
Yes, I am quite serious.
In the unlikely event that nothing useful (product launch) will come out of this until February 28, I'll send any donation back to the donor, minus transaction fee matching the fee paid in the originating transaction.
Thank you for listening and keep up all the great efforts!
Well, a little disappointing that the interest seems to be close to none. I guess that's my own fault, though. If you are curious what I want to do and why donating makes sense:I want to create a person-to-person exchange for NXT, similar to the functionality of LocalBitcoins.com, providing a secure and easy way to trade NXT (for fiat). In case you have any wishes or suggestions on how you would want to use it and what to expect from such a service, please let me know. Also, I remember there being at least one bounty offered for accomplishing this task. Are these offers still valid? Of course the idea itself is interesting enough to invest effort and time, yet neither infrastructure is for free nor do my living expenses pay for themselves once I go full time on this project. |
|
|
|
xyzzyx
Sr. Member
Offline
Activity: 490
Merit: 250
I don't really come from outer space.
|
|
February 07, 2014, 06:52:18 PM |
|
What is the impact if this is changed? Will some folks lose access to their accounts?
No. It has to do with generating blocks. You should change it in your fork of Nxt. It would be good.No, nevermind. I shouldn't tease you. |
"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
|
|
|
|
swartzfeger
|
|
February 07, 2014, 06:52:23 PM |
|
NxtMac 0.22 out: http://nxtra.org/macIncludes 0.6.1 by default and updating to 0.7e works correctly. When I check for updates it says I'm running the newest version (0.6.1)... how do I update to 0.7.0e? Go to the NxtMac > preferences menu and enable "download beta updates". Then NxtMac > check for updates. The blockchain will have to be redownloaded as it's going to be saved in a database. Downloaded and updated. Donation sent  |
|
|
|
|
msin
Legendary
Offline
Activity: 1470
Merit: 1004
|
|
February 07, 2014, 06:53:02 PM |
|
Do we have a thread for those who deserve Dev Bounties from unclaimed Nxt? I recommend the following allocation for dev:
QBTC (nxtcrypto) - 100k
Passion_LTC (Nxtvote, Nxtion, etc) - 150k
l8oore (asset exchange) - 200k
We can add to these amounts in the future for ongoing projects.
Also, should I even bother with the crypto algo review? Sounds like Jesse James can help us with that. On that note I recommend a 250k bounty for Jesse James from unclaimed dev Nxt. If we still want a crypto review, I can use 10 BTC from my own wallet, but I need a very clear and concise response on what we specifically need from someone reviewing the algo.
very generous thank you msin! Pin, can you start a poll for sending unclaimed Nxt to the people above? |
|
|
|
|
|
Eadeqa
|
|
February 07, 2014, 06:53:07 PM |
|
Critical bug disclosureFew days ago the guy who found a vulnerability in Blockchain.Info and picked the secret phrase of Nxt genesis account found a security flaw in NRS cryptographic algorithm. Can someone explain how he found out the passphrase of the genesis account? "It was a bright cold day in April, and the clocks were striking thirteen." It has 14 words and some punctuation. Ignoring the punctuation and using a simple 2000 words long dictionary (and this is tiny! There are 1013913 words in the English language) we get 2000^14 possible passphrases, or about 10^46 possibilities, if we go by characters from the alphabet, it has 26^72 ~ 10^101 possibilities. A password written in base 58 and 26 characters long is also about 10^46 possibilities. In comparison, a random 8 character long password takes 3 hours to crack on a desktop pc. 9 char -> 3days, 10 char -> 1 year, 11 char -> 48 years. 26 char -> An octillion years. Now it is a given that the entropy of a random password is much higher than that of a phrase from a novel, but I still can't see how he could crack the passphrase unless the entire thing was already in his dictionary! Let's not forget he was using a python script which is notably slow! Google for "It was a bright cold day in April, and the clocks were striking thirteen" (with quotes) shows 506,000 results https://www.google.com/search?num=100&newwindow=1&rlz=1C1CHMO_enUS560US560&espv=210&es_sm=122&q=%22It+was+a+bright+cold+day+in+April%2C+and+the+clocks+were+striking+thirteen%22&oq=%22It+was+a+bright+cold+day+in+April%2C+and+the+clocks+were+striking+thirteen%22&gs_l=serp.12..0i7i30l3j0j0i30l4j0i8i30j0i30.4660.4660.0.6104.1.1.0.0.0.0.93.93.1.1.0....0...1c.1.34.serp..0.1.93.GxjJ0e2D-xwso it wasn't a random collection of words, but well known phrase. First sentence from George Orwell's book http://ebooks.adelaide.edu.au/o/orwell/george/o79n/chapter1.1.html |
|
|
|
gimre
Legendary
Offline
Activity: 866
Merit: 1002
|
|
February 07, 2014, 06:56:40 PM |
|
What is the impact if this is changed? Will some folks lose access to their accounts?
U mad bro? read full post FUD generator. |
|
|
|
|
EvilDave
|
|
February 07, 2014, 06:59:31 PM |
|
What is the impact if this is changed? Will some folks lose access to their accounts?
No. It has to do with generating blocks. You should change it in your fork of Nxt. It would be good.No, nevermind. I shouldn't tease you. Hey, the FCs have managed to change some of the colours on their nex client. The black top bar on NXT is now orange in nex. Big improvement, must invest. @FC (or anyone who knows) wtf is a GHOST protocol ? Or an OldBlue specification ? Just curious.... |
|
|
|
|
