NXT :: descendant of Bitcoin - Updated Information

[Anon136]

if you just reduce the cost of forging down to ~0 than the low incentive wont matter. thats the point im trying to make. of course this can only come with time as third party developers make better client applications but this is what we should be focusing on. not pooled mining.

Good idea. As I wrote on Twitter, Pooled Forging may be added, not is being added.

good to hear. i think pools are a big weakness in bitcoin and the absence of them in nxt will be one of the key arguments in the case for why nxt is the next generation crypto. And the beauty of forging instead of mining is that at some point in the future, with the right apps/hardware devices reducing the barriers to entry to forging to ~0, we could end up with ~100% participation rate even without pools. This is a HUGE selling point because pools kill decentralization.

[mr_random]

offline mining of all NXT accounts in parallel
problem gets worse the more NXT accounts there are
this attracts more hackers the more NXT is worth
This will create an equilibrium effect like a boat anchor to a hot air balloon. The more NXT succeeds, the more it will be hacked.

CfB, tell me there is a solution that is more effective than the user needs to not be unlucky

James

If they can do this with NXT why can't they do it with Bitcoin?

[BitAddict]

if you just reduce the cost of forging down to ~0 than the low incentive wont matter. thats the point im trying to make. of course this can only come with time as third party developers make better client applications but this is what we should be focusing on. not pooled mining.

Good idea. As I wrote on Twitter, Pooled Forging may be added, not is being added.

good to hear. i think pools are a big weakness in bitcoin and the absence of them in nxt will be one of the key arguments in the case for why nxt is the next generation crypto. And the beauty of forging instead of mining is that at some point in the future, with the right apps/hardware devices reducing the barriers to entry to forging to ~0, we could end up with ~100% participation rate even without pools. This is a HUGE selling point because pools kill decentralization.

+1

[PaulyC]

just wanted to add. this is found for the recipient's address in google cached view of the NXT blockchain.
16204974692852323982

not that it will help me get my NXT back I'm sure..
real lame, how my PW was cracked is beyond me.. really.

http://webcache.googleusercontent.com/search?q=cache:xOs0TPi1UPcJ:87.230.14.1/nxt/nxt.cgi%3Faction%3D3000%26acc%3D3727742886551973110+&cd=2&hl=en&ct=clnk&gl=us

if it's a thief, then there are more thefts:
http://22k.io/-account/16204974692852323982

Had to try and get a couple hours sleep.. Ok so I know I seem like small potatoes after someone says they lost more than me this morning...

But can someone please actually try and help instead of calling my loss...tricks or a bad pr scheme??

How am I this guy's big catch?..
16204974692852323982

Why hasn't he tried to get rid of the NXT from this account? wouldn't a hacker do that?
Is there anyway to stop this person from selling my NXT (that they stole from me the 7808 transaction) on Dgex.com? Put a block on it? Send it back to me!!?

Finally, I know this is decentralized.. so it would be difficult to have a two factor auth. system as some as suggested, but I can't emphasize enough
that I had a 35 Char totally random, Uppers, Lowers, #'s, entire keyboard etc. style pass, never put it out in the open (never went into my client except locally,
never used my PW somewhere else, mistakenly, etc..)

Believe me.. I'm trying to figure it out myself!..

I almost feel like this had something to do with a glitch or a fork in the blockchain? something, believe me.. I woulda slept a lot better had it just been something as simple as... "oh I put my PW out there, dumb of me".. but I really didn't and I can't figure out how it was taken..

In the end, i know it's gone and it was stolen, I know it's not much, but it was my entire lot, and I haven't sold
or given any coins to anyone, etc. only to another client of mine to get a 1 NXT confirmation etc.

[Come-from-Beyond]

CfB, tell me there is a solution that is more effective than the user needs to not be unlucky

Use 30+ random passwords and u'll be fine. Noone is able to pick such passwords.

[Come-from-Beyond]

How am I this guy's big catch?..
16204974692852323982

Tell us ur password.

[EvilDave]

offline mining of all NXT accounts in parallel
problem gets worse the more NXT accounts there are
this attracts more hackers the more NXT is worth
This will create an equilibrium effect like a boat anchor to a hot air balloon. The more NXT succeeds, the more it will be hacked.

CfB, tell me there is a solution that is more effective than the user needs to not be unlucky

James

If they can do this with NXT why can't they do it with Bitcoin?

Need to have access to your wallet.dat file to attack it.

Correct me if I'm wrong, but all account numbers and passwords are encoded into the NXT blockchain, and it is this that is being brute forced, if there really is an attack.

[PaulyC]

Edit @ CfB

How am I this guy's big catch?..
16204974692852323982

Tell us ur password.

My account # is
16821029889165561706

That account is the guy who stole it from me.
1/1/2014 4:04:50 AM      16204974692852323982

I at this point have very little need so I could give it (to be honest being asked it seems crazy to me)
BUT, as i asked earlier, don't I still own my twelve or so Aliases? They're still in there..
Can I transfer them? before I give my PW I'd like to know that. thanks.

[relm9]

offline mining of all NXT accounts in parallel
problem gets worse the more NXT accounts there are
this attracts more hackers the more NXT is worth
This will create an equilibrium effect like a boat anchor to a hot air balloon. The more NXT succeeds, the more it will be hacked.

CfB, tell me there is a solution that is more effective than the user needs to not be unlucky

James

If they can do this with NXT why can't they do it with Bitcoin?

Need to have access to your wallet.dat file to attack it.

Correct me if I'm wrong, but all account numbers and passwords are encoded into the NXT blockchain, and it is this that is being brute forced, if there really is an attack.

Don't need wallet.dat, someone could try brute forcing the private key of any given address. Statistically it's near impossible to brute force though.

NXT should just generate the passphrase itself, don't give the user an option to enter one - user generated passphrases are always going to be less secure than a truly random one.

[laowai80]

NXT should just generate the passphrase itself, don't give the user an option to enter one - user generated passphrases are always going to be less secure than a truly random one.

Yeah, and print 'if you don't use this random pass phrase you can be hacked' message.
Won't save from key-loggers though.

[BitAddict]

offline mining of all NXT accounts in parallel
problem gets worse the more NXT accounts there are
this attracts more hackers the more NXT is worth
This will create an equilibrium effect like a boat anchor to a hot air balloon. The more NXT succeeds, the more it will be hacked.

CfB, tell me there is a solution that is more effective than the user needs to not be unlucky

James

If they can do this with NXT why can't they do it with Bitcoin?

Need to have access to your wallet.dat file to attack it.

Correct me if I'm wrong, but all account numbers and passwords are encoded into the NXT blockchain, and it is this that is being brute forced, if there really is an attack.

Don't need wallet.dat, someone could try brute forcing the private key of any given address. Statistically it's near impossible to brute force though.

NXT should just generate the passphrase itself, don't give the user an option to enter one - user generated passphrases are always going to be less secure than a truly random one.

Or not allowing to create accounts without secure password. For example you can't create one account with less than 40 random characters.

[Come-from-Beyond]

Edit @ CfB

How am I this guy's big catch?..
16204974692852323982

Tell us ur password.

My account # is
16821029889165561706

That account is the guy who stole it from me.
1/1/2014 4:04:50 AM      16204974692852323982

I at this point have very little need so I could give it (to be honest being asked it seems crazy to me)
BUT, as i asked earlier, don't I still own my twelve or so Aliases? They're still in there..
Can I transfer them? before I give my PW I'd like to know that. thanks.

U can't transfer aliases, but the hacker already has access to ur account so u can reveal ur password, this will change nothing.

[PaulyC]

@Cfb

Good point, is it the consensus of the forum folk, I should do this? haha

sorry seems crazy but everything I said is true, so i have nothing to hide.

I'm just thinking what if someday say someone develops a way and people agree aliases should be transferable, and the hacker just happens
to be sleeping when it is announced, and I'm able to transfer my aliases!? just wondering.? hope hope.

[laowai80]

CfB,

so how many times larger should the network be than what it is now, in your opinion?
At least some numbers would be great.
Of course, it's the larger the better, but still?

[laowai80]

@Cfb

Good point, is it the consensus of the forum folk, I should do this? haha

sorry seems crazy but everything I said is true, so i have nothing to hide.

I'm just thinking what if someday say someone develops a way and people agree aliases should be transferable, and the hacker just happens
to be sleeping when it is announced, and I'm able to transfer my aliases!? just wondering.? hope hope.

I would say, the future policy on hack claims should be:

No password revealed = no hack happened.

Everyone can say they were hacked, prove it.

Otherwise, hundreds of black PR artists all could claim they were hacked and post some obscure transaction.

[Come-from-Beyond]

@Cfb

Good point, is it the consensus of the forum folk, I should do this? haha

sorry seems crazy but everything I said is true, so i have nothing to hide.

I'm just thinking what if someday say someone develops a way and people agree aliases should be transferable, and the hacker just happens
to be sleeping when it is announced, and I'm able to transfer my aliases!? just wondering.? hope hope.

Password or this didn't happen.

[Come-from-Beyond]

CfB,

so how many times larger should the network be than what it is now, in your opinion?
At least some numbers would be great.
Of course, it's the larger the better, but still?

We should be ready for legit DDoS attack when millions newcomers want to try new features... No idea about numbers.

[laowai80]

We should be ready for legit DDoS attack when millions newcomers want to try new features... No idea about numbers.

What's a legit DDoS attack? You mean newcomers doing something legit all at the same time and overloading the network?

Or hackers DDoSing the network when newcomers try new features to show NXT in unfavorable light?

[BitAddict]

We should be ready for legit DDoS attack when millions newcomers want to try new features... No idea about numbers.

What's a legit DDoS attack? You mean newcomers doing something legit all at the same time and overloading the network?

Or hackers DDoSing the network when newcomers try new features to show NXT in unfavorable light?

Both things will happen at the same time.

[xyzzyx]

Password or this didn't happen.

One of my accounts was hacked: 2980315497189667873

Totally, absolutely, cross-my-fingers randomly generated password: boobs

Of course, I think it is hilarious he had to send in 1 NXT to spend the 1 NXT that was there.  I was saving that to register the alias 2girls1cup.

Edit: all joking aside, a great article, one which opened my eyes, is How the Bible and YouTube are fueling the next frontier of password cracking at Ars Technica